mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-14 17:58:59 +00:00
Merged 5.2.N (5.2.1) to HEAD (5.2)
128660 jkaabimofrad: Merged 5.1.N (5.1.2) to 5.2.N (5.2.1)
128649 jkaabimofrad: Merged JAMAL/MNT-16371 (5.1.2) to 5.1.N (5.1.2)
128626 jkaabimofrad: MNT-16371: Turned off Inherit Permissions and explicitly added the Site Manager role for the Site to the surf-config folder when it is first created. Also, revoked ownership privileges for surf-config contents.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@129299 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alexandru Epure
@@ -37,10 +37,12 @@ import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.HashSet;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.StringTokenizer;
|
||||
import java.util.TimeZone;
|
||||
import java.util.regex.Matcher;
|
||||
@@ -62,7 +64,8 @@ import org.alfresco.repo.model.filefolder.HiddenAspect;
|
||||
import org.alfresco.repo.policy.BehaviourFilter;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
||||
import org.alfresco.repo.security.permissions.AccessDeniedException;
|
||||
import org.alfresco.repo.security.permissions.AccessDeniedException;
|
||||
import org.alfresco.repo.site.SiteModel;
|
||||
import org.alfresco.service.cmr.model.FileExistsException;
|
||||
import org.alfresco.service.cmr.model.FileFolderService;
|
||||
import org.alfresco.service.cmr.model.FileFolderUtil;
|
||||
@@ -74,7 +77,9 @@ import org.alfresco.service.cmr.repository.ContentReader;
|
||||
import org.alfresco.service.cmr.repository.ContentService;
|
||||
import org.alfresco.service.cmr.repository.ContentWriter;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.security.OwnableService;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.cmr.site.SiteInfo;
|
||||
import org.alfresco.service.cmr.site.SiteService;
|
||||
import org.alfresco.service.namespace.NamespaceService;
|
||||
@@ -130,7 +135,9 @@ public class ADMRemoteStore extends BaseRemoteStore
|
||||
protected NamespaceService namespaceService;
|
||||
protected SiteService siteService;
|
||||
protected ContentService contentService;
|
||||
protected HiddenAspect hiddenAspect;
|
||||
protected HiddenAspect hiddenAspect;
|
||||
protected PermissionService permissionService;
|
||||
protected OwnableService ownableService;
|
||||
private BehaviourFilter behaviourFilter;
|
||||
|
||||
/**
|
||||
@@ -197,7 +204,17 @@ public class ADMRemoteStore extends BaseRemoteStore
|
||||
{
|
||||
this.behaviourFilter = behaviourFilter;
|
||||
}
|
||||
|
||||
|
||||
public void setPermissionService(PermissionService permissionService)
|
||||
{
|
||||
this.permissionService = permissionService;
|
||||
}
|
||||
|
||||
public void setOwnableService(OwnableService ownableService)
|
||||
{
|
||||
this.ownableService = ownableService;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the last modified timestamp for the document.
|
||||
* <p>
|
||||
@@ -483,12 +500,15 @@ public class ADMRemoteStore extends BaseRemoteStore
|
||||
if (nodeService.getChildByName(parentFolderRef, ContentModel.ASSOC_CONTAINS, name) == null)
|
||||
{
|
||||
FileInfo fileInfo = fileFolderService.create(
|
||||
parentFolderRef, name, ContentModel.TYPE_CONTENT);
|
||||
parentFolderRef, name, ContentModel.TYPE_CONTENT);
|
||||
final NodeRef nodeRef = fileInfo.getNodeRef();
|
||||
// MNT-16371: Revoke ownership privileges for surf-config folder contents, to tighten access for former SiteManagers.
