diff --git a/config/alfresco/dao/dao-context.xml b/config/alfresco/dao/dao-context.xml index b9fc44fbbf..ebdb7b3a4f 100644 --- a/config/alfresco/dao/dao-context.xml +++ b/config/alfresco/dao/dao-context.xml @@ -308,6 +308,8 @@ + + diff --git a/config/alfresco/model-specific-services-context.xml b/config/alfresco/model-specific-services-context.xml index 03297494a4..178aea6d17 100644 --- a/config/alfresco/model-specific-services-context.xml +++ b/config/alfresco/model-specific-services-context.xml @@ -58,7 +58,7 @@ - + diff --git a/config/alfresco/repository.properties b/config/alfresco/repository.properties index 9892d4c6d7..8dcc7dcfe4 100644 --- a/config/alfresco/repository.properties +++ b/config/alfresco/repository.properties @@ -199,7 +199,14 @@ system.acl.maxPermissionChecks=1000 # The maximum number of filefolder list results system.filefolderservice.defaultListMaxResults=5000 +# DEPRECATED: Use 'system.auditableData.preserve' system.preserve.modificationData=false +# The default to preserve all cm:auditable data on a node when the process is not directly driven by a user action +system.auditableData.preserve=${system.preserve.modificationData} +# Specific control of how the FileFolderService treats cm:auditable data when performing moves +system.auditableData.FileFolderService=${system.auditableData.preserve} +# Specific control of whether ACL changes on a node trigger the cm:auditable aspect +system.auditableData.ACLs=${system.auditableData.preserve} # Properties to control read permission evaluation for acegi system.readpermissions.optimise=true diff --git a/source/java/org/alfresco/repo/domain/permissions/ADMAccessControlListDAO.java b/source/java/org/alfresco/repo/domain/permissions/ADMAccessControlListDAO.java index 1437a2e0a9..e7c25b8bed 100644 --- a/source/java/org/alfresco/repo/domain/permissions/ADMAccessControlListDAO.java +++ b/source/java/org/alfresco/repo/domain/permissions/ADMAccessControlListDAO.java @@ -23,9 +23,11 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import org.alfresco.model.ContentModel; import org.alfresco.repo.domain.node.NodeDAO; import org.alfresco.repo.domain.node.NodeIdAndAclId; import org.alfresco.repo.domain.permissions.AVMAccessControlListDAO.CounterSet; +import org.alfresco.repo.policy.BehaviourFilter; import org.alfresco.repo.security.permissions.ACLType; import org.alfresco.repo.security.permissions.AccessControlList; import org.alfresco.repo.security.permissions.AccessControlListProperties; @@ -52,6 +54,9 @@ public class ADMAccessControlListDAO implements AccessControlListDAO private NodeDAO nodeDAO; private AclDAO aclDaoComponent; + + private BehaviourFilter behaviourFilter; + private boolean preserveAuditableData = true; public void setNodeDAO(NodeDAO nodeDAO) { @@ -62,6 +67,21 @@ public class ADMAccessControlListDAO implements AccessControlListDAO { this.aclDaoComponent = aclDaoComponent; } + + public void setBehaviourFilter(BehaviourFilter behaviourFilter) + { + this.behaviourFilter = behaviourFilter; + } + + public void setPreserveAuditableData(boolean preserveAuditableData) + { + this.preserveAuditableData = preserveAuditableData; + } + + public boolean isPreserveAuditableData() + { + return preserveAuditableData; + } public void forceCopy(NodeRef nodeRef) { @@ -250,8 +270,24 @@ public class ADMAccessControlListDAO implements AccessControlListDAO public void setAccessControlList(NodeRef nodeRef, Long aclId) { - Long nodeId = getNodeIdNotNull(nodeRef); - nodeDAO.setNodeAclId(nodeId, aclId); + boolean auditableBehaviorWasDisabled = preserveAuditableData && behaviourFilter.isEnabled(ContentModel.ASPECT_AUDITABLE); + if (auditableBehaviorWasDisabled) + { + behaviourFilter.disableBehaviour(ContentModel.ASPECT_AUDITABLE); + } + + try + { + Long nodeId = getNodeIdNotNull(nodeRef); + nodeDAO.setNodeAclId(nodeId, aclId); + } + finally + { + if (auditableBehaviorWasDisabled) + { + behaviourFilter.enableBehaviour(ContentModel.ASPECT_AUDITABLE); + } + } } public void setAccessControlList(NodeRef nodeRef, Acl acl) diff --git a/source/java/org/alfresco/repo/model/filefolder/FileFolderServiceImpl.java