inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged BRANCHES/V2.2 to BRANCHES/V2.3:

Browse Source 
109406: RM-2271 - added the job lock refresh mechanism so that for long running jobs that exceed the locks TTL the lock will be refreshed.
   109401: RM-2391 - Added capability checking to the AuditLog Get REST API. Added a unit test. Minor changes on the Share side to forward the forbidden status.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.3@110464 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alexandru Balan
2015-08-19 14:08:27 +00:00
parent e68704aee1 f0758989f4
commit cb81b00beb
5 changed files with 162 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-webscript-context.xml
View File

@@ -535,6 +535,8 @@
<property name="recordsManagementAuditService" ref="RecordsManagementAuditService"/>
<property name="contentStreamer" ref="webscript.content.streamer" />
<property name="namespaceService" ref="namespaceService" />
<property name="capabilityService" ref="CapabilityService" />
<property name="filePlanService" ref="FilePlanService" />
</bean>
<!-- REST impl for GET Class Definitions for RM/DM -->

34
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/job/RecordsManagementJob.java
View File

@@ -18,8 +18,11 @@
*/
package org.alfresco.module.org_alfresco_module_rm.job;
import java.util.concurrent.atomic.AtomicBoolean;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.repo.lock.JobLockService;
import org.alfresco.repo.lock.JobLockService.JobLockRefreshCallback;
import org.alfresco.repo.lock.LockAcquisitionException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
@@ -41,7 +44,7 @@ import org.quartz.JobExecutionException;
*/
public class RecordsManagementJob implements Job
{
private static Log logger = LogFactory.getLog(RecordsManagementJob.class);
private static Log logger = LogFactory.getLog(RecordsManagementJob.class);
private static final long DEFAULT_TIME = 30000L;
@@ -55,6 +58,24 @@ public class RecordsManagementJob implements Job
{
return QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, jobName);
}
private class LockCallback implements JobLockRefreshCallback
{
final AtomicBoolean running = new AtomicBoolean(true);
@Override
public boolean isActive()
{
return running.get();
}
@Override
public void lockReleased()
{
running.set(false);
}
}
/**
* Attempts to get the lock. If the lock couldn't be taken, then <tt>null</tt> is returned.
@@ -97,6 +118,7 @@ public class RecordsManagementJob implements Job
throw new AlfrescoRuntimeException("Job name has not been specified.");
}
final LockCallback lockCallback = new LockCallback();
AuthenticationUtil.runAs(new RunAsWork<Void>()
{
public Void doWork()
@@ -107,15 +129,17 @@ public class RecordsManagementJob implements Job
{
try
{
jobLockService.refreshLock(lockToken, getLockQName(), DEFAULT_TIME, lockCallback);
// do work
jobExecuter.execute();
}
finally
{
try
{
jobLockService.releaseLock(lockToken, getLockQName());
}
try
{
lockCallback.running.set(false);
jobLockService.releaseLock(lockToken, getLockQName());
}
catch (LockAcquisitionException e)
{
// Ignore

54
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/AuditLogGet.java
View File