|
||||
ownableService.setOwner(nodeRef, AuthenticationUtil.getAdminUserName());
|
||||
|
||||
Map<QName, Serializable> aspectProperties = new HashMap<QName, Serializable>(1, 1.0f);
|
||||
aspectProperties.put(ContentModel.PROP_IS_INDEXED, false);
|
||||
unprotNodeService.addAspect(fileInfo.getNodeRef(), ContentModel.ASPECT_INDEX_CONTROL, aspectProperties);
|
||||
ContentWriter writer = contentService.getWriter(
|
||||
fileInfo.getNodeRef(), ContentModel.PROP_CONTENT, true);
|
||||
unprotNodeService.addAspect(nodeRef, ContentModel.ASPECT_INDEX_CONTROL, aspectProperties);
|
||||
ContentWriter writer = contentService.getWriter(nodeRef, ContentModel.PROP_CONTENT, true);
|
||||
writer.guessMimetype(fileInfo.getName());
|
||||
writer.putContent(content);
|
||||
if (logger.isDebugEnabled())
|
||||
@@ -803,8 +823,10 @@ public class ADMRemoteStore extends BaseRemoteStore
|
||||
private FileInfo resolveNodePath(final String path, final String pattern, final boolean create, final boolean isFolder)
|
||||
{
|
||||
if (logger.isDebugEnabled())
|
||||
logger.debug("Resolving path: " + path);
|
||||
|
||||
logger.debug("Resolving path: " + path);
|
||||
|
||||
final String adminUserName = AuthenticationUtil.getAdminUserName();
|
||||
|
||||
FileInfo result = null;
|
||||
if (path != null)
|
||||
{
|
||||
@@ -841,14 +863,21 @@ public class ADMRemoteStore extends BaseRemoteStore
|
||||
folderDetails.add(new FileFolderUtil.PathElementDetails(element, aspects));
|
||||
}
|
||||
// ensure folders exist down to the specified parent
|
||||
// ALF-17729 / ALF-17796 - disable auditable on parent folders
|
||||
// ALF-17729 / ALF-17796 - disable auditable on parent folders
|
||||
Set<NodeRef> allCreatedFolders = new LinkedHashSet<>();
|
||||
result = FileFolderUtil.makeFolders(
|
||||
this.fileFolderService,nodeService,
|
||||
surfConfigRef,
|
||||
folderDetails,
|
||||
ContentModel.TYPE_FOLDER,
|
||||
behaviourFilter,
|
||||
new HashSet<QName>(Arrays.asList(new QName[]{ContentModel.ASPECT_AUDITABLE})));
|
||||
new HashSet<QName>(Arrays.asList(new QName[]{ContentModel.ASPECT_AUDITABLE})), allCreatedFolders);
|
||||
|
||||
// MNT-16371: Revoke ownership privileges for surf-config folder, to tighten access for former SiteManagers.
|
||||
for(NodeRef nodeRef : allCreatedFolders)
|
||||
{
|
||||
ownableService.setOwner(nodeRef, adminUserName);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -984,7 +1013,19 @@ public class ADMRemoteStore extends BaseRemoteStore
|
||||
rootRef, ContentModel.ASSOC_CONTAINS, assocQName, ContentModel.TYPE_FOLDER, properties);
|
||||
surfConfigRef = ref.getChildRef();
|
||||
// surf-config needs to be hidden - applies index control aspect as part of the hidden aspect
|
||||
hiddenAspect.hideNode(ref.getChildRef(), false, false, false);
|
||||
hiddenAspect.hideNode(ref.getChildRef(), false, false, false);
|
||||
|
||||
// MNT-16371: Revoke inherited permission
|
||||
permissionService.setInheritParentPermissions(surfConfigRef, false);
|
||||
String siteName = siteService.getSiteShortName(rootRef);
|
||||
if (siteName != null)
|
||||
{
|
||||
// Revoke ownership privileges for surf-config folder, to tighten access for former SiteManagers.
|
||||
ownableService.setOwner(surfConfigRef, AuthenticationUtil.getAdminUserName());
|
||||
// Set site manager group permission
|
||||
String siteManagerGroup = siteService.getSiteRoleGroup(siteName, SiteModel.SITE_MANAGER);
|
||||
permissionService.setPermission(surfConfigRef, siteManagerGroup, SiteModel.SITE_MANAGER, true);
|
||||
}
|
||||
}
|
||||
return surfConfigRef;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user