inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-10-01 14:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-567: Refactor protected aspects and properties

Browse Source 
* actions and capabilities no long linked
  * protected aspects and properties can be configured in their own right
  * protected model security service added
  * action implementation refactored accordingly
  * capability implementations refactored accordingly
  * unit tests 



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@44229 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-12-03 04:06:47 +00:00
parent 0f7197eb25
commit e7f1b2e62c
52 changed files with 1469 additions and 773 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
rm-server/config/alfresco/module/org_alfresco_module_rm/model/rm-model-security-context.xml Normal file
View File

@@ -0,0 +1,164 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!-- Helper abstract bean definitions -->
<bean id="protectedArtifact"
abstract="true"
init-method="init">
<property name="modelSecurityService" ref="modelSecurityService" />
<property name="namespaceService" ref="namespaceService" />
</bean>
<bean id="protectedProperty"
abstract="true"
parent="protectedArtifact"
class="org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedProperty">
</bean>
<bean id="protectedAspect"
abstract="true"
parent="protectedArtifact"
class="org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedAspect">
</bean>
<!-- Protected Aspects -->
<bean id="rm.protectedAspect.rma_cutOff" parent="protectedAspect">
<property name="name" value="rma:cutOff"/>
<property name="capabilities">
<set>
<ref bean="rmCutOffCapability" />
<ref bean="rmUndoCutOffCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedAspect.rma_declaredRecord" parent="protectedAspect">
<property name="name" value="rma:declaredRecord"/>
<property name="capabilities">
<set>
<ref bean="rmDeclare" />
<ref bean="rmUndeclareRecordsCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedAspect.rma_frozen" parent="protectedAspect">
<property name="name" value="rma:frozen" />
<property name="capabilities">
<set>
<ref bean="rmExtendRetentionPeriodOrFreezeCapability" />
<ref bean="rmUnfreezeCapability" />
</set>
</property>
</bean>
<!-- Protected Properties -->
<bean id="rm.protectedProperty.rma_cutoffDate" parent="protectedProperty">
<property name="name" value="rma:cutOffDate"/>
<property name="capabilities">
<set>
<ref bean="rmCutOffCapability" />
<ref bean="rmUndoCutOffCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedProperty.rma_isClosed" parent="protectedProperty">
<property name="name" value="rma:isClosed"/>
<property name="capabilities">
<set>
<ref bean="rmCloseFoldersCapability" />
<ref bean="rmReOpenFoldersCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedProperty.rma_declaredAt" parent="protectedProperty">
<property name="name" value="rma:declaredAt"/>
<property name="capabilities">
<set>
<ref bean="rmDeclare" />
<ref bean="rmUndeclareRecordsCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedProperty.rma_declaredBy" parent="protectedProperty">
<property name="name" value="rma:declaredBy"/>
<property name="capabilities">
<set>
<ref bean="rmDeclare" />
<ref bean="rmUndeclareRecordsