Merge remote-tracking branch 'remotes/origin/release/V3.2.0.x' into merge-3.2/MNT-21292_DownloadViaPost

# Conflicts: # rm-enterprise/rm-enterprise-repo/src/main/java/org/alfresco/repo/search/impl/solr/ExtendedSolrQueryHTTPClient.java
2025-07-31 17:39:05 +00:00 · 2020-02-24 15:26:38 +02:00
parent 474eb8e7c4 7604b96b88
commit e30bc9510c
6 changed files with 58 additions and 21 deletions
--- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java
+++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/AssocPolicy.java
@@ -27,8 +27,12 @@

 package org.alfresco.module.org_alfresco_module_rm.capability.policy;

+import net.sf.acegisecurity.vote.AccessDecisionVoter;
 import org.alfresco.module.org_alfresco_module_rm.capability.impl.ViewRecordsCapability;
+import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.PermissionService;
 import org.aopalliance.intercept.MethodInvocation;

 public class AssocPolicy extends AbstractBasePolicy
@@ -40,8 +44,48 @@ public class AssocPolicy extends AbstractBasePolicy
            Class[] params,
            ConfigAttributeDefinition cad)
    {
-        NodeRef testNodeRef = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent());
-        return getCapabilityService().getCapability(ViewRecordsCapability.NAME).evaluate(testNodeRef);
+        NodeRef source = null;
+        if (cad.getParameters().get(0) > -1)
+        {
+            source = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent());
+        }
+
+        NodeRef target = null;
+        if (cad.getParameters().get(1) > -1)
+        {
+            target = getTestNode(invocation, params, cad.getParameters().get(1), cad.isParent());
+        }
+
+        if (source != null && target != null)
+        {
+            // check the source node ref is a file plan component
+            if (nodeService.hasAspect(source, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
+            {
+                return getCapabilityService().getCapability(ViewRecordsCapability.NAME).evaluate(source);
+            }
+            else
+            {
+                final boolean isFilePlanComponent = nodeService.hasAspect(target, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT);
+                final boolean hasViewRecordCapability = getCapabilityService().hasCapability(target, ViewRecordsCapability.NAME);
+                // allow association between a source non rm node and an rm node if the user
+                // has ViewRecordsCapability on the RM target node and  write properties on the dm node
+                if ( isFilePlanComponent &&
+                        hasViewRecordCapability &&
+                        permissionService.hasPermission(source, PermissionService.WRITE_PROPERTIES).equals(AccessStatus.ALLOWED))
+                {
+                    return AccessDecisionVoter.ACCESS_GRANTED;
+                }
+                else
+                {
+                    return AccessDecisionVoter.ACCESS_DENIED;
+                }
+            }
+        }
+        else
+        {
+            return AccessDecisionVoter.ACCESS_DENIED;
+        }
    }

 }
+