inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-3963: prevent POST request directly in RM site node

Browse Source
This commit is contained in:
Silviu Dinuta
2016-10-25 09:47:01 +03:00
parent c3dda4e4bc
commit ca416fd603
5 changed files with 45 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rm-community/rm-community-repo/config/alfresco/module/org_alfresco_module_rm/rm-public-rest-context.xml
View File

@@ -31,7 +31,7 @@
<bean id="rm.Nodes" class="org.springframework.aop.framework.ProxyFactoryBean"> <bean id="rm.Nodes" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces"> <property name="proxyInterfaces">
<value>org.alfresco.rest.api.Nodes</value> <value>org.alfresco.rm.rest.api.RMNodes</value>
</property> </property>
<property name="target"> <property name="target">
<ref bean="rm.nodes" /> <ref bean="rm.nodes" />

8
rm-community/rm-community-repo/source/java/org/alfresco/rm/rest/api/RMNodes.java
View File

@@ -40,4 +40,12 @@ public interface RMNodes extends Nodes
String PARAM_INCLUDE_HAS_RETENTION_SCHEDULE = "hasRetentionSchedule"; String PARAM_INCLUDE_HAS_RETENTION_SCHEDULE = "hasRetentionSchedule";
String PARAM_INCLUDE_IS_CLOSED = "isClosed"; String PARAM_INCLUDE_IS_CLOSED = "isClosed";
String PARAM_INCLUDE_IS_COMPLETED = "isCompleted"; String PARAM_INCLUDE_IS_COMPLETED = "isCompleted";
/**
* Identifies if one node is RM site node.
*
* @param nodeId
* @return
*/
boolean isRMSite(String nodeId);
} }

27
rm-community/rm-community-repo/source/java/org/alfresco/rm/rest/api/impl/RMNodesImpl.java
View File

@@ -60,6 +60,8 @@ import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.alfresco.util.Pair; import org.alfresco.util.Pair;
@@ -89,6 +91,7 @@ public class RMNodesImpl extends NodesImpl implements RMNodes
private Repository repositoryHelper; private Repository repositoryHelper;
private DictionaryService dictionaryService; private DictionaryService dictionaryService;
private DispositionService dispositionService; private DispositionService dispositionService;
private SiteService siteService;
/** /**
* TODO to remove this after isSpecialNode is made protected in core implementation * TODO to remove this after isSpecialNode is made protected in core implementation
@@ -100,6 +103,7 @@ public class RMNodesImpl extends NodesImpl implements RMNodes
this.nodeService = serviceRegistry.getNodeService(); this.nodeService = serviceRegistry.getNodeService();
this.dictionaryService = serviceRegistry.getDictionaryService(); this.dictionaryService = serviceRegistry.getDictionaryService();
this.dispositionService = serviceRegistry.getDispositionService(); this.dispositionService = serviceRegistry.getDispositionService();
this.siteService = serviceRegistry.getSiteService();
} }
public void setRecordsManagementServiceRegistry(RecordsManagementServiceRegistry serviceRegistry) public void setRecordsManagementServiceRegistry(RecordsManagementServiceRegistry serviceRegistry)
@@ -367,12 +371,6 @@ public class RMNodesImpl extends NodesImpl implements RMNodes
private boolean isCoreSpecialNode(NodeRef nodeRef, QName type) private boolean isCoreSpecialNode(NodeRef nodeRef, QName type)
{ {
// Check for Company Home, Sites and Data Dictionary (note: must be tenant-aware) // Check for Company Home, Sites and Data Dictionary (note: must be tenant-aware)
NodeRef filePlan = filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID);
if(filePlan != null)
{
}
if (nodeRef.equals(repositoryHelper.getCompanyHome())) if (nodeRef.equals(repositoryHelper.getCompanyHome()))
{ {
return true; return true;
@@ -425,4 +423,21 @@ public class RMNodesImpl extends NodesImpl implements RMNodes
} }
super.deleteNode(nodeId, parameters); super.deleteNode(nodeId, parameters);
} }
@Override
public boolean isRMSite(String nodeId)
{
NodeRef nodeRef = validateOrLookupNode(nodeId, null);
SiteInfo siteInfo = siteService.getSite(FilePlanService.DEFAULT_RM_SITE_ID);
if(siteInfo !=null)
{
NodeRef rmNodeRef = siteInfo.getNodeRef();
if(rmNodeRef.equals(nodeRef))
{
return true;
}
}
return false;
}
} }

15
rm-community/rm-community-repo/source/java/org/alfresco/rm/rest/api/nodes/FileplanComponentChildrenRelation.java
View File

