From d6f822caa4082169a481c5009d88c9fc11d6fa0c Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Fri, 8 Mar 2013 06:01:00 +0000 Subject: [PATCH] RM-614: Can't declare record without "Undeclare Record" capability * way access was being determined in the model security service implementation wasn't quite right git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@47784 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../rm-service-context.xml | 1 - .../security/ModelSecurityServiceImpl.java | 24 +++++-------------- 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml index 6dc4a7e278..f24fcadd17 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml @@ -655,7 +655,6 @@ - diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityServiceImpl.java index f66934e8d4..88c922d565 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityServiceImpl.java @@ -25,9 +25,8 @@ import java.util.Map; import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; +import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; -import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService; -import org.alfresco.module.org_alfresco_module_rm.role.Role; import org.alfresco.repo.node.NodeServicePolicies; import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.PolicyComponent; @@ -35,6 +34,7 @@ import org.alfresco.repo.policy.Behaviour.NotificationFrequency; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; +import org.alfresco.service.cmr.security.AccessStatus; import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.QName; import org.alfresco.util.EqualsHelper; @@ -66,9 +66,6 @@ public class ModelSecurityServiceImpl implements ModelSecurityService, /** Namespace service */ private NamespaceService namespaceService; - /** File plan role service */ - private FilePlanRoleService filePlanRoleService; - /** Records management service */ private RecordsManagementService recordsManagementService; @@ -129,14 +126,6 @@ public class ModelSecurityServiceImpl implements ModelSecurityService, this.namespaceService = namespaceService; } - /** - * @param filePlanRoleService file plan role service - */ - public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService) - { - this.filePlanRoleService = filePlanRoleService; - } - /** * @param recordsManagementService records management service */ @@ -245,16 +234,15 @@ public class ModelSecurityServiceImpl implements ModelSecurityService, NodeRef filePlan = recordsManagementService.getFilePlan(nodeRef); if (filePlan != null) - { - Set roles = filePlanRoleService.getRolesByUser(filePlan, AuthenticationUtil.getFullyAuthenticatedUser()); - for (Role role : roles) + { + for (Capability capability : artifact.getCapabilities()) { - if (Collections.disjoint(role.getCapabilities(), artifact.getCapabilities()) == false) + if (capability.hasPermission(nodeRef).equals(AccessStatus.ALLOWED) == true) { result = true; break; } - } + } } return result;