From cd3e693b65647b2f4575cf2af131c65c87c70cc3 Mon Sep 17 00:00:00 2001
From: Tuna Aksoy <tuna.aksoy@alfresco.com>
Date: Fri, 17 Oct 2014 18:26:26 +0000
Subject: [PATCH] RM-1741 (Moved root category doesn't inherit permissions)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.1.0.x@88686 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../FilePlanPermissionServiceImpl.java        | 57 ++++++++++++++++++-
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
index dd0e9ea9f4..5f4071d235 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
@@ -34,6 +34,7 @@ import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
 import org.alfresco.repo.policy.JavaBehaviour;
 import org.alfresco.repo.policy.PolicyComponent;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
@@ -53,7 +54,8 @@ import org.apache.commons.logging.LogFactory;
  */
 public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
                                            implements FilePlanPermissionService,
-                                                      RecordsManagementModel
+                                                      RecordsManagementModel,
+                                                      NodeServicePolicies.OnMoveNodePolicy
 {
     /** Permission service */
     protected PermissionService permissionService;
@@ -82,6 +84,10 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
                 NodeServicePolicies.OnCreateNodePolicy.QNAME,
                 TYPE_RECORD_CATEGORY,
                 new JavaBehaviour(this, "onCreateRMContainer", NotificationFrequency.TRANSACTION_COMMIT));
+        policyComponent.bindClassBehaviour(
+                NodeServicePolicies.OnMoveNodePolicy.QNAME,
+                TYPE_RECORD_CATEGORY,
+                new JavaBehaviour(this, "onMoveNode", NotificationFrequency.TRANSACTION_COMMIT));
         policyComponent.bindClassBehaviour(
                 NodeServicePolicies.OnCreateNodePolicy.QNAME,
                 TYPE_RECORD_FOLDER,
@@ -312,6 +318,55 @@ public class FilePlanPermissionServiceImpl extends    ServiceBaseImpl
         });
     }
 
+    /**
+     * @see org.alfresco.repo.node.NodeServicePolicies.OnMoveNodePolicy#onMoveNode(org.alfresco.service.cmr.repository.ChildAssociationRef, org.alfresco.service.cmr.repository.ChildAssociationRef)
+     */
+    @Override
+    public void onMoveNode(final ChildAssociationRef oldChildAssocRef, final ChildAssociationRef newChildAssocRef)
+    {
+        AuthenticationUtil.runAs(new RunAsWork<Void>()
+        {
+            @Override
+            public Void doWork() throws Exception
+            {
+                NodeRef sourceCategory = oldChildAssocRef.getChildRef();
+                boolean inheritParentPermissions = permissionService.getInheritParentPermissions(sourceCategory);
+                if (!inheritParentPermissions)
+                {
+                    permissionService.setInheritParentPermissions(sourceCategory, true);
+                }
+
+                Set<AccessPermission> keepPerms = new HashSet<AccessPermission>(5);
+                Set<AccessPermission> origionalCategoryPerms= permissionService.getAllSetPermissions(sourceCategory);
+
+                for (AccessPermission categoryPermission : origionalCategoryPerms)
+                {
+                    String permission = categoryPermission.getPermission();
+                    String authority = categoryPermission.getAuthority();
+                    if ((RMPermissionModel.FILING.equals(permission) || RMPermissionModel.READ_RECORDS.equals(permission)) &&
+                            categoryPermission.isSetDirectly() &&
+                            !ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(authority) &&
+                            !ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(authority))
+                    {
+                        // then we can assume this is a permission we want to preserve
+                        keepPerms.add(categoryPermission);
+                    }
+                }
+
+                // clear all existing permissions and start again
+                permissionService.deletePermissions(sourceCategory);
+
+                // re-add keep'er permissions
+                for (AccessPermission keeper : keepPerms)
+                {
+                    setPermission(sourceCategory, keeper.getAuthority(), keeper.getPermission());
+                }
+
+                return null;
+            }
+        }, AuthenticationUtil.getSystemUserName());
+    }
+
     /**
      * Initialise the record permissions for the given parent.
      *