inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM: Deprecation of RecordsManagementSecurityService in favour of better encapsulated services

Browse Source 
* final deprecation of recordsManagementSecurityService
  * origional interface and implementation moved to compatibility area
  * deprecation context added
  * FilePlanPermission service added to handle file plan permissions



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@44829 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-12-19 08:10:09 +00:00
parent a2d46ff862
commit e4ea0fe02d
7 changed files with 461 additions and 297 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionService.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* File plan permission service.
*
* @author Roy Wetherall
* @since 2.1
*/
public interface FilePlanPermissionService
{
/**
* Sets a permission on a file plan object. Assumes allow is true. Cascades permission down to record folder.
* Cascades ReadRecord up to file plan.
*
* @param nodeRef node reference
* @param authority authority
* @param permission permission
*/
void setPermission(NodeRef nodeRef, String authority, String permission);
/**
* Deletes a permission from a file plan object. Cascades removal down to record folder.
*
* @param nodeRef node reference
* @param authority authority
* @param permission permission
*/
void deletePermission(NodeRef nodeRef, String authority, String permission);
}

274
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java → rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
View File

@@ -23,11 +23,8 @@ import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
@@ -39,19 +36,17 @@ import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Records management permission service implementation
*
* @author Roy Wetherall
* @since 2.1
*/
public class RecordsManagementSecurityServiceImpl implements RecordsManagementSecurityService,
RecordsManagementModel
public class FilePlanPermissionServiceImpl implements FilePlanPermissionService,
RecordsManagementModel
{
/** Permission service */
private PermissionService permissionService;
@@ -62,74 +57,12 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
/** Records management service */
private RecordsManagementService recordsManagementService;
/** Model security service */
private ModelSecurityService modelSecurityService;
/** Node service */
private NodeService nodeService;
/** File plan role service */
private FilePlanRoleService filePlanRoleService;
/** Logger */
private static Log logger = LogFactory.getLog(RecordsManagementSecurityServiceImpl.class);
/**
* Set the permission service
*
* @param permissionService
*/
public void setPermissionService(PermissionService permissionService)
{
this.permissionService = permissionService;
}
/**
* Set the policy component
*
* @param policyComponent
*/
public void setPolicyComponent(PolicyComponent policyComponent)
{
this.policyComponent = policyComponent;
}
/**
* Set records management service
*
* @param recordsManagementService records management service
*/
public void setRecordsManagementService(RecordsManagementService recordsManagementService)
{
this.recordsManagementService = recordsManagementService;
}
/**
* Set the node service
*
* @param nodeService
*/
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
/**
* @param modelSecurityService model security service
*/
public void setModelSecurityService(ModelSecurityService modelSecurityService)
{
this.modelSecurityService = modelSecurityService;
}
private static Log logger = LogFactory.getLog(FilePlanPermissionServiceImpl.class);
/**
* @param filePlanRoleService file plan role service
*/
public void setFilePlanRoleService(FilePlanRoleService filePlanRoleService)
{
this.filePlanRoleService = filePlanRoleService;
}
/**
* Initialisation method
*/
@@ -144,6 +77,38 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
TYPE_RECORD_FOLDER,
new JavaBehaviour(this, "onCreateRecordFolder", NotificationFrequency.TRANSACTION_COMMIT));
}
/**
* @param permissionService permission service
*/
public void setPermissionService(PermissionService permissionService)
{
this.permissionService = permissionService;
}
/**
* @param nodeService node service
*/
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
/**
* @param policyComponent policy component
*/
public void setPolicyComponent(PolicyComponent policyComponent)
{
this.policyComponent = policyComponent;
}
/**
* @param recordsManagementService records management service
*/
public void setRecordsManagementService(RecordsManagementService recordsManagementService)
{
this.recordsManagementService = recordsManagementService;
}
/**
* @param childAssocRef
@@ -210,24 +175,24 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
{
public Object doWork()
{
Set<AccessPermission> perms = permissionService.getAllSetPermissions(catNodeRef);
for (AccessPermission perm : perms)
{
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false)
{
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
{
allow = true;
}
permissionService.setPermission(
folderNodeRef,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
Set<AccessPermission> perms = permissionService.getAllSetPermissions(catNodeRef);
for (AccessPermission perm : perms)
{
if (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(perm.getAuthority()) == false)
{
AccessStatus accessStatus = perm.getAccessStatus();
boolean allow = false;
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
{
allow = true;
}
permissionService.setPermission(
folderNodeRef,
perm.getAuthority(),
perm.getPermission(),
allow);
}
}
return null;
}
@@ -389,136 +354,5 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
}
}, AuthenticationUtil.getSystemUserName());
}
/** Deprecated method implementations */
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedAspects()
*/
@Deprecated
@Override
public Set<QName> getProtectedAspects()
{
return modelSecurityService.getProtectedAspects();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedProperties()
*/
@Deprecated
@Override
public Set<QName> getProtectedProperties()
{
return modelSecurityService.getProtectedProperties();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#assignRoleToAuthority(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String)
*/
@Deprecated
@Override
public void assignRoleToAuthority(NodeRef rmRootNode, String role, String authorityName)
{
filePlanRoleService.assignRoleToAuthority(rmRootNode, role, authorityName);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#bootstrapDefaultRoles(org.alfresco.service.cmr.repository.NodeRef)
*/
@Deprecated
@Override
public void bootstrapDefaultRoles(NodeRef rmRootNode)
{
throw new UnsupportedOperationException("This method is no longer supported.");
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#createRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, java.util.Set)
*/
@Deprecated
@Override
public Role createRole(NodeRef rmRootNode, String role, String roleDisplayLabel, Set<Capability> capabilities)
{
return Role.toRole(filePlanRoleService.createRole(rmRootNode, role, roleDisplayLabel, capabilities));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#deleteRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Deprecated
@Override
public void deleteRole(NodeRef rmRootNode, String role)
{
filePlanRoleService.deleteRole(rmRootNode, role);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#existsRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Deprecated
@Override
public boolean existsRole(NodeRef rmRootNode, String role)
{
return filePlanRoleService.existsRole(rmRootNode, role);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getAllRolesContainerGroup(org.alfresco.service.cmr.repository.NodeRef)
*/
@Deprecated
@Override
public String getAllRolesContainerGroup(NodeRef filePlan)
{
return filePlanRoleService.getAllRolesContainerGroup(filePlan);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Deprecated
@Override
public Role getRole(NodeRef rmRootNode, String role)
{
return Role.toRole(filePlanRoleService.getRole(rmRootNode, role));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRoles(org.alfresco.service.cmr.repository.NodeRef)
*/
@Deprecated
@Override
public Set<Role> getRoles(NodeRef rmRootNode)
{
return Role.toRoleSet(filePlanRoleService.getRoles(rmRootNode));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getRolesByUser(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Deprecated
@Override
public Set<Role> getRolesByUser(NodeRef rmRootNode, String user)
{
return Role.toRoleSet(filePlanRoleService.getRolesByUser(rmRootNode, user));
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#hasRMAdminRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Deprecated
@Override
public boolean hasRMAdminRole(NodeRef rmRootNode, String user)
{
return filePlanRoleService.hasRMAdminRole(rmRootNode, user);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#updateRole(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, java.lang.String, java.util.Set)
*/
@Deprecated
@Override
public Role updateRole(NodeRef rmRootNode, String role, String roleDisplayLabel, Set<Capability> capabilities)
{
return updateRole(rmRootNode, role, roleDisplayLabel, capabilities);
}
}

198
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java
View File

@@ -1,198 +0,0 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService;
import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* Records management permission service interface
*
* @author Roy Wetherall
*/
public interface RecordsManagementSecurityService
{
/**
* Creates the initial set of default roles for a root records management node
*
* @param rmRootNode root node
*
* @deprecatedAs of release 2.1, operation no longer supported
*/
@Deprecated
void bootstrapDefaultRoles(NodeRef rmRootNode);
/**
* Returns the name of the container group for all roles of a specified file
* plan.
*
* @param filePlan file plan node reference
* @return String group name
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#getAllRolesContainerGroup(NodeRef)}
*/
@Deprecated
String getAllRolesContainerGroup(NodeRef filePlan);
/**
* Get all the available roles for the given records management root node
*
* @param rmRootNode root node
* @return {@link Set}<{@link Role}> all roles for a given root node
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#getRoles(NodeRef)}
*/
@Deprecated
Set<Role> getRoles(NodeRef rmRootNode);
/**
* Gets the roles for a given user
*
* @param rmRootNode
* @param user
* @return
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#getRolesByUser(NodeRef, String)}
*/
@Deprecated
Set<Role> getRolesByUser(NodeRef rmRootNode, String user);
/**
* Get a role by name
*
* @param rmRootNode
* @param role
* @return
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#getRole(NodeRef, String)}
*/
@Deprecated
Role getRole(NodeRef rmRootNode, String role);
/**
* Indicate whether a role exists for a given records management root node
* @param rmRootNode
* @param role
* @return
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#existsRole(NodeRef, String)}
*/
@Deprecated
boolean existsRole(NodeRef rmRootNode, String role);
/**
* Determines whether the given user has the RM Admin role
*
* @param rmRootNode RM root node
* @param user user name to check
* @return true if the user has the RM Admin role, false otherwise
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#hasRMAdminRole(NodeRef, String)}
*/
@Deprecated
boolean hasRMAdminRole(NodeRef rmRootNode, String user);
/**
* Create a new role
*
* @param rmRootNode
* @param role
* @param roleDisplayLabel
* @param capabilities
* @return
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#createRole(NodeRef, String, String, Set)}
*/
@Deprecated
Role createRole(NodeRef rmRootNode, String role, String roleDisplayLabel, Set<Capability> capabilities);
/**
* Update an existing role
*
* @param rmRootNode
* @param role
* @param roleDisplayLabel
* @param capabilities
* @return
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#updateRole(NodeRef, String, String, Set)}
*/
@Deprecated
Role updateRole(NodeRef rmRootNode, String role, String roleDisplayLabel, Set<Capability> capabilities);
/**
* Delete a role
*
* @param rmRootNode
* @param role
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#deleteRole(NodeRef, String)}
*/
@Deprecated
void deleteRole(NodeRef rmRootNode, String role);
/**
* Assign a role to an authority
*
* @param authorityName
* @param rmRootNode
* @param role
*
* @deprecated As of release 2.1, replaced by {@link FilePlanRoleService#assignRoleToAuthority(NodeRef, String, String)}
*/
@Deprecated
void assignRoleToAuthority(NodeRef rmRootNode, String role, String authorityName);
/**
* Sets a permission on a RM object. Assumes allow is true. Cascades permission down to record folder.
* Cascades ReadRecord up to file plan.
*
* @param nodeRef node reference
* @param authority authority
* @param permission permission
*/
void setPermission(NodeRef nodeRef, String authority, String permission);
/**
* Deletes a permission from a RM object. Cascades removal down to record folder.
*
* @param nodeRef node reference
* @param authority authority
* @param permission permission
*/
void deletePermission(NodeRef nodeRef, String authority, String permission);
/**
* @return {@link Set}<{@link QName}> protected aspect names
* @deprecated As of release 2.1, replaced by {@link ModelSecurityService#getProtectedAspects}
*/
@Deprecated
Set<QName> getProtectedAspects();
/**
* @return {@link Set}<{@link QName}> protected properties
* @deprecated As of release 2.1, replaced by {@link ModelSecurityService#getProtectedProperties}
*/
Set<QName> getProtectedProperties();
}