mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
Merged HEAD-BUG-FIX (4.3/Cloud) to HEAD (4.3/Cloud)
69924: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud)
69817: Merged V4.1-BUG-FIX (4.1.9) to V4.2-BUG-FIX (4.2.3)
69777: Merged DEV to V4.1-BUG-FIX (4.1.9)
69741: MNT-10023: Activities - deletions may not be listed
- Implemented functionality that will check original parent node permission (even if it has been archived too), when archived node has not read permission with inherit flag (true). This approach is used for appropriate feed creation.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@70456 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
@@ -27,6 +27,7 @@ import java.util.Map;
|
|||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.alfresco.error.AlfrescoRuntimeException;
|
import org.alfresco.error.AlfrescoRuntimeException;
|
||||||
|
import org.alfresco.model.ContentModel;
|
||||||
import org.alfresco.query.PagingRequest;
|
import org.alfresco.query.PagingRequest;
|
||||||
import org.alfresco.repo.activities.feed.FeedTaskProcessor;
|
import org.alfresco.repo.activities.feed.FeedTaskProcessor;
|
||||||
import org.alfresco.repo.activities.feed.RepoCtx;
|
import org.alfresco.repo.activities.feed.RepoCtx;
|
||||||
@@ -41,6 +42,7 @@ import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|||||||
import org.alfresco.repo.template.ClassPathRepoTemplateLoader;
|
import org.alfresco.repo.template.ClassPathRepoTemplateLoader;
|
||||||
import org.alfresco.repo.tenant.TenantService;
|
import org.alfresco.repo.tenant.TenantService;
|
||||||
import org.alfresco.repo.tenant.TenantUtil;
|
import org.alfresco.repo.tenant.TenantUtil;
|
||||||
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
||||||
import org.alfresco.service.cmr.repository.ContentService;
|
import org.alfresco.service.cmr.repository.ContentService;
|
||||||
import org.alfresco.service.cmr.repository.NodeRef;
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
import org.alfresco.service.cmr.repository.NodeService;
|
import org.alfresco.service.cmr.repository.NodeService;
|
||||||
@@ -397,10 +399,11 @@ public class LocalFeedTaskProcessor extends FeedTaskProcessor implements Applica
|
|||||||
{
|
{
|
||||||
// note: deleted node does not exist (hence no permission, although default permission check would return true which is problematic)
|
// note: deleted node does not exist (hence no permission, although default permission check would return true which is problematic)
|
||||||
final NodeRef checkNodeRef;
|
final NodeRef checkNodeRef;
|
||||||
|
NodeRef parentToCheckNodeRef = null;
|
||||||
if (nodeService.exists(nodeRef))
|
if (nodeService.exists(nodeRef))
|
||||||
{
|
{
|
||||||
checkNodeRef = nodeRef;
|
checkNodeRef = nodeRef;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// TODO: require ghosting - this is temp workaround (we should not rely on archive - may be permanently deleted, ie. not archived or already purged)
|
// TODO: require ghosting - this is temp workaround (we should not rely on archive - may be permanently deleted, ie. not archived or already purged)
|
||||||
@@ -409,6 +412,16 @@ public class LocalFeedTaskProcessor extends FeedTaskProcessor implements Applica
|
|||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
// MNT-10023
|
||||||
|
if (permissionService.getInheritParentPermissions(archiveNodeRef))
|
||||||
|
{
|
||||||
|
ChildAssociationRef originalParentAssoc = (ChildAssociationRef) nodeService.getProperty(archiveNodeRef, ContentModel.PROP_ARCHIVED_ORIGINAL_PARENT_ASSOC);
|
||||||
|
if (originalParentAssoc != null)
|
||||||
|
{
|
||||||
|
parentToCheckNodeRef = originalParentAssoc.getParentRef();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
checkNodeRef = archiveNodeRef;
|
checkNodeRef = archiveNodeRef;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -426,18 +439,31 @@ public class LocalFeedTaskProcessor extends FeedTaskProcessor implements Applica
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (parentToCheckNodeRef != null)
|
||||||
|
{
|
||||||
|
return canReadImpl(connectedUser, parentToCheckNodeRef);
|
||||||
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// user feed
|
// user feed
|
||||||
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Boolean>()
|
boolean allow = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Boolean>()
|
||||||
{
|
{
|
||||||
public Boolean doWork() throws Exception
|
public Boolean doWork() throws Exception
|
||||||
{
|
{
|
||||||
return (permissionService.hasPermission(checkNodeRef, PermissionService.READ) == AccessStatus.ALLOWED);
|
return (permissionService.hasPermission(checkNodeRef, PermissionService.READ) == AccessStatus.ALLOWED);
|
||||||
}
|
}
|
||||||
}, connectedUser);
|
}, connectedUser);
|
||||||
|
|
||||||
|
if (!allow && parentToCheckNodeRef != null)
|
||||||
|
{
|
||||||
|
allow = canReadImpl(connectedUser, parentToCheckNodeRef);
|
||||||
|
}
|
||||||
|
|
||||||
|
return allow;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
finally
|
finally
|
||||||
|
|||||||
Reference in New Issue
Block a user