mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
Merged V2.1 to HEAD:\
59208: RM-1115: Manage Rules action is available for a Frozen folder - Added condition that manage rules isn't shown for frozen folders
59343: RM-1114: 'Loading the Document Library' message is displayed on a New Rule page in RM Site - Added appropriate message.loading properties to all languages for rule-details.get and rule-edit.get where this message is used
59361: RM-1105: Adding the RM module causes exceptions when listing the existing audit applications through the audit webscript - Added a try/catch for a ClassCastException around the check to see if the returned object contained a PROP_HOLD_REASON in the RMAfterInvocationProvider. The reason for this is that the containsKeys method will throw a class cast exception if we attempt to see if the keys contain an instance of QName if the returnedObject instance is a TreeMap containing strings as is the case when listing the audit applications through the RESTful interface.
59510: RM-1087: Increase default max number of site pages to 5 instead of 3 - Increased default maximum number of sites pages to 5 in rm-share-config.xml. This threw up an issue in the code that adds the RM Console widget so fixed that too. Important test case for this are that the number of widgets added to the site are smaller than, equal to and greater than the maximum displayed to ensure that the code adding the RM console is fully exercised.
60429: RM-1162: CLONE - Alfresco 4.2.1 could not start with RM module
* see MNT-10259
60430: RM-1162: CLONE - Alfresco 4.2.1 could not start with RM module
* see MNT-10259
* missed files
60431: RM-1162: CLONE - Alfresco 4.2.1 could not start with RM module
* failing tests
* see MNT-10259
60478: RM-1174 (Unable to view record details)
60698: RM-1175: Internal Error on details page of category/folder/record
60699: RM-1177: User's name link on User Rights Report page directs to Admin Console instead of User Profile Page
60700: RM-1176: Couldn't load email mappings
61227: RM-1164: RM 2.1.1 core language bundle refresh
62414: RM-1165 (RM 2.1.1 translation into Simplified Chineese)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@62565 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
@@ -951,24 +951,32 @@ public class RMAfterInvocationProvider extends RMSecurityCommon
|
||||
@SuppressWarnings({"unchecked", "rawtypes" })
|
||||
private Map decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Map returnedObject) throws AccessDeniedException
|
||||
{
|
||||
if (returnedObject.containsKey(RecordsManagementModel.PROP_HOLD_REASON))
|
||||
{
|
||||
HashMap filtered = new HashMap();
|
||||
filtered.putAll(returnedObject);
|
||||
// get the node ref from the properties or delete
|
||||
String protocol = DefaultTypeConverter.INSTANCE.convert(String.class, filtered.get(ContentModel.PROP_STORE_PROTOCOL));
|
||||
String identifier = DefaultTypeConverter.INSTANCE.convert(String.class, filtered.get(ContentModel.PROP_STORE_IDENTIFIER));
|
||||
String uuid = DefaultTypeConverter.INSTANCE.convert(String.class, filtered.get(ContentModel.PROP_NODE_UUID));
|
||||
StoreRef storeRef = new StoreRef(protocol, identifier);
|
||||
NodeRef nodeRef = new NodeRef(storeRef, uuid);
|
||||
if ((nodeRef == null) || (permissionService.hasPermission(filePlanService.getFilePlan(nodeRef), RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE) != AccessStatus.ALLOWED))
|
||||
try {
|
||||
if (returnedObject.containsKey(RecordsManagementModel.PROP_HOLD_REASON))
|
||||
{
|
||||
filtered.remove(RecordsManagementModel.PROP_HOLD_REASON);
|
||||
HashMap filtered = new HashMap();
|
||||
filtered.putAll(returnedObject);
|
||||
// get the node ref from the properties or delete
|
||||
String protocol = DefaultTypeConverter.INSTANCE.convert(String.class, filtered.get(ContentModel.PROP_STORE_PROTOCOL));
|
||||
String identifier = DefaultTypeConverter.INSTANCE.convert(String.class, filtered.get(ContentModel.PROP_STORE_IDENTIFIER));
|
||||
String uuid = DefaultTypeConverter.INSTANCE.convert(String.class, filtered.get(ContentModel.PROP_NODE_UUID));
|
||||
StoreRef storeRef = new StoreRef(protocol, identifier);
|
||||
NodeRef nodeRef = new NodeRef(storeRef, uuid);
|
||||
if ((nodeRef == null) ||
|
||||
(permissionService.hasPermission(getFilePlanService().getFilePlan(nodeRef), RMPermissionModel.VIEW_UPDATE_REASONS_FOR_FREEZE) != AccessStatus.ALLOWED))
|
||||
{
|
||||
filtered.remove(RecordsManagementModel.PROP_HOLD_REASON);
|
||||
}
|
||||
return filtered;
|
||||
}
|
||||
else
|
||||
{
|
||||
return returnedObject;
|
||||
}
|
||||
return filtered;
|
||||
}
|
||||
else
|
||||
catch(ClassCastException ex)
|
||||
{
|
||||
// This will happen if returnedObject is an instance of TreeMap containing anything other than instances of QName
|
||||
return returnedObject;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -59,7 +59,7 @@ public class RMEntryVoter extends RMSecurityCommon
|
||||
|
||||
/** Policy map */
|
||||
private HashMap<String, Policy> policies = new HashMap<String, Policy>();
|
||||
|
||||
|
||||
/**
|
||||
* @param capabilityService capability service
|
||||
*/
|
||||
|
||||
@@ -20,7 +20,6 @@ package org.alfresco.module.org_alfresco_module_rm.capability;
|
||||
|
||||
import net.sf.acegisecurity.vote.AccessDecisionVoter;
|
||||
|
||||
import org.alfresco.error.AlfrescoRuntimeException;
|
||||
import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent;
|
||||
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
|
||||
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||
@@ -36,6 +35,9 @@ import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ApplicationContextAware;
|
||||
|
||||
|
||||
/**
|
||||
@@ -46,7 +48,7 @@ import org.apache.commons.logging.LogFactory;
|
||||
* @author Roy Wetherall
|
||||
* @since 2.0
|
||||
*/
|
||||
public class RMSecurityCommon
|
||||
public class RMSecurityCommon implements ApplicationContextAware
|
||||
{
|
||||
/** No set value */
|
||||
protected int NOSET_VALUE = -100;
|
||||
@@ -58,8 +60,20 @@ public class RMSecurityCommon
|
||||
protected NodeService nodeService; //This is the internal NodeService -- no permission checks
|
||||
protected PermissionService permissionService;
|
||||
protected RMCaveatConfigComponent caveatConfigComponent;
|
||||
protected FilePlanService filePlanService;
|
||||
private FilePlanService filePlanService;
|
||||
|
||||
/** Application context */
|
||||
protected ApplicationContext applicationContext;
|
||||
|
||||
/**
|
||||
* @see org.springframework.context.ApplicationContextAware#setApplicationContext(org.springframework.context.ApplicationContext)
|
||||
*/
|
||||
@Override
|
||||
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
|
||||
{
|
||||
this.applicationContext = applicationContext;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param nodeService node service
|
||||
*/
|
||||
@@ -85,12 +99,16 @@ public class RMSecurityCommon
|
||||
}
|
||||
|
||||
/**
|
||||
* @param filePlanService file plan service
|
||||
* @return FilePlanService file plan service
|
||||
*/
|
||||
public void setFilePlanService(FilePlanService filePlanService)
|
||||
protected FilePlanService getFilePlanService()
|
||||
{
|
||||
this.filePlanService = filePlanService;
|
||||
}
|
||||
if (filePlanService == null)
|
||||
{
|
||||
filePlanService = (FilePlanService)applicationContext.getBean("filePlanService");
|
||||
}
|
||||
return filePlanService;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets a value into the transaction cache
|
||||
@@ -195,17 +213,8 @@ public class RMSecurityCommon
|
||||
}
|
||||
|
||||
// Get the file plan for the node
|
||||
NodeRef filePlan = filePlanService.getFilePlan(nodeRef);
|
||||
NodeRef filePlan = getFilePlanService().getFilePlan(nodeRef);
|
||||
|
||||
// Admin role
|
||||
//if (permissionService.hasPermission(filePlan, RMPermissionModel.ROLE_ADMINISTRATOR) == AccessStatus.ALLOWED)
|
||||
//{
|
||||
// if (logger.isDebugEnabled())
|
||||
// {
|
||||
// logger.debug("\t\tAdmin user, access granted. (nodeRef=" + nodeRef.toString() + ", user=" + AuthenticationUtil.getRunAsUser() + ")");
|
||||
// }
|
||||
// return setTransactionCache("checkRmRead", nodeRef, AccessDecisionVoter.ACCESS_GRANTED);
|
||||
// }
|
||||
|
||||
if (permissionService.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS) == AccessStatus.DENIED)
|
||||
{
|
||||
@@ -242,16 +251,11 @@ public class RMSecurityCommon
|
||||
NodeRef testNodeRef = null;
|
||||
if (position < 0)
|
||||
{
|
||||
testNodeRef = filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID);
|
||||
if (testNodeRef == null)
|
||||
{
|
||||
throw new AlfrescoRuntimeException("Unable to find default file plan node.");
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled())
|
||||
{
|
||||
logger.debug("\tPermission test against the file plan node " + nodeService.getPath(testNodeRef));
|
||||
logger.debug("\tNothing to test permission against.");
|
||||
}
|
||||
testNodeRef = null;
|
||||
}
|
||||
else if (StoreRef.class.isAssignableFrom(params[position]))
|
||||
{
|
||||
|
||||
@@ -33,24 +33,17 @@ import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.security.AccessStatus;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ApplicationContextAware;
|
||||
|
||||
/**
|
||||
* Declarative capability implementation.
