RM-1231: Could not Revert the rejected record

* record security was not being correctly reset during record reject
 * added additional logging to help debug access denied exceptions



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@73455 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml

@@ -3,29 +3,12 @@
 
 <beans>
 
-   <!-- AVM Remote Store to ADM Remote Store migration patch -->
-  <!-- <bean id="patch.avmToAdmRemoteStore" class="org.alfresco.repo.admin.patch.impl.AVMToADMRemoteStorePatch" parent="basePatch">
-        <property name="id"><value>patch.avmToAdmRemoteStore</value></property>
-        <property name="description"><value>patch.avmToAdmRemoteStore.description</value></property>
-        <property name="fixesFromSchema"><value>0</value></property>
-        <property name="fixesToSchema"><value>5011</value></property>
-        <property name="targetSchema"><value>5012</value></property>
-        <property name="requiresTransaction"><value>false</value></property>
-        <property name="fileFolderService" ref="fileFolderService" />
-        <property name="contentService" ref="contentService" />
-        <property name="siteService" ref="SiteService" />
-        <property name="ruleService" ref="ruleService" />
-        <property name="avmService" ref="AVMService" />
-        <property name="hiddenAspect" ref="hiddenAspect" />
-        <property name="avmStore"><value>sitestore</value></property>
-        <property name="avmRootPath"><value>/alfresco/site-data</value></property>
-        <property name="dependsOn" >
-            <list>
-                <ref bean="patch.migrateTenantsFromAttrsToTable" />
-                <ref bean="patch.migrateAttrTenants" />
-            </list>
-        </property>
-    </bean> -->
+   <!-- extend node service security to report capability details on failure -->
+   <bean id="rm.NodeService_security" abstract="true" class="org.alfresco.module.org_alfresco_module_rm.security.RMMethodSecurityInterceptor"/>
+   <bean class="org.alfresco.module.org_alfresco_module_rm.util.BeanExtender">
+      <property name="beanName" value="NodeService_security" />
+      <property name="extendingBeanName" value="rm.NodeService_security" />
+   </bean>
 
    <bean id="ExtendedPermissionService" class="org.springframework.aop.framework.ProxyFactoryBean">
         <property name="proxyInterfaces">

rm-server/config/alfresco/module/org_alfresco_module_rm/model/recordsModel.xml

@@ -1102,7 +1102,7 @@
       			<protected>true</protected>
             </property>
             <property name="rma:recordOriginatingLocation">
-               	<type>d:any</type>
+               	<type>d:noderef</type>
       			<protected>true</protected>
             </property>
          </properties>

rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml

@@ -1088,18 +1088,24 @@
         <property name="objectDefinitionSource">
             <value>
                 <![CDATA[
-                org.alfresco.module.org_alfresco_module_rm.record.RecordService.registerRecordMetadataAspect=RM_ALLOW
+                org.alfresco.module.org_alfresco_module_rm.record.RecordService.registerRecordMetadataAspect=RM_ALLOW                
+                org.alfresco.module.org_alfresco_module_rm.record.RecordService.disablePropertyEditableCheck=RM_ALLOW
+                org.alfresco.module.org_alfresco_module_rm.record.RecordService.enablePropertyEditableCheck=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.getRecordMetaDataAspects=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.getRecordMetadataAspects=RM.Read.0
-                org.alfresco.module.org_alfresco_module_rm.record.RecordService.isRecord=RM_ALLOW
+                org.alfresco.module.org_alfresco_module_rm.record.RecordService.isRecord=ACL_ALLOW,RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.isDeclared=RM.Read.0
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.isFiled=RM.Read.0
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.createRecord=RM_ALLOW
+                org.alfresco.module.org_alfresco_module_rm.record.RecordService.file=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.hideRecord=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.isPropertyEditable=RM.Read.0
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.isMetadataStub=RM.Read.0
+                org.alfresco.module.org_alfresco_module_rm.record.RecordService.rejectRecord=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.getRecords=RM.Read.0,AFTER_RM.FilterNode
+                org.alfresco.module.org_alfresco_module_rm.record.RecordService.addRecordType=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.makeRecord=RM_ALLOW
+                org.alfresco.module.org_alfresco_module_rm.record.RecordService.link=RM_ALLOW
                 org.alfresco.module.org_alfresco_module_rm.record.RecordService.*=RM_DENY
                 ]]>
             </value>
@@ -1421,56 +1427,6 @@
         <property name="path" value="alfresco/module/org_alfresco_module_rm/dod5015/DODExampleFilePlan.xml" />
     </bean>
 
-    <!--
-    <bean id="authorityDAO" class="org.alfresco.repo.security.authority.RMAuthorityDAOImpl" init-method="init">
-        <property name="storeUrl">
-            <value>${spaces.store}</value>
-        </property>
-        <property name="nodeService">
-            <ref bean="mlAwareNodeService" />
-        </property>
-        <property name="searchService">
-            <ref bean="admSearchService" />
-        </property>
-        <property name="namespacePrefixResolver">
-            <ref bean="namespaceService" />
-        </property>
-        <property name="dictionaryService">
-            <ref bean="dictionaryService" />
-        </property>
-        <property name="personService">
-            <ref bean="personService" />
-        </property>
-        <property name="tenantService">
-            <ref bean="tenantService" />
-        </property>
-        <property name="authorityLookupCache">
-            <ref bean="authorityLookupCache" />
-        </property>
-        <property name="userAuthorityCache">
-            <ref bean="userToAuthorityCache" />
-        </property>
-        <property name="childAuthorityCache">
-            <ref bean="authorityToChildAuthorityCache" />
-        </property>
-        <property name="zoneAuthorityCache">
-            <ref bean="zoneToAuthorityCache" />
-        </property>
-        <property name="singletonCache">
-            <ref bean="immutableSingletonCache" />
-        </property>
-        <property name="policyComponent">
-            <ref bean="policyComponent"/>
-        </property>
-        <property name="cannedQueryRegistry" ref="cannedQueryRegistry" />
-        <property name="cannedQueryDAO" ref="cannedQueryDAO" />
-        <property name="aclDAO" ref="aclDAO" />
-        <property name="authorityBridgeDAO" ref="authorityBridgeDAO" />
-        <property name="authorityBridgeTableCache" ref="authorityBridgeTableCache" />
-        <property name="useBridgeTable" value="${authority.useBridgeTable}" />
-    </bean>
-    -->
-
    <!--  Hold Service -->
 
    <bean id="holdService"