RM-614: Can't declare record without "Undeclare Record" capability

* way access was being determined in the model security service implementation wasn't quite right



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@47784 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml

@@ -655,7 +655,6 @@
     	<property name="policyComponent" ref="policyComponent" />
     	<property name="nodeService" ref="NodeService" />
     	<property name="namespaceService" ref="namespaceService" />
-    	<property name="filePlanRoleService" ref="FilePlanRoleService" />
     	<property name="recordsManagementService" ref="RecordsManagementService" />
     </bean>
 

rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityServiceImpl.java

@@ -25,9 +25,8 @@ import java.util.Map;
 import java.util.Set;
 
 import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
+import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
-import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
-import org.alfresco.module.org_alfresco_module_rm.role.Role;
 import org.alfresco.repo.node.NodeServicePolicies;
 import org.alfresco.repo.policy.JavaBehaviour;
 import org.alfresco.repo.policy.PolicyComponent;
@@ -35,6 +34,7 @@ import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
+import org.alfresco.service.cmr.security.AccessStatus;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.util.EqualsHelper;
@@ -66,9 +66,6 @@ public class ModelSecurityServiceImpl implements ModelSecurityService,
     /** Namespace service */
     private NamespaceService namespaceService;
 
-    /** File plan role service */
-    private FilePlanRoleService filePlanRoleService;
-
     /** Records management service */
     private RecordsManagementService recordsManagementService;
 
@@ -129,14 +126,6 @@ public class ModelSecurityServiceImpl implements ModelSecurityService,
         this.namespaceService = namespaceService;
     }
 
-    /**
-     * @param filePlanRoleService   file plan role service
-     */
-    public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
-    {
-        this.filePlanRoleService = filePlanRoleService;
-    }
-
     /**
      * @param recordsManagementService  records management service
      */
@@ -245,16 +234,15 @@ public class ModelSecurityServiceImpl implements ModelSecurityService,
 
         NodeRef filePlan = recordsManagementService.getFilePlan(nodeRef);
         if (filePlan != null)
-        {
+        {            
-            Set<Role> roles = filePlanRoleService.getRolesByUser(filePlan, AuthenticationUtil.getFullyAuthenticatedUser());
+            for (Capability capability : artifact.getCapabilities())
-            for (Role role : roles)
             {
-                if (Collections.disjoint(role.getCapabilities(), artifact.getCapabilities()) == false)
+                if (capability.hasPermission(nodeRef).equals(AccessStatus.ALLOWED) == true)
                 {
                     result = true;
                     break;
                 }
-            }
+            }                
         }
 
         return result;