Merged BRANCHES/DEV/DAVEW/LDAP to HEAD

14587: Added new node service method getNodesWithoutParentAssocsOfType to public-services-security-context.xml (or at least my best guess at it!) 14586: Use US spelling of synchronization in filenames for consistency 14585: Lower the default user registry sync frequency to daily instead of hourly. Now users and groups are pulled over incrementally on login of missing users. 14583: Unit test for ChainingUserRegistrySynchronizer 14571: Migration patch for existing authorities previously held in users store - Uses AuthorityService to recreate authorities in spaces store with new structure 14555: Authority service changes for LDAP sync improvements - Moved sys:authorities container to spaces store - All authorities now stored directly under sys:authorities - Authorities can now be looked up directly by node service - Secondary child associations used to model group relationships - 'Root' groups for UI navigation determined dynamically by node service query - cm:member association used to relate both authority containers and persons to other authorities - New cm:inZone association relates persons and authority containers to synchronization 'zones' stored under sys:zones - Look up of authority zone and all authorities in a zone to enable multi-zone LDAP sync 14524: Dev branch for finishing LDAP zones and upgrade impact git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14588 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2009-06-08 16:16:32 +00:00
parent 7507aa8b1a
commit d5e0432589
77 changed files with 3674 additions and 2419 deletions
--- a/source/java/org/alfresco/repo/admin/patch/impl/AuthorityMigrationPatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/AuthorityMigrationPatch.java
@@ -0,0 +1,198 @@
+/*
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have received a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.repo.admin.patch.impl;
+
+import java.util.Collection;
+import java.util.List;
+
+import org.alfresco.i18n.I18NUtil;
+import org.alfresco.model.ContentModel;
+import org.alfresco.repo.admin.patch.AbstractPatch;
+import org.alfresco.repo.importer.ImporterBootstrap;
+import org.alfresco.service.cmr.repository.ChildAssociationRef;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
+import org.alfresco.service.cmr.security.AuthorityService;
+import org.alfresco.service.cmr.security.AuthorityType;
+import org.alfresco.service.namespace.QName;
+import org.alfresco.service.namespace.RegexQNamePattern;
+
+/**
+ * Migrates authority information previously stored in the user store to the spaces store, using the new structure used
+ * by AuthorityService.
+ * 
+ * @author dward
+ */
+public class AuthorityMigrationPatch extends AbstractPatch
+{
+
+    /** Success message. */
+    private static final String MSG_SUCCESS = "patch.authorityMigration.result";
+
+    /** The old authority name property */
+    private static final QName PROP_AUTHORITY_NAME = QName.createQName(ContentModel.USER_MODEL_URI, "authorityName");
+
+    /** The old authority display name property */
+    private static final QName PROP_AUTHORITY_DISPLAY_NAME = QName.createQName(ContentModel.USER_MODEL_URI,
+            "authorityDisplayName");
+
+    /** The old authority members property */
+    private static final QName PROP_MEMBERS = QName.createQName(ContentModel.USER_MODEL_URI, "members");
+
+    /** The authority service. */
+    private AuthorityService authorityService;
+
+    /** The user bootstrap. */
+    private ImporterBootstrap userBootstrap;
+
+    /**
+     * Sets the authority service.
+     * 
+     * @param authorityService
+     *            the authority service
+     */
+    public void setAuthorityService(AuthorityService authorityService)
+    {
+        this.authorityService = authorityService;
+    }
+
+    /**
+     * Sets the user bootstrap.
+     * 
+     * @param userBootstrap
+     *            the user bootstrap
+     */
+    public void setUserBootstrap(ImporterBootstrap userBootstrap)
+    {
+        this.userBootstrap = userBootstrap;
+    }
+
+    /**
+     * Recursively migrates the authorities under the given node
+     * 
+     * @param parentAuthority
+     *            the full name of the parent authority corresponding to the given node, or <code>null</code> if it is
+     *            not an authority node.
+     * @param nodeRef
+     *            the node to find authorities below
+     * @return the number of processed authorities
+     */
+    private int migrateAuthorities(String parentAuthority, NodeRef nodeRef)
+    {
+        int processedCount = 0;
+        List<ChildAssociationRef> cars = this.nodeService.getChildAssocs(nodeRef);
+        for (ChildAssociationRef car : cars)
+        {
+            NodeRef current = car.getChildRef();
+            String authorityName = DefaultTypeConverter.INSTANCE.convert(String.class, this.nodeService.getProperty(
+                    current, AuthorityMigrationPatch.PROP_AUTHORITY_NAME));
+            boolean existed = this.authorityService.authorityExists(authorityName);
+            if (!existed)
+            {
+                String authorityDisplayName = DefaultTypeConverter.INSTANCE.convert(String.class, this.nodeService
+                        .getProperty(current, AuthorityMigrationPatch.PROP_AUTHORITY_DISPLAY_NAME));
+                this.authorityService.createAuthority(AuthorityType.getAuthorityType(authorityName),
+                        this.authorityService.getShortName(authorityName), authorityDisplayName, null);
+                processedCount++;
+            }
+            if (parentAuthority != null
+                    && (!existed || !this.authorityService.getContainingAuthorities(AuthorityType.GROUP, authorityName,
+                            true).contains(parentAuthority)))
+            {
+                this.authorityService.addAuthority(parentAuthority, authorityName);
+            }
+
+            // loop over properties
+            Collection<String> members = DefaultTypeConverter.INSTANCE.getCollection(String.class, this.nodeService