|
||||
*
|
||||
* @author Roy Wetherall
|
||||
*/
|
||||
public class DeclarativeCapability extends AbstractCapability
|
||||
implements ApplicationContextAware
|
||||
public class DeclarativeCapability extends AbstractCapability
|
||||
{
|
||||
/** Logger */
|
||||
protected static Log logger = LogFactory.getLog(DeclarativeCapability.class);
|
||||
|
||||
/** Application Context */
|
||||
protected ApplicationContext applicationContext;
|
||||
|
||||
/** Required permissions */
|
||||
protected List<String> permissions;
|
||||
|
||||
@@ -66,12 +59,6 @@ public class DeclarativeCapability extends AbstractCapability
|
||||
/** Indicates whether to return an undetermined result */
|
||||
protected boolean isUndetermined = false;
|
||||
|
||||
@Override
|
||||
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
|
||||
{
|
||||
this.applicationContext = applicationContext;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param permissions permissions
|
||||
*/
|
||||
@@ -170,7 +157,7 @@ public class DeclarativeCapability extends AbstractCapability
|
||||
protected boolean checkPermissionsImpl(NodeRef nodeRef, String ... permissions)
|
||||
{
|
||||
boolean result = true;
|
||||
NodeRef filePlan = filePlanService.getFilePlan(nodeRef);
|
||||
NodeRef filePlan = getFilePlanService().getFilePlan(nodeRef);
|
||||
|
||||
for (String permission : permissions)
|
||||
{
|
||||
@@ -261,7 +248,7 @@ public class DeclarativeCapability extends AbstractCapability
|
||||
{
|
||||
boolean result = false;
|
||||
|
||||
FilePlanComponentKind actualKind = filePlanService.getFilePlanComponentKind(nodeRef);
|
||||
FilePlanComponentKind actualKind = getFilePlanService().getFilePlanComponentKind(nodeRef);
|
||||
|
||||
if (actualKind != null)
|
||||
{
|
||||
@@ -298,7 +285,7 @@ public class DeclarativeCapability extends AbstractCapability
|
||||
int result = AccessDecisionVoter.ACCESS_ABSTAIN;
|
||||
|
||||
// Check we are dealing with a file plan component
|
||||
if (filePlanService.isFilePlanComponent(nodeRef) == true)
|
||||
if (getFilePlanService().isFilePlanComponent(nodeRef) == true)
|
||||
{
|
||||
// Check the kind of the object, the permissions and the conditions
|
||||
if (checkKinds(nodeRef) == true && checkPermissions(nodeRef) == true && checkConditions(nodeRef) == true)
|
||||
|
||||
@@ -103,8 +103,8 @@ public class DeclarativeCompositeCapability extends DeclarativeCapability
|
||||
int result = AccessDecisionVoter.ACCESS_ABSTAIN;
|
||||
|
||||
// Check we are dealing with a file plan component
|
||||
if (filePlanService.isFilePlanComponent(source) == true &&
|
||||
filePlanService.isFilePlanComponent(target) == true)
|
||||
if (getFilePlanService().isFilePlanComponent(source) == true &&
|
||||
getFilePlanService().isFilePlanComponent(target) == true)
|
||||
{
|
||||
// Check the kind of the object, the permissions and the conditions
|
||||
if (checkKinds(source) == true && checkPermissions(source) == true && checkConditions(source) == true)
|
||||
|
||||
@@ -45,11 +45,11 @@ public class ChangeOrDeleteReferencesCapability extends DeclarativeCapability
|
||||
*/
|
||||
public int evaluate(NodeRef source, NodeRef target)
|
||||
{
|
||||
if (filePlanService.isFilePlanComponent(source))
|
||||
if (getFilePlanService().isFilePlanComponent(source))
|
||||
{
|
||||
if (target != null)
|
||||
{
|
||||
if (filePlanService.isFilePlanComponent(target) == true)
|
||||
if (getFilePlanService().isFilePlanComponent(target) == true)
|
||||
{
|
||||
if (checkConditions(source) == true && checkConditions(target) == true)
|
||||
{
|
||||
|
||||
@@ -39,19 +39,28 @@ import org.alfresco.service.namespace.QName;
|
||||
*/
|
||||
public class CreateCapability extends DeclarativeCapability
|
||||
{
|
||||
/** record service */
|
||||
private RecordService recordService;
|
||||
|
||||
/** record folder service */
|
||||
private RecordFolderService recordFolderService;
|
||||
|
||||
|
||||
/**
|
||||
* @param recordService record service
|
||||
*/
|
||||
public void setRecordService(RecordService recordService)
|
||||
{
|
||||
this.recordService = recordService;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param recordFolderService record folder service
|
||||
*/
|
||||
public void setRecordFolderService(RecordFolderService recordFolderService)
|
||||
{
|
||||
this.recordFolderService = recordFolderService;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
|
||||
*/
|
||||
@@ -62,6 +71,7 @@ public class CreateCapability extends DeclarativeCapability
|
||||
}
|
||||
|
||||
/**
|
||||
* Evaluate capability.
