From dab885828838186c616882d5bb25ada4fd59628c Mon Sep 17 00:00:00 2001 From: Alan Davis Date: Fri, 16 May 2014 17:56:19 +0000 Subject: [PATCH] Merged HEAD-BUG-FIX (4.3/Cloud) to HEAD (4.3/Cloud) 69924: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud) 69817: Merged V4.1-BUG-FIX (4.1.9) to V4.2-BUG-FIX (4.2.3) 69777: Merged DEV to V4.1-BUG-FIX (4.1.9) 69741: MNT-10023: Activities - deletions may not be listed - Implemented functionality that will check original parent node permission (even if it has been archived too), when archived node has not read permission with inherit flag (true). This approach is used for appropriate feed creation. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@70456 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../feed/local/LocalFeedTaskProcessor.java | 32 +++++++++++++++++-- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/source/java/org/alfresco/repo/activities/feed/local/LocalFeedTaskProcessor.java b/source/java/org/alfresco/repo/activities/feed/local/LocalFeedTaskProcessor.java index e1721e4d36..c8d2594f16 100644 --- a/source/java/org/alfresco/repo/activities/feed/local/LocalFeedTaskProcessor.java +++ b/source/java/org/alfresco/repo/activities/feed/local/LocalFeedTaskProcessor.java @@ -27,6 +27,7 @@ import java.util.Map; import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; +import org.alfresco.model.ContentModel; import org.alfresco.query.PagingRequest; import org.alfresco.repo.activities.feed.FeedTaskProcessor; import org.alfresco.repo.activities.feed.RepoCtx; @@ -41,6 +42,7 @@ import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.template.ClassPathRepoTemplateLoader; import org.alfresco.repo.tenant.TenantService; import org.alfresco.repo.tenant.TenantUtil; +import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.ContentService; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; @@ -397,10 +399,11 @@ public class LocalFeedTaskProcessor extends FeedTaskProcessor implements Applica { // note: deleted node does not exist (hence no permission, although default permission check would return true which is problematic) final NodeRef checkNodeRef; + NodeRef parentToCheckNodeRef = null; if (nodeService.exists(nodeRef)) { checkNodeRef = nodeRef; - } + } else { // TODO: require ghosting - this is temp workaround (we should not rely on archive - may be permanently deleted, ie. not archived or already purged) @@ -409,6 +412,16 @@ public class LocalFeedTaskProcessor extends FeedTaskProcessor implements Applica { return false; } + // MNT-10023 + if (permissionService.getInheritParentPermissions(archiveNodeRef)) + { + ChildAssociationRef originalParentAssoc = (ChildAssociationRef) nodeService.getProperty(archiveNodeRef, ContentModel.PROP_ARCHIVED_ORIGINAL_PARENT_ASSOC); + if (originalParentAssoc != null) + { + parentToCheckNodeRef = originalParentAssoc.getParentRef(); + } + } + checkNodeRef = archiveNodeRef; } @@ -426,18 +439,31 @@ public class LocalFeedTaskProcessor extends FeedTaskProcessor implements Applica return true; } } + + if (parentToCheckNodeRef != null) + { + return canReadImpl(connectedUser, parentToCheckNodeRef); + } + return false; - } + } else { // user feed - return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() + boolean allow = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() { public Boolean doWork() throws Exception { return (permissionService.hasPermission(checkNodeRef, PermissionService.READ) == AccessStatus.ALLOWED); } }, connectedUser); + + if (!allow && parentToCheckNodeRef != null) + { + allow = canReadImpl(connectedUser, parentToCheckNodeRef); + } + + return allow; } } finally