RM: Add CreateRecord capability

* an assignable capability * performs as the missing 'filling' capability * also added a unassignable capability for HideRecords * ensures that extended writers .. ie users that have temporary filling permission on records .. can not then fileTo or reject records git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@46408 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-10-08 14:51:49 +00:00 · 2013-02-08 05:05:30 +00:00
parent 6cb7541653
commit d72f12738f
10 changed files with 70 additions and 325 deletions
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-record-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-record-context.xml
@@ -10,6 +10,23 @@
      <property name="group"><ref bean="recordsGroup"/></property>
      <property name="index" value="30" />
   </bean>
+   
+   <bean id="rmCreateRecordsCapability"
+      parent="declarativeCapability">
+      <property name="name" value="CreateRecords"/>
+      <property name="group"><ref bean="recordsGroup"/></property>
+      <property name="index" value="35" />
+      <property name="permission" value="CreateRecords"/>
+      <property name="conditions">
+         <map>
+            <entry key="capabilityCondition.filling" value="true"/>
+            <entry key="capabilityCondition.frozen" value="false"/>
+            <entry key="capabilityCondition.cutoff" value="false"/>
+            <entry key="capabilityCondition.closed" value="false"/>
+            <entry key="capabilityCondition.declared" value="false"/>
+         </map>
+      </property>
+   </bean>

   <bean id="rmUndeclareRecordsCapability"
      parent="declarativeCapability">
@@ -54,27 +71,12 @@
      <property name="index" value="20" />
   </bean>

-   <bean id="rmFileCapability"
-      parent="declarativeCapability">
-      <property name="name" value="File"/>
-      <property name="private" value="true"/>
-      <property name="conditions">
-         <map>
-            <entry key="capabilityCondition.filling" value="true"/>
-            <entry key="capabilityCondition.frozen" value="false"/>
-            <entry key="capabilityCondition.cutoff" value="false"/>
-            <entry key="capabilityCondition.closed" value="false"/>
-            <entry key="capabilityCondition.declared" value="false"/>
-         </map>
-      </property>
-   </bean>
-
   <bean id="rmFileRecordsCapability"
      parent="compositeCapability">
      <property name="name" value="FileRecords" />
      <property name="capabilities">
         <list>
-            <ref bean="rmFileCapability"/>
+            <ref bean="rmCreateRecordsCapability"/>
            <ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
         </list>
      </property>
@@ -253,5 +255,20 @@
         </map>
      </property>
   </bean>
+   
+   <bean id="rmHideRecordsCapability" 
+      parent="declarativeCapability">
+      <property name="name" value="HideRecords"/>	  
+      <property name="private" value="true" />
+      <property name="conditions">
+         <map>
+            <entry key="capabilityCondition.filling" value="true"/>
+            <entry key="capabilityCondition.frozen" value="false"/>
+            <entry key="capabilityCondition.cutoff" value="false"/>
+            <entry key="capabilityCondition.closed" value="false"/>
+            <entry key="capabilityCondition.declared" value="false"/>
+         </map>
+      </property>
+   </bean>

 </beans>
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties
@@ -3,6 +3,7 @@ capability.group.records.title=Records
 capability.DeclareRecords.title=Declare Records
 capability.ViewRecords.title=View Records
 capability.UndeclareRecords.title=Undeclare Records
+capability.CreateRecords.title=Create Records

 # Metadata Control
 capability.group.metadataControl.title=Metadata Control
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/model/recordsPermissionModel.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/model/recordsPermissionModel.xml
@@ -13,102 +13,6 @@
    </namespaces>
    
