Merge release/V2.4 into release/V2.5.

2025-07-31 17:39:05 +00:00 · 2016-10-28 13:31:20 +01:00
parent 4117e6df47 d8ac78ee45
commit ddb0c9d8e6
7 changed files with 193 additions and 8 deletions
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/permission/RecordsManagementPermissionPostProcessor.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/permission/RecordsManagementPermissionPostProcessor.java
@@ -27,6 +27,8 @@

 package org.alfresco.module.org_alfresco_module_rm.permission;

+import java.util.List;
+
 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.repo.security.permissions.processor.impl.PermissionPostProcessorBaseImpl;
@@ -55,20 +57,21 @@ public class RecordsManagementPermissionPostProcessor extends PermissionPostProc
 	 * @see org.alfresco.repo.security.permissions.processor.PermissionPostProcessor#process(org.alfresco.service.cmr.security.AccessStatus, org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
 	 */
 	@Override
-	public AccessStatus process(AccessStatus accessStatus, NodeRef nodeRef, String perm) 
+	public AccessStatus process(AccessStatus accessStatus, NodeRef nodeRef, String perm,
+								List configuredReadPermissions, List configuredFilePermissions)
 	{
 		AccessStatus result = accessStatus;
 		if (AccessStatus.DENIED.equals(accessStatus) &&
            nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
 		{        
 			// if read denied on rm artifact
-	        if (PermissionService.READ.equals(perm))
+	        if (PermissionService.READ.equals(perm) || configuredReadPermissions.contains(perm))
 	        {
 	        	// check for read record
 	            result = permissionService.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS);
 	        }
 	        // if write deinied on rm artificat
-	        else if (PermissionService.WRITE.equals(perm) || PermissionService.ADD_CHILDREN.equals(perm))
+	        else if (PermissionService.WRITE.equals(perm) || configuredFilePermissions.contains(perm))
 	        {
 	        	// check for file record
 	        	result = permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS);
--- a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
@@ -30,6 +30,7 @@ package org.alfresco.repo.security.permissions.impl;
 import static org.apache.commons.lang.StringUtils.isNotBlank;

 import java.io.Serializable;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
@@ -40,6 +41,7 @@ import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
 import org.alfresco.repo.cache.SimpleCache;
+
 import org.alfresco.repo.security.permissions.AccessControlEntry;
 import org.alfresco.repo.security.permissions.AccessControlList;
 import org.alfresco.repo.security.permissions.processor.PermissionPostProcessor;
@@ -55,6 +57,7 @@ import org.alfresco.util.PropertyCheck;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.context.ApplicationEvent;

+
 /**
 * Extends the core permission service implementation allowing the consideration of the read records permission.
 * <p>
@@ -67,6 +70,20 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
    /** Writers simple cache */
    protected SimpleCache<Serializable, Set<String>> writersCache;

+    /**
+     * Configured Permission mapping.
+     * <p>
+     * This string comes from alfresco-global.properties and allows fine tuning of the how permissions are mapped.
+     * This was added as a fix for MNT-16852 to enhance compatibility with our Outlook Integration.
+     */
+    protected List<String> configuredReadPermissions;
+    /**
+     * Configured Permission mapping.
+     * <p>
+     * This string also comes from alfresco-global.properties.
+     */
+    protected List<String> configuredFilePermissions;
+
    /** File plan service */
    private FilePlanService filePlanService;

@@ -124,6 +141,28 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
        this.writersCache = writersCache;
    }

+    /**
+     * Maps the string from the properties file (rm.haspermissionmap.read)
+     * to the list used in the hasPermission method
+     *
+     * @param readMapping the mapping of permissions to ReadRecord
+     */
+    public void setConfiguredReadPermissions(String readMapping)
+    {
+        this.configuredReadPermissions = Arrays.asList(readMapping.split(","));
+    }
+
+    /**
+     * Maps the string set in the properties file (rm.haspermissionmap.write)
+     * to the list used in the hasPermission method
+     *
+     * @param fileMapping the mapping of permissions to FileRecord
+     */
+    public void setConfiguredFilePermissions(String fileMapping)
+    {
+        this.configuredFilePermissions = Arrays.asList(fileMapping.split(","));
+    }
+
    /**
     * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#onBootstrap(org.springframework.context.ApplicationEvent)
     */
@@ -166,7 +205,7 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl impleme
            for (PermissionPostProcessor postProcessor : postProcessors)
            {
                // post process permission
-                result = postProcessor.process(result, nodeRef, perm);
+                result = postProcessor.process(result, nodeRef, perm, this.configuredReadPermissions, this.configuredFilePermissions);
            }
        }
        return result;
--- a/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/processor/PermissionPostProcessor.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/repo/security/permissions/processor/PermissionPostProcessor.java
@@ -27,6 +27,8 @@

 package org.alfresco.repo.security.permissions.processor;

+import java.util.List;
+
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.AccessStatus;

@@ -46,7 +48,9 @@ public interface PermissionPostProcessor
 	 * @param  accessStatus			current access status
 	 * @param  nodeRef				node reference
 	 * @param  perm					permission
+	 *
 	 * @return {@link AccessStatus}
 	 */
-	AccessStatus process(AccessStatus accessStatus, NodeRef nodeRef, String perm);		
+	AccessStatus process(AccessStatus accessStatus, NodeRef nodeRef, String perm,
+						List configuredReadPermissions, List configuredFilePermissions);
 }