mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
RM-959 (Admin user is not able to create users)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@55343 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
@@ -11,11 +11,11 @@
|
|||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
<beans>
|
<beans>
|
||||||
|
|
||||||
<!-- ===================== -->
|
<!-- ===================== -->
|
||||||
<!-- Permissions Model DAO -->
|
<!-- Permissions Model DAO -->
|
||||||
<!-- ===================== -->
|
<!-- ===================== -->
|
||||||
|
|
||||||
<bean id='permissionsModelDAO' class="org.alfresco.repo.security.permissions.impl.model.PermissionModel" init-method="init">
|
<bean id='permissionsModelDAO' class="org.alfresco.repo.security.permissions.impl.model.PermissionModel" init-method="init">
|
||||||
<property name="model">
|
<property name="model">
|
||||||
<value>alfresco/model/permissionDefinitions.xml</value>
|
<value>alfresco/model/permissionDefinitions.xml</value>
|
||||||
@@ -30,19 +30,19 @@
|
|||||||
<ref bean="dictionaryService"/>
|
<ref bean="dictionaryService"/>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- =========================== -->
|
<!-- =========================== -->
|
||||||
<!-- Permissions Model Bootstrap -->
|
<!-- Permissions Model Bootstrap -->
|
||||||
<!-- =========================== -->
|
<!-- =========================== -->
|
||||||
|
|
||||||
<bean id="permissionModelBootstrap" class="org.alfresco.repo.security.permissions.impl.model.PermissionModelBootstrap" abstract="true" init-method="init">
|
<bean id="permissionModelBootstrap" class="org.alfresco.repo.security.permissions.impl.model.PermissionModelBootstrap" abstract="true" init-method="init">
|
||||||
<property name="permissionModel" ref="permissionsModelDAO"/>
|
<property name="permissionModel" ref="permissionsModelDAO"/>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- =========================== -->
|
<!-- =========================== -->
|
||||||
<!-- Helper bean -->
|
<!-- Helper bean -->
|
||||||
<!-- =========================== -->
|
<!-- =========================== -->
|
||||||
|
|
||||||
<bean id="RMSecurityCommon" abstract="true">
|
<bean id="RMSecurityCommon" abstract="true">
|
||||||
<property name="nodeService" ref="nodeService"/>
|
<property name="nodeService" ref="nodeService"/>
|
||||||
<property name="permissionService" ref="permissionService"/>
|
<property name="permissionService" ref="permissionService"/>
|
||||||
@@ -50,11 +50,11 @@
|
|||||||
<property name="caveatConfigComponent" ref="caveatConfigComponent"/>
|
<property name="caveatConfigComponent" ref="caveatConfigComponent"/>
|
||||||
<property name="filePlanService" ref="filePlanService"/>
|
<property name="filePlanService" ref="filePlanService"/>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- ====== -->
|
<!-- ====== -->
|
||||||
<!-- Voters -->
|
<!-- Voters -->
|
||||||
<!-- ====== -->
|
<!-- ====== -->
|
||||||
|
|
||||||
<!-- A voter to allow access based on node access control. -->
|
<!-- A voter to allow access based on node access control. -->
|
||||||
<!-- These start ACL_NODE or ACL_PARENT and are followed by .methodArgumentPosition -->
|
<!-- These start ACL_NODE or ACL_PARENT and are followed by .methodArgumentPosition -->
|
||||||
<!-- then object type (prefix:localname) . permission -->
|
<!-- then object type (prefix:localname) . permission -->
|
||||||
@@ -64,7 +64,7 @@
|
|||||||
<!-- -->
|
<!-- -->
|
||||||
<!-- Note: ff the context evaluates to null (e.g. doing an exists test on a node -->
|
<!-- Note: ff the context evaluates to null (e.g. doing an exists test on a node -->
|
||||||
<!-- that does not exist) then access will be allowed. -->
|
<!-- that does not exist) then access will be allowed. -->
|
||||||
|
|
||||||
<bean id="aclEntryVoter" class="org.alfresco.repo.security.permissions.impl.acegi.ACLEntryVoter" abstract="false" singleton="true" lazy-init="default" autowire="default" dependency-check="default">
|
<bean id="aclEntryVoter" class="org.alfresco.repo.security.permissions.impl.acegi.ACLEntryVoter" abstract="false" singleton="true" lazy-init="default" autowire="default" dependency-check="default">
|
||||||
<property name="permissionService">
|
<property name="permissionService">
|
||||||
<ref bean="permissionService"></ref>
|
<ref bean="permissionService"></ref>
|
||||||
@@ -75,6 +75,9 @@
|
|||||||
<property name="nodeService">
|
<property name="nodeService">
|
||||||
<ref bean="nodeService"></ref>
|
<ref bean="nodeService"></ref>
|
||||||
</property>
|
</property>