b/source/java/org/alfresco/repo/model/filefolder/FileFolderServiceImpl.java index 0c29a9480c..4d36c2ccfb 100644 --- a/source/java/org/alfresco/repo/model/filefolder/FileFolderServiceImpl.java +++ b/source/java/org/alfresco/repo/model/filefolder/FileFolderServiceImpl.java @@ -136,7 +136,7 @@ public class FileFolderServiceImpl extends AbstractBaseCopyService implements Fi private BehaviourFilter behaviourFilter; private NamedObjectRegistry> cannedQueryRegistry; - private boolean preserveModificationData = true; + private boolean preserveAuditableData = true; // TODO: Replace this with a more formal means of identifying "system" folders (i.e. aspect or UUID) private List systemPaths; @@ -216,14 +216,14 @@ public class FileFolderServiceImpl extends AbstractBaseCopyService implements Fi this.behaviourFilter = behaviourFilter; } - public void setPreserveModificationData(boolean preserveModificationData) + public void setPreserveAuditableData(boolean preserveAuditableData) { - this.preserveModificationData = preserveModificationData; + this.preserveAuditableData = preserveAuditableData; } - public boolean isPreserveModificationData() + public boolean isPreserveAuditableData() { - return preserveModificationData; + return preserveAuditableData; } @@ -1084,7 +1084,7 @@ public class FileFolderServiceImpl extends AbstractBaseCopyService implements Fi if (isPrimaryParent) { // move the node so that the association moves as well - boolean auditableBehaviorWasDisabled = preserveModificationData && behaviourFilter.isEnabled(ContentModel.ASPECT_AUDITABLE); + boolean auditableBehaviorWasDisabled = preserveAuditableData && behaviourFilter.isEnabled(ContentModel.ASPECT_AUDITABLE); if (auditableBehaviorWasDisabled) { behaviourFilter.disableBehaviour(ContentModel.ASPECT_AUDITABLE); diff --git a/source/test-java/org/alfresco/repo/model/filefolder/FileFolderServicePropagationTest.java b/source/test-java/org/alfresco/repo/model/filefolder/FileFolderServicePropagationTest.java index 3d4832e824..60efac6ba4 100644 --- a/source/test-java/org/alfresco/repo/model/filefolder/FileFolderServicePropagationTest.java +++ b/source/test-java/org/alfresco/repo/model/filefolder/FileFolderServicePropagationTest.java @@ -97,7 +97,7 @@ public class FileFolderServicePropagationTest extends TestCase if (null == defaultPreservationValue) { - defaultPreservationValue = fileFolderService.isPreserveModificationData(); + defaultPreservationValue = fileFolderService.isPreserveAuditableData(); } ServiceRegistry serviceRegistry = (ServiceRegistry) applicationContext.getBean(ServiceRegistry.SERVICE_REGISTRY); @@ -162,7 +162,7 @@ public class FileFolderServicePropagationTest extends TestCase public void tearDown() throws Exception { // Resetting to default value... - fileFolderService.setPreserveModificationData(defaultPreservationValue); + fileFolderService.setPreserveAuditableData(defaultPreservationValue); transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback() { @@ -197,7 +197,7 @@ public class FileFolderServicePropagationTest extends TestCase } // Enabling preservation of modification properties data... - fileFolderService.setPreserveModificationData(true); + fileFolderService.setPreserveAuditableData(true); transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback() { @Override @@ -223,7 +223,7 @@ public class FileFolderServicePropagationTest extends TestCase } // Enabling preservation of modification properties data... - fileFolderService.setPreserveModificationData(true); + fileFolderService.setPreserveAuditableData(true); transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback() { @Override @@ -249,7 +249,7 @@ public class FileFolderServicePropagationTest extends TestCase } // Enabling preservation of modification properties data... - fileFolderService.setPreserveModificationData(true); + fileFolderService.setPreserveAuditableData(true); transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback() { @Override @@ -297,7 +297,7 @@ public class FileFolderServicePropagationTest extends TestCase } // Disabling preservation of modification properties