mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
Merge remote-tracking branch 'origin/develop' into fix/MNT-17970_recipientListForGroups
This commit is contained in:
Andreea Nechifor
@@ -1283,11 +1283,6 @@ public class AlfrescoCmisServiceImpl extends AbstractCmisService implements Alfr
|
||||
throw new CmisConstraintException("This document type does requires content!");
|
||||
}
|
||||
|
||||
if (docType.isVersionable() && (versioningState == VersioningState.NONE))
|
||||
{
|
||||
throw new CmisConstraintException("This document type is versionable!");
|
||||
}
|
||||
|
||||
if (!docType.isVersionable() && (versioningState != VersioningState.NONE))
|
||||
{
|
||||
throw new CmisConstraintException("This document type is not versionable!");
|
||||
|
||||
@@ -1,28 +1,28 @@
|
||||
/*
|
||||
* #%L
|
||||
* Alfresco Repository
|
||||
* %%
|
||||
* Copyright (C) 2005 - 2016 Alfresco Software Limited
|
||||
* %%
|
||||
* This file is part of the Alfresco software.
|
||||
* If the software was purchased under a paid Alfresco license, the terms of
|
||||
* the paid license agreement will prevail. Otherwise, the software is
|
||||
* provided under the following open source license terms:
|
||||
*
|
||||
* Alfresco is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Alfresco is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public License
|
||||
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
||||
* #L%
|
||||
*/
|
||||
/*
|
||||
* #%L
|
||||
* Alfresco Repository
|
||||
* %%
|
||||
* Copyright (C) 2005 - 2016 Alfresco Software Limited
|
||||
* %%
|
||||
* This file is part of the Alfresco software.
|
||||
* If the software was purchased under a paid Alfresco license, the terms of
|
||||
* the paid license agreement will prevail. Otherwise, the software is
|
||||
* provided under the following open source license terms:
|
||||
*
|
||||
* Alfresco is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Alfresco is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public License
|
||||
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
||||
* #L%
|
||||
*/
|
||||
package org.alfresco.repo.site;
|
||||
|
||||
import java.util.List;
|
||||
@@ -31,6 +31,7 @@ import org.alfresco.repo.domain.node.NodeDAO;
|
||||
import org.alfresco.repo.domain.node.NodeIdAndAclId;
|
||||
import org.alfresco.repo.domain.permissions.Acl;
|
||||
import org.alfresco.repo.domain.permissions.AclDAO;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.permissions.ACLType;
|
||||
import org.alfresco.repo.security.permissions.AccessControlEntry;
|
||||
import org.alfresco.repo.security.permissions.AccessControlList;
|
||||
@@ -99,62 +100,70 @@ public class SitesPermissionCleaner
|
||||
|
||||
public void cleanSitePermissions(final NodeRef targetNode, SiteInfo containingSite)
|
||||
{
|
||||
if (nodeDAO.exists(targetNode))
|
||||
if (!nodeDAO.exists(targetNode))
|
||||
{
|
||||
// We can calculate the containing site at the start of a recursive call & then reuse it on subsequent calls.
|
||||
if (containingSite == null)
|
||||
{
|
||||
containingSite = siteServiceImpl.getSite(targetNode);
|
||||
}
|
||||
return;
|
||||
}
|
||||
// We can calculate the containing site at the start of a recursive call & then reuse it on subsequent calls.
|
||||
if (containingSite == null)
|
||||
{
|
||||
containingSite = siteServiceImpl.getSite(targetNode);
|
||||
}
|
||||
|
||||
// Short-circuit at this point if the node is not in a Site.
|
||||
if (containingSite != null)
|
||||
// Short-circuit at this point if the node is not in a Site.
|
||||
if (containingSite == null)
|
||||
{
|
||||
return;
|
||||
}
|
||||
// For performance reasons we navigate down the containment hierarchy using the DAOs
|
||||
// rather than the NodeService. Note: direct use of NodeDAO requires tenantService (ALF-12732).
|
||||
final Long targetNodeID = nodeDAO.getNodePair(tenantService.getName(targetNode)).getFirst();
|
||||
final Long targetNodeAclID = nodeDAO.getNodeAclId(targetNodeID);
|
||||
Acl targetNodeAcl = aclDAO.getAcl(targetNodeAclID);
|
||||
|
||||
// Nodes that don't have defining ACLs do not need to be considered.