|
||||
*
|
||||
* @param destination
|
||||
* @param linkee
|
||||
@@ -79,7 +89,7 @@ public class CreateCapability extends DeclarativeCapability
|
||||
return AccessDecisionVoter.ACCESS_DENIED;
|
||||
}
|
||||
}
|
||||
if (filePlanService.isFilePlanComponent(destination))
|
||||
if (getFilePlanService().isFilePlanComponent(destination))
|
||||
{
|
||||
if ((assocType == null) || assocType.equals(ContentModel.ASSOC_CONTAINS) == false)
|
||||
{
|
||||
@@ -129,7 +139,7 @@ public class CreateCapability extends DeclarativeCapability
|
||||
{
|
||||
if (recordFolderService.isRecordFolder(destination))
|
||||
{
|
||||
if (permissionService.hasPermission(filePlanService.getFilePlan(destination), RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS) == AccessStatus.ALLOWED)
|
||||
if (permissionService.hasPermission(getFilePlanService().getFilePlan(destination), RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS) == AccessStatus.ALLOWED)
|
||||
{
|
||||
return AccessDecisionVoter.ACCESS_GRANTED;
|
||||
}
|
||||
@@ -142,7 +152,7 @@ public class CreateCapability extends DeclarativeCapability
|
||||
{
|
||||
if (recordFolderService.isRecordFolder(destination))
|
||||
{
|
||||
if (permissionService.hasPermission(filePlanService.getFilePlan(destination), RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS) == AccessStatus.ALLOWED)
|
||||
if (permissionService.hasPermission(getFilePlanService().getFilePlan(destination), RMPermissionModel.CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS) == AccessStatus.ALLOWED)
|
||||
{
|
||||
return AccessDecisionVoter.ACCESS_GRANTED;
|
||||
}
|
||||
|
||||
@@ -45,8 +45,8 @@ public class DeleteLinksCapability extends DeclarativeCapability
|
||||
*/
|
||||
public int evaluate(NodeRef source, NodeRef target)
|
||||
{
|
||||
if (filePlanService.isFilePlanComponent(source) == true &&
|
||||
filePlanService.isFilePlanComponent(target) == true)
|
||||
if (getFilePlanService().isFilePlanComponent(source) == true &&
|
||||
getFilePlanService().isFilePlanComponent(target) == true)
|
||||
{
|
||||
if (checkConditions(source) == true && checkConditions(target) == true)
|
||||
{
|
||||
|
||||
@@ -35,7 +35,7 @@ public final class ViewRecordsCapability extends DeclarativeCapability
|
||||
{
|
||||
if (nodeRef != null)
|
||||
{
|
||||
if (filePlanService.isFilePlanComponent(nodeRef) == true)
|
||||
if (getFilePlanService().isFilePlanComponent(nodeRef) == true)
|
||||
{
|
||||
return checkRmRead(nodeRef);
|
||||
}
|
||||
|
||||
@@ -39,8 +39,8 @@ public class CapabilityPolicy extends AbstractBasePolicy
|
||||
Class[] params,
|
||||
ConfigAttributeDefinition cad)
|
||||
{
|
||||
NodeRef assignee = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent());
|
||||
return capabilityService.getCapability(RMPermissionModel.MANAGE_ACCESS_CONTROLS).evaluate(assignee);
|
||||
NodeRef testNodeRef = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent());
|
||||
return capabilityService.getCapability(RMPermissionModel.MANAGE_ACCESS_CONTROLS).evaluate(testNodeRef);
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user