|
||||||
|
<property name="ownableService">
|
||||||
|
<ref bean="ownableService"></ref>
|
||||||
|
</property>
|
||||||
<property name="authenticationService">
|
<property name="authenticationService">
|
||||||
<ref bean="authenticationService"/>
|
<ref bean="authenticationService"/>
|
||||||
</property>
|
</property>
|
||||||
@@ -87,24 +90,24 @@
|
|||||||
</set>
|
</set>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="rmEntryVoter"
|
<bean id="rmEntryVoter"
|
||||||
class="org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoter"
|
class="org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoter"
|
||||||
lazy-init="false"
|
lazy-init="false"
|
||||||
parent="RMSecurityCommon"
|
parent="RMSecurityCommon"
|
||||||
depends-on="CapabilityService">
|
depends-on="CapabilityService">
|
||||||
<property name="namespacePrefixResolver" ref="namespaceService"/>
|
<property name="namespacePrefixResolver" ref="namespaceService"/>
|
||||||
<property name="capabilityService" ref="capabilityService"/>
|
<property name="capabilityService" ref="capabilityService"/>
|
||||||
|
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- ======================= -->
|
<!-- ======================= -->
|
||||||
<!-- Access decision manager -->
|
<!-- Access decision manager -->
|
||||||
<!-- ======================= -->
|
<!-- ======================= -->
|
||||||
|
|
||||||
<!-- The access decision manager asks voters in order if they should allow access -->
|
<!-- The access decision manager asks voters in order if they should allow access -->
|
||||||
<!-- Role and group access do not require ACL based access -->
|
<!-- Role and group access do not require ACL based access -->
|
||||||
|
|
||||||
<bean id="accessDecisionManager" class="org.alfresco.repo.security.permissions.impl.acegi.AffirmativeBasedAccessDecisionManger">
|
<bean id="accessDecisionManager" class="org.alfresco.repo.security.permissions.impl.acegi.AffirmativeBasedAccessDecisionManger">
|
||||||
<property name="allowIfAllAbstainDecisions">
|
<property name="allowIfAllAbstainDecisions">
|
||||||
<value>false</value>
|
<value>false</value>
|
||||||
@@ -118,11 +121,11 @@
|
|||||||
</list>
|
</list>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- ======================================== -->
|
<!-- ======================================== -->
|
||||||
<!-- Post method call application of security -->
|
<!-- Post method call application of security -->
|
||||||
<!-- ======================================== -->
|
<!-- ======================================== -->
|
||||||
|
|
||||||
<bean id="afterAcl" class="org.alfresco.repo.security.permissions.impl.acegi.ACLEntryAfterInvocationProvider" abstract="false" singleton="true" lazy-init="default" autowire="default" dependency-check="default">
|
<bean id="afterAcl" class="org.alfresco.repo.security.permissions.impl.acegi.ACLEntryAfterInvocationProvider" abstract="false" singleton="true" lazy-init="default" autowire="default" dependency-check="default">
|
||||||
<property name="permissionService">
|
<property name="permissionService">
|
||||||
<ref bean="permissionServiceImpl"></ref>
|
<ref bean="permissionServiceImpl"></ref>
|
||||||
@@ -148,7 +151,7 @@
|
|||||||
</set>
|
</set>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="afterRm" class="org.alfresco.module.org_alfresco_module_rm.capability.RMAfterInvocationProvider" parent="RMSecurityCommon">
|
<bean id="afterRm" class="org.alfresco.module.org_alfresco_module_rm.capability.RMAfterInvocationProvider" parent="RMSecurityCommon">
|
||||||
<property name="maxPermissionCheckTimeMillis">
|
<property name="maxPermissionCheckTimeMillis">
|
||||||
<value>${system.acl.maxPermissionCheckTimeMillis}</value>
|
<value>${system.acl.maxPermissionCheckTimeMillis}</value>
|
||||||
@@ -157,9 +160,9 @@
|
|||||||
<value>${system.acl.maxPermissionChecks}</value>
|
<value>${system.acl.maxPermissionChecks}</value>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- Link up after method call security -->
|
<!-- Link up after method call security -->
|
||||||
|
|
||||||
<bean id="afterInvocationManager" class="net.sf.acegisecurity.afterinvocation.AfterInvocationProviderManager">
|
<bean id="afterInvocationManager" class="net.sf.acegisecurity.afterinvocation.AfterInvocationProviderManager">
|
||||||
<property name="providers">
|
<property name="providers">
|
||||||
<list>
|
<list>
|
||||||
@@ -169,5 +172,5 @@
|
|||||||
</list>
|
</list>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
</beans>
|
</beans>
|
||||||
Reference in New Issue
Block a user