|
||||
if (targetNodeAcl.getAclType() == ACLType.DEFINING)
|
||||
{
|
||||
AccessControlList targetNodeAccessControlList = aclDAO.getAccessControlList(targetNodeAclID);
|
||||
List<AccessControlEntry> targetNodeAclEntries = targetNodeAccessControlList.getEntries();
|
||||
for (AccessControlEntry entry : targetNodeAclEntries)
|
||||
{
|
||||
// For performance reasons we navigate down the containment hierarchy using the DAOs
|
||||
// rather than the NodeService. Note: direct use of NodeDAO requires tenantService (ALF-12732).
|
||||
final Long targetNodeID = nodeDAO.getNodePair(tenantService.getName(targetNode)).getFirst();
|
||||
final Long targetNodeAclID = nodeDAO.getNodeAclId(targetNodeID);
|
||||
Acl targetNodeAcl = aclDAO.getAcl(targetNodeAclID);
|
||||
|
||||
// Nodes that don't have defining ACLs do not need to be considered.
|
||||
if (targetNodeAcl.getAclType() == ACLType.DEFINING)
|
||||
String authority = entry.getAuthority();
|
||||
|
||||
String thisSiteGroupPrefix = siteServiceImpl.getSiteGroup(containingSite.getShortName(), true);
|
||||
|
||||
// If it's a group site permission for a site other than the current site
|
||||
if (authority.startsWith(PermissionService.GROUP_PREFIX) &&
|
||||
// And it's not GROUP_EVERYONE
|
||||
!authority.startsWith(PermissionService.ALL_AUTHORITIES) && !authority.startsWith(thisSiteGroupPrefix) &&
|
||||
// And if the current user has permissions to do it
|
||||
publicServiceAccessService.hasAccess("PermissionService", "clearPermission", targetNode, authority) == AccessStatus.ALLOWED)
|
||||
{
|
||||
AccessControlList targetNodeAccessControlList = aclDAO.getAccessControlList(targetNodeAclID);
|
||||
List<AccessControlEntry> targetNodeAclEntries = targetNodeAccessControlList.getEntries();
|
||||
for (AccessControlEntry entry : targetNodeAclEntries)
|
||||
{
|
||||
String authority = entry.getAuthority();
|
||||
|
||||
String thisSiteGroupPrefix = siteServiceImpl.getSiteGroup(containingSite.getShortName(), true);
|
||||
|
||||
// If it's a group site permission for a site other than the current site
|
||||
if (authority.startsWith(PermissionService.GROUP_PREFIX) &&
|
||||
!authority.startsWith(PermissionService.ALL_AUTHORITIES) && // And it's not GROUP_EVERYONE
|
||||
!authority.startsWith(thisSiteGroupPrefix))
|
||||
{
|
||||
// And if the current user has permissions to do it
|
||||
if (publicServiceAccessService.hasAccess("PermissionService", "clearPermission", targetNode, authority) == AccessStatus.ALLOWED)
|
||||
{
|
||||
// Then remove it.
|
||||
permissionService.clearPermission(targetNode, authority);
|
||||
}
|
||||
if (publicServiceAccessService.hasAccess("PermissionService", "setInheritParentPermissions", targetNode, true) == AccessStatus.ALLOWED)
|
||||
{
|
||||
// And reenable permission inheritance.
|
||||
permissionService.setInheritParentPermissions(targetNode, true);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
// Then remove it.
|
||||
permissionService.clearPermission(targetNode, authority);
|
||||
}
|
||||
|
||||
// Recurse
|
||||
List<NodeIdAndAclId> childNodeIds = nodeDAO.getPrimaryChildrenAcls(targetNodeID);
|
||||
for (NodeIdAndAclId nextChild : childNodeIds)
|
||||
|
||||
if (!permissionService.getInheritParentPermissions(targetNode))
|
||||
{
|
||||
cleanSitePermissions(nodeDAO.getNodePair(nextChild.getId()).getSecond(), containingSite);
|
||||
// The site manager from the new site, where this node was moved to, has to have permission to this node
|
||||
String siteManagerAuthority = thisSiteGroupPrefix + "_" + SiteModel.SITE_MANAGER;
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
|
||||
{
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
permissionService.setPermission(targetNode, siteManagerAuthority, SiteModel.SITE_MANAGER, true);
|
||||
return null;
|
||||
}
|
||||
}, AuthenticationUtil.getSystemUserName());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Recurse
|
||||
List<NodeIdAndAclId> childNodeIds = nodeDAO.getPrimaryChildrenAcls(targetNodeID);
|
||||
for (NodeIdAndAclId nextChild : childNodeIds)
|
||||
{
|
||||
cleanSitePermissions(nodeDAO.getNodePair(nextChild.getId()).getSecond(), containingSite);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user