data... - fileFolderService.setPreserveModificationData(false); + fileFolderService.setPreserveAuditableData(false); transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback() { @Override @@ -325,7 +325,7 @@ public class FileFolderServicePropagationTest extends TestCase } // Disabling preservation of modification properties data... - fileFolderService.setPreserveModificationData(false); + fileFolderService.setPreserveAuditableData(false); transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback() { @Override @@ -353,7 +353,7 @@ public class FileFolderServicePropagationTest extends TestCase } // Disabling preservation of modification properties data... - fileFolderService.setPreserveModificationData(false); + fileFolderService.setPreserveAuditableData(false); transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback() { @Override diff --git a/source/test-java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java b/source/test-java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java index a70225d270..71b460e919 100644 --- a/source/test-java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java +++ b/source/test-java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java @@ -58,7 +58,7 @@ import org.springframework.orm.hibernate3.LocalSessionFactoryBean; public class AbstractPermissionTest extends TestCase { - private static ApplicationContext applicationContext = ApplicationContextHelper.getApplicationContext(); + protected static ApplicationContext applicationContext = ApplicationContextHelper.getApplicationContext(); protected static final String ROLE_AUTHENTICATED = "ROLE_AUTHENTICATED"; diff --git a/source/test-java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java b/source/test-java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java index 3b27e6d6f7..fdf943926e 100644 --- a/source/test-java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java +++ b/source/test-java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java @@ -27,6 +27,7 @@ import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.GrantedAuthority; import org.alfresco.model.ContentModel; +import org.alfresco.repo.domain.permissions.ADMAccessControlListDAO; import org.alfresco.repo.model.filefolder.FileFolderServiceImpl; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.security.permissions.ACLType; @@ -3383,6 +3384,47 @@ public class PermissionServiceTest extends AbstractPermissionTest //assertTrue("Time was "+(end - start)/1000000000.0f, end == start); } + + public void testPreserveAuditableData() + { + ADMAccessControlListDAO accessControlListDao = (ADMAccessControlListDAO) applicationContext.getBean("admNodeACLDAO"); + boolean preserveAuditableData = accessControlListDao.isPreserveAuditableData(); + + runAs("admin"); + + personService.getPerson("andy"); + personService.getPerson("userTwo"); + + NodeRef folder = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}Folder"), ContentModel.TYPE_FOLDER).getChildRef();; + NodeRef content1 = nodeService.createNode(folder, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}content1"), ContentModel.TYPE_CONTENT).getChildRef();; + NodeRef content2 = nodeService.createNode(folder, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}content2"), ContentModel.TYPE_CONTENT).getChildRef();; + + try + { + permissionService.setPermission(folder, "andy", PermissionService.COORDINATOR, true); + + assertEquals("admin", nodeService.getProperty(content1, ContentModel.PROP_MODIFIER)); + + accessControlListDao.setPreserveAuditableData(true); + + runAs("andy"); + permissionService.setPermission(content1, "userTwo", PermissionService.COORDINATOR, true); + assertEquals("admin", nodeService.getProperty(content1, ContentModel.PROP_MODIFIER)); + + accessControlListDao.setPreserveAuditableData(false); + + permissionService.setPermission(content2, "userTwo", PermissionService.COORDINATOR, true); + assertEquals("andy", nodeService.getProperty(content2, ContentModel.PROP_MODIFIER)); + } + finally + { + accessControlListDao.setPreserveAuditableData(preserveAuditableData); + if (folder != null) + { + nodeService.deleteNode(folder); + } + } + } public void xtestFindNodesByPermission()