    <permissionSet expose="selected" type="rma:filePlanComponent">
-        <permissionGroup name="User" allowFullControl="false" expose="true">
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ViewRecords"/>
-        </permissionGroup>
-        
-        <permissionGroup name="PowerUser" allowFullControl="false" expose="true">
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ViewRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditNonRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AddModifyEventDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CloseFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecordsInClosedFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ReOpenFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CycleVitalRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="PlanningReviewCycles"/>
-        </permissionGroup>
-        
-        <permissionGroup name="SecurityOfficer" allowFullControl="false" expose="true">
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ViewRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditNonRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AddModifyEventDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CloseFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecordsInClosedFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ReOpenFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CycleVitalRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="PlanningReviewCycles"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateClassificationDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyClassificationGuides"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpgradeDowngradeAndDeclassifyRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateExemptionCategories"/>
-        </permissionGroup>
-        
-        <permissionGroup name="RecordsManager" allowFullControl="false" expose="true">
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ViewRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditNonRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AddModifyEventDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CloseFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecordsInClosedFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ReOpenFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CycleVitalRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="PlanningReviewCycles"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateTriggerDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyEvents"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ManageAccessRights"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="MoveRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ChangeOrDeleteReferences"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeleteLinks"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditDeclaredRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ManuallyChangeDispositionDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ApproveRecordsScheduledForCutoff"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyRecordsInCutoffFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ExtendRetentionPeriodOrFreeze"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="Unfreeze"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ViewUpdateReasonsForFreeze"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DestroyRecordsScheduledForDestruction"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DestroyRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateVitalRecordCycleInformation"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UndeclareRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareAuditAsRecord"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeleteAudit"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyTimeframes"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AuthorizeNominatedTransfers"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditSelectionLists"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AuthorizeAllTransfers"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyFileplanMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateAndAssociateSelectionLists"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AttachRulesToMetadataProperties"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyFileplanTypes"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyRecordTypes"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="MakeOptionalParametersMandatory"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="MapEmailMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeleteRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="TriggerAnEvent"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyRoles"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyUsersAndGroups"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="PasswordControl"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EnableDisableAuditByTypes"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="SelectAuditMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DisplayRightsReport"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AccessAudit"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ExportAudit"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyReferenceTypes"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateClassificationDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyClassificationGuides"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpgradeDowngradeAndDeclassifyRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateExemptionCategories"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="MapClassificationGuideMetadata"/>
-        </permissionGroup>
        
        <!-- An RM administrator does not have admin rights to the full DM repo -->
        <!-- On no account should allowFullControl="true" be set here -->
@@ -174,7 +78,9 @@
            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="MapClassificationGuideMetadata"/>
            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ManageAccessControls"/>
            <!-- Administrator has filing rights to all records - no other role does -->
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="Filing"/>
+            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="Filing"/>            
+            <!--  Since V2.1 -->
+            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateRecords"/>
        </permissionGroup>
        
        <permissionGroup name="Filing" allowFullControl="false" expose="true">
@@ -245,6 +151,12 @@
        <permissionGroup name="MapClassificationGuideMetadata" expose="false" allowFullControl="false"/>
        <permissionGroup name="ManageAccessControls" expose="false" allowFullControl="false"/>
        
+        <!--  Added since V2.1 -->
+        
+        <permissionGroup name="CreateRecords" expose="false" allowFullControl="false"/>
+        
+        <!--  End -->
+        
        <permission name="_ReadRecords" expose="false">
            <grantedToGroup permissionGroup="ReadRecords"/>
        </permission>
@@ -485,6 +397,12 @@
            <grantedToGroup permissionGroup="ManageAccessControls"/>
        </permission>
        
+        <!--  Added since V2.1 -->
+        
+        <permission name="_CreateRecords" expose="false">
+            <grantedToGroup permissionGroup="CreateRecords"/>
+        </permission>
+        
    </permissionSet>
    
 </permissions>
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
@@ -694,7 +694,7 @@
            <value>RECORD</value>
         </set>
      </property>
-      <property name="capability" value="FileRecords" />
+      <property name="capability" value="HideRecords" />
   </bean>

 </beans>
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json
@@ -17,6 +17,7 @@
      [
         "DeclareRecords",
         "ViewRecords",
+          "CreateRecords",
         "CreateModifyDestroyFolders",
         "EditRecordMetadata",
         "EditNonRecordMetadata",
@@ -36,6 +37,7 @@
      [
          "DeclareRecords",
          "ViewRecords",
+          "CreateRecords",
          "CreateModifyDestroyFolders",
          "EditRecordMetadata",
          "EditNonRecordMetadata",
@@ -58,7 +60,8 @@
      "capabilities" :
      [
          "DeclareRecords",
-          "ViewRecords",
+          "ViewRecords",          
+          "CreateRecords",
          "CreateModifyDestroyFolders",
          "EditRecordMetadata",
          "EditNonRecordMetadata",
@@ -125,6 +128,7 @@
      [
          "DeclareRecords",
          "ViewRecords",
+          "CreateRecords",
          "CreateModifyDestroyFolders",
          "EditRecordMetadata",
          "EditNonRecordMetadata",