@@ -21,9 +21,17 @@ package org.alfresco.module.org_alfresco_module_rm.script;
import java.io.File;
import java.io.IOException;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditQueryParameters;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService.ReportFormat;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.repo.web.scripts.content.ContentStreamer;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.WebScriptResponse;
@@ -39,9 +47,16 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
private static Log logger = LogFactory.getLog(AuditLogGet.class);
private static final String PARAM_EXPORT = "export";
private static final String ACCESS_AUDIT_CAPABILITY = "AccessAudit";
/** Content Streamer */
protected ContentStreamer contentStreamer;
/** Capability service */
protected CapabilityService capabilityService;
/** File plan service */
protected FilePlanService filePlanService;
/**
* @param contentStreamer
@@ -50,6 +65,24 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
{
this.contentStreamer = contentStreamer;
}
/**
*
* @param capabilityService Capability Service
*/
public void setCapabilityService(CapabilityService capabilityService)
{
this.capabilityService = capabilityService;
}
/**
*
* @param capabilityService Capability Service
*/
public void setFilePlanService(FilePlanService filePlanService)
{
this.filePlanService = filePlanService;
}
@Override
public void execute(WebScriptRequest req, WebScriptResponse res) throws IOException
@@ -58,8 +91,16 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
try
{
RecordsManagementAuditQueryParameters queryParams = parseQueryParameters(req);
ReportFormat reportFormat = parseReportFormat(req);
if( !userCanAccessAudit(queryParams) )
{
throw new WebScriptException(Status.STATUS_FORBIDDEN, "Access denied because the user does not have the Access Audit capability");
}
// parse the parameters and get a file containing the audit trail
auditTrail = this.rmAuditService.getAuditTrailFile(parseQueryParameters(req), parseReportFormat(req));
auditTrail = this.rmAuditService.getAuditTrailFile(queryParams, reportFormat);
if (logger.isDebugEnabled())
{
@@ -101,4 +142,15 @@ public class AuditLogGet extends BaseAuditRetrievalWebScript
}
}
}
private boolean userCanAccessAudit(RecordsManagementAuditQueryParameters queryParams)
{
NodeRef targetNode = queryParams.getNodeRef();
if( targetNode == null )
{
targetNode = filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID);
}
return AccessStatus.ALLOWED.equals(
capabilityService.getCapabilityAccessState(targetNode, ACCESS_AUDIT_CAPABILITY));
}
}

72
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/legacy/webscript/AuditRestApiTest.java Normal file
View File

@@ -0,0 +1,72 @@
package org.alfresco.module.org_alfresco_module_rm.test.legacy.webscript;
import java.io.IOException;
import java.text.MessageFormat;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMWebScriptTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.GUID;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.TestWebScriptServer.GetRequest;
public class AuditRestApiTest extends BaseRMWebScriptTestCase
{
/** URL for the REST APIs */
protected static final String GET_NODE_AUDITLOG_URL_FORMAT = "/api/node/{0}/rmauditlog";
private static final String USER_WITHOUT_AUDIT_CAPABILITY = GUID.generate();
private NodeRef record;
public void testAuditAccessCapability() throws IOException
{
String recordAuditUrl = MessageFormat.format(GET_NODE_AUDITLOG_URL_FORMAT,record.toString().replace("://", "/"));
sendRequest(new GetRequest(recordAuditUrl), Status.STATUS_OK, AuthenticationUtil.getAdminUserName() );
sendRequest(new GetRequest(recordAuditUrl), Status.STATUS_FORBIDDEN, USER_WITHOUT_AUDIT_CAPABILITY );
}
@Override
protected void setupTestData()
{
super.setupTestData();
retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil
.getSystemUserName());
createUser(USER_WITHOUT_AUDIT_CAPABILITY);
record = utils.createRecord(recordFolder, GUID.generate());
return null;
}
});
}
@Override
protected void tearDownImpl()
{
super.tearDownImpl();
deleteUser(USER_WITHOUT_AUDIT_CAPABILITY);
}
protected String getRMSiteId()
{
return filePlanService.DEFAULT_RM_SITE_ID;
}
}

7
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMWebScriptTestCase.java
View File

@@ -279,7 +279,7 @@ public class BaseRMWebScriptTestCase extends BaseWebScriptTest
assertNotNull("Could not create base folder", folder);
// Create the site
siteId = GUID.generate();
siteId = getRMSiteId();
siteInfo = siteService.createSite("rm-site-dashboard", siteId, "title", "descrition", SiteVisibility.PUBLIC, RecordsManagementModel.TYPE_RM_SITE);
filePlan = siteService.getContainer(siteId, RmSiteType.COMPONENT_DOCUMENT_LIBRARY);
assertNotNull("Site document library container was not created successfully.", filePlan);
@@ -383,4 +383,9 @@ public class BaseRMWebScriptTestCase extends BaseWebScriptTest
authorityService.deleteAuthority(groupName, true);
}
}
protected String getRMSiteId()
{
return GUID.generate();
}
}