RM-618: User with 'ManageRules' capability can not manage rules.

* work around hard coded permission check in code rule service * lock down methods with manage rule capability git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@47626 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2013-03-06 08:15:54 +00:00
parent b59c98765e
commit d8c5c56d4e
2 changed files with 27 additions and 4 deletions
--- a/rm-server/source/java/org/alfresco/repo/rule/ExtendedRuleServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/repo/rule/ExtendedRuleServiceImpl.java
@@ -23,6 +23,7 @@ import java.util.Set;
 import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
 import org.alfresco.module.org_alfresco_module_rm.security.FilePlanAuthenticationService;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.rule.Rule;

@@ -55,6 +56,28 @@ public class ExtendedRuleServiceImpl extends RuleServiceImpl
        this.recordsManagementService = recordsManagementService;
    }
    
+    @Override
+    public void saveRule(final NodeRef nodeRef, final Rule rule)
+    {
+        if (recordsManagementService.isFilePlanComponent(nodeRef) == true && runAsRmAdmin == true)
+        {     
+            AuthenticationUtil.runAsSystem(new RunAsWork<Void>()
+            {
+                @Override
+                public Void doWork() throws Exception
+                {
+                    ExtendedRuleServiceImpl.super.saveRule(nodeRef, rule);
+                    return null;
+                }
+                
+            });
+        }
+        else
+        {
+            saveRule(nodeRef, rule);
+        }
+    }
+    
    @Override
    public void executeRule(final Rule rule, final NodeRef nodeRef, final Set<ExecutedRuleData> executedRules)
    {