@@ -30,14 +30,15 @@ package org.alfresco.rm.rest.api.nodes;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import org.alfresco.rest.api.Nodes;
import org.alfresco.rest.api.model.Node; import org.alfresco.rest.api.model.Node;
import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
import org.alfresco.rest.framework.resource.RelationshipResource; import org.alfresco.rest.framework.resource.RelationshipResource;
import org.alfresco.rest.framework.resource.actions.interfaces.MultiPartRelationshipResourceAction; import org.alfresco.rest.framework.resource.actions.interfaces.MultiPartRelationshipResourceAction;
import org.alfresco.rest.framework.resource.actions.interfaces.RelationshipResourceAction; import org.alfresco.rest.framework.resource.actions.interfaces.RelationshipResourceAction;
import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo; import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo;
import org.alfresco.rest.framework.resource.parameters.Parameters; import org.alfresco.rest.framework.resource.parameters.Parameters;
import org.alfresco.rest.framework.webscripts.WithResponse; import org.alfresco.rest.framework.webscripts.WithResponse;
import org.alfresco.rm.rest.api.RMNodes;
import org.springframework.extensions.webscripts.servlet.FormData; import org.springframework.extensions.webscripts.servlet.FormData;
/** /**
@@ -51,9 +52,9 @@ public class FileplanComponentChildrenRelation implements RelationshipResourceAc
RelationshipResourceAction.Create<Node>, RelationshipResourceAction.Create<Node>,
MultiPartRelationshipResourceAction.Create<Node> MultiPartRelationshipResourceAction.Create<Node>
{ {
private Nodes nodes; private RMNodes nodes;
public void setNodes(Nodes nodes) public void setNodes(RMNodes nodes)
{ {
this.nodes = nodes; this.nodes = nodes;
} }
@@ -67,6 +68,10 @@ public class FileplanComponentChildrenRelation implements RelationshipResourceAc
@Override @Override
public List<Node> create(String parentFolderNodeId, List<Node> nodeInfos, Parameters parameters) public List<Node> create(String parentFolderNodeId, List<Node> nodeInfos, Parameters parameters)
{ {
if(nodes.isRMSite(parentFolderNodeId))
{
throw new PermissionDeniedException("POST request not allowed in RM site.");
}
List<Node> result = new ArrayList<>(nodeInfos.size()); List<Node> result = new ArrayList<>(nodeInfos.size());
for (Node nodeInfo : nodeInfos) for (Node nodeInfo : nodeInfos)
@@ -80,6 +85,10 @@ public class FileplanComponentChildrenRelation implements RelationshipResourceAc
@Override @Override
public Node create(String parentFolderNodeId, FormData formData, Parameters parameters, WithResponse withResponse) public Node create(String parentFolderNodeId, FormData formData, Parameters parameters, WithResponse withResponse)
{ {
if(nodes.isRMSite(parentFolderNodeId))
{
throw new PermissionDeniedException("POST request not allowed in RM site.");
}
return nodes.upload(parentFolderNodeId, formData, parameters); return nodes.upload(parentFolderNodeId, formData, parameters);
} }
} }

6
rm-community/rm-community-repo/source/java/org/alfresco/rm/rest/api/nodes/FileplanComponentsEntityResource.java
View File

@@ -27,13 +27,13 @@
package org.alfresco.rm.rest.api.nodes; package org.alfresco.rm.rest.api.nodes;
import org.alfresco.rest.api.Nodes;
import org.alfresco.rest.api.model.Node; import org.alfresco.rest.api.model.Node;
import org.alfresco.rest.framework.WebApiDescription; import org.alfresco.rest.framework.WebApiDescription;
import org.alfresco.rest.framework.WebApiParam; import org.alfresco.rest.framework.WebApiParam;
import org.alfresco.rest.framework.resource.EntityResource; import org.alfresco.rest.framework.resource.EntityResource;
import org.alfresco.rest.framework.resource.actions.interfaces.EntityResourceAction; import org.alfresco.rest.framework.resource.actions.interfaces.EntityResourceAction;
import org.alfresco.rest.framework.resource.parameters.Parameters; import org.alfresco.rest.framework.resource.parameters.Parameters;
import org.alfresco.rm.rest.api.RMNodes;
/** /**
* Fileplan component children * Fileplan component children
@@ -47,9 +47,9 @@ public class FileplanComponentsEntityResource implements
EntityResourceAction.Delete, EntityResourceAction.Delete,
EntityResourceAction.Update<Node> EntityResourceAction.Update<Node>
{ {
private Nodes nodes; private RMNodes nodes;
public void setNodes(Nodes nodes) public void setNodes(RMNodes nodes)
{ {
this.nodes = nodes; this.nodes = nodes;
} }