+                    .getProperty(current, AuthorityMigrationPatch.PROP_MEMBERS));
+            if (members != null)
+            {
+                for (String user : members)
+                {
+                    // Believe it or not, some old authorities have null members in them!
+                    if (user != null
+                            && (!existed || !this.authorityService.getContainingAuthorities(AuthorityType.GROUP, user,
+                                    true).contains(authorityName)))
+                    {
+                        this.authorityService.addAuthority(authorityName, user);
+                    }
+                }
+            }
+            processedCount += migrateAuthorities(authorityName, current);
+        }
+        return processedCount;
+    }
+
+    /**
+     * Gets the old authority container.
+     * 
+     * @return Returns the old authority container or <code>null</code> if not found
+     */
+    private NodeRef getAuthorityContainer()
+    {
+        NodeRef rootNodeRef = this.nodeService.getRootNode(this.userBootstrap.getStoreRef());
+        QName qnameAssocSystem = QName.createQName("sys", "system", this.namespaceService);
+        List<ChildAssociationRef> results = this.nodeService.getChildAssocs(rootNodeRef, RegexQNamePattern.MATCH_ALL,
+                qnameAssocSystem);
+        NodeRef sysNodeRef = null;
+        if (results.size() == 0)
+        {
+            return null;
+        }
+        else
+        {
+            sysNodeRef = results.get(0).getChildRef();
+        }
+        QName qnameAssocAuthorities = QName.createQName("sys", "authorities", this.namespaceService);
+        results = this.nodeService.getChildAssocs(sysNodeRef, RegexQNamePattern.MATCH_ALL, qnameAssocAuthorities);
+        NodeRef authNodeRef = null;
+        if (results.size() == 0)
+        {
+            return null;
+        }
+        else
+        {
+            authNodeRef = results.get(0).getChildRef();
+        }
+        return authNodeRef;
+    }
+
+    /*
+     * (non-Javadoc)
+     * @see org.alfresco.repo.admin.patch.AbstractPatch#applyInternal()
+     */
+    @Override
+    protected String applyInternal() throws Exception
+    {
+        int processedCount = 0;
+        NodeRef authorityContainer = getAuthorityContainer();
+        if (authorityContainer != null)
+        {
+            processedCount = migrateAuthorities(null, authorityContainer);
+        }
+        // build the result message
+        return I18NUtil.getMessage(AuthorityMigrationPatch.MSG_SUCCESS, processedCount);
+    }
+}
--- a/source/java/org/alfresco/repo/admin/patch/impl/MoveWCMToGroupBasedPermissionsPatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/MoveWCMToGroupBasedPermissionsPatch.java
@@ -203,7 +203,7 @@ public class MoveWCMToGroupBasedPermissionsPatch extends AbstractPatch
            String group = this.authorityService.getName(AuthorityType.GROUP, shortName);
            if (!this.authorityService.authorityExists(group))
            {
-                String newGroup = this.authorityService.createAuthority(AuthorityType.GROUP, null, shortName);
+                String newGroup = this.authorityService.createAuthority(AuthorityType.GROUP, shortName);
                this.permissionService.setPermission(dirRef, newGroup, permission, true);
            }
        }
--- a/source/java/org/alfresco/repo/admin/patch/impl/SitePermissionRefactorPatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/SitePermissionRefactorPatch.java
@@ -100,7 +100,6 @@ public class SitePermissionRefactorPatch extends AbstractPatch
 	            // Create the site's groups
 	            String siteGroup = authorityService.createAuthority(
 	                    AuthorityType.GROUP, 
-	                    null, 
 	                    ((SiteServiceImpl)this.siteService).getSiteGroup(siteInfo.getShortName(), 
 	                    false));
 	            Set<String> permissions = permissionService.getSettablePermissions(SiteModel.TYPE_SITE);
@@ -109,11 +108,11 @@ public class SitePermissionRefactorPatch extends AbstractPatch
 	                // Create a group for the permission
 	                String permissionGroup = authorityService.createAuthority(
 	                                            AuthorityType.GROUP, 
-	                                            siteGroup, 
 	                                            ((SiteServiceImpl)this.siteService).getSiteRoleGroup(
 	                                                    siteInfo.getShortName(), 
 	                                                    permission, 
 	                                                    false));
+	                authorityService.addAuthority(siteGroup, permissionGroup);
 	                
 	                // Assign the group the relevant permission on the site
 	                permissionService.setPermission(siteInfo.getNodeRef(), permissionGroup, permission, true);
--- a/source/java/org/alfresco/repo/admin/patch/impl/TopLevelGroupParentChildAssociationTypePatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/TopLevelGroupParentChildAssociationTypePatch.java
@@ -30,9 +30,9 @@ import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.i18n.I18NUtil;
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.admin.patch.AbstractPatch;
-import org.alfresco.repo.security.authority.AuthorityDAOImpl;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.service.namespace.RegexQNamePattern;

@@ -73,7 +73,7 @@ public class TopLevelGroupParentChildAssociationTypePatch extends AbstractPatch
        QName qnameAssocAuthorities = QName.createQName("sys", "authorities", this.namespaceService);

       
-        NodeRef rootNodeRef = nodeService.getRootNode(AuthorityDAOImpl.STOREREF_USERS);
+        NodeRef rootNodeRef = nodeService.getRootNode(new StoreRef("user", "alfrescoUserStore"));
        List<ChildAssociationRef> results = nodeService.getChildAssocs(rootNodeRef, RegexQNamePattern.MATCH_ALL,
                qnameAssocSystem);
        NodeRef sysNodeRef = null;