Merged BRANCHES/V2.2 to BRANCHES/V2.3:

109406: RM-2271 - added the job lock refresh mechanism so that for long running jobs that exceed the locks TTL the lock will be refreshed. 109401: RM-2391 - Added capability checking to the AuditLog Get REST API. Added a unit test. Minor changes on the Share side to forward the forbidden status. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.3@110464 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2015-08-19 14:08:27 +00:00
parent e68704aee1 f0758989f4
commit cb81b00beb
5 changed files with 162 additions and 7 deletions
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java
@@ -18,8 +18,11 @@
 */
 package org.alfresco.module.org_alfresco_module_rm.job;

+import java.util.concurrent.atomic.AtomicBoolean;
+
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.repo.lock.JobLockService;
+import org.alfresco.repo.lock.JobLockService.JobLockRefreshCallback;
 import org.alfresco.repo.lock.LockAcquisitionException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
@@ -41,7 +44,7 @@ import org.quartz.JobExecutionException;
 */
 public class RecordsManagementJob implements Job
 {
-	private static Log logger = LogFactory.getLog(RecordsManagementJob.class);
+    private static Log logger = LogFactory.getLog(RecordsManagementJob.class);

    private static final long DEFAULT_TIME = 30000L;

@@ -55,6 +58,24 @@ public class RecordsManagementJob implements Job
    {
        return QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, jobName);
    }
+    
+    private class LockCallback implements JobLockRefreshCallback
+    {
+        final AtomicBoolean running = new AtomicBoolean(true);
+        
+        @Override
+        public boolean isActive()
+        {
+            return running.get();
+        }
+        
+        @Override
+        public void lockReleased()
+        {
+            running.set(false);
+        }
+    }
+

    /**
     * Attempts to get the lock.  If the lock couldn't be taken, then <tt>null</tt> is returned.
@@ -97,6 +118,7 @@ public class RecordsManagementJob implements Job
            throw new AlfrescoRuntimeException("Job name has not been specified.");
        }

+        final LockCallback lockCallback = new LockCallback();
        AuthenticationUtil.runAs(new RunAsWork<Void>()
        {
            public Void doWork()
@@ -107,15 +129,17 @@ public class RecordsManagementJob implements Job
                {
                    try
                    {
+                        jobLockService.refreshLock(lockToken, getLockQName(), DEFAULT_TIME, lockCallback);
                        // do work
                        jobExecuter.execute();
                    }
                    finally
                    {
-                    	try
-                    	{
-                    		jobLockService.releaseLock(lockToken, getLockQName());
-                    	}
+                        try
+                        {
+                            lockCallback.running.set(false);
+                            jobLockService.releaseLock(lockToken, getLockQName());
+                        }
                        catch (LockAcquisitionException e)
                        {
                            // Ignore
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/AuditLogGet.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/AuditLogGet.java
@@ -21,9 +21,17 @@ package org.alfresco.module.org_alfresco_module_rm.script;
 import java.io.File;
 import java.io.IOException;

+import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditQueryParameters;
+import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService.ReportFormat;
+import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
+import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.repo.web.scripts.content.ContentStreamer;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.springframework.extensions.webscripts.Status;
+import org.springframework.extensions.webscripts.WebScriptException;
 import org.springframework.extensions.webscripts.WebScriptRequest;
 import org.springframework.extensions.webscripts.WebScriptResponse;

@@ -39,9 +47,16 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
    private static Log logger = LogFactory.getLog(AuditLogGet.class);

    private static final String PARAM_EXPORT = "export";
+    private static final String ACCESS_AUDIT_CAPABILITY = "AccessAudit";

    /** Content Streamer */
    protected ContentStreamer contentStreamer;
+    
+    /** Capability service */
+    protected CapabilityService capabilityService;
+
+    /** File plan service */
+    protected FilePlanService filePlanService;

    /**
     * @param contentStreamer
@@ -50,6 +65,24 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
    {
        this.contentStreamer = contentStreamer;
    }
+    
+    /**
+     * 
+     * @param capabilityService Capability Service
+     */
+    public void setCapabilityService(CapabilityService capabilityService)
+    {
+        this.capabilityService = capabilityService;
+    }
+    
+    /**
+     * 
+     * @param capabilityService Capability Service
+     */
+    public void setFilePlanService(FilePlanService filePlanService)
+    {
+        this.filePlanService = filePlanService;
+    }

    @Override
    public void execute(WebScriptRequest req, WebScriptResponse res) throws IOException
@@ -58,8 +91,16 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript

        try
        {
+            
+            RecordsManagementAuditQueryParameters queryParams = parseQueryParameters(req);
+            ReportFormat reportFormat = parseReportFormat(req);
+
+            if( !userCanAccessAudit(queryParams) )
+            {
+                throw new WebScriptException(Status.STATUS_FORBIDDEN, "Access denied because the user does not have the Access Audit capability");
+            }
            // parse the parameters and get a file containing the audit trail
-            auditTrail = this.rmAuditService.getAuditTrailFile(parseQueryParameters(req), parseReportFormat(req));
+            auditTrail = this.rmAuditService.getAuditTrailFile(queryParams, reportFormat);

            if (logger.isDebugEnabled())
            {
@@ -101,4 +142,15 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
            }
        }
    }
+
+    private boolean userCanAccessAudit(RecordsManagementAuditQueryParameters queryParams) 
+    {
+        NodeRef targetNode = queryParams.getNodeRef();
+        if( targetNode == null )
+        {
+            targetNode = filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID);
+        }
+        return AccessStatus.ALLOWED.equals(
+                capabilityService.getCapabilityAccessState(targetNode, ACCESS_AUDIT_CAPABILITY));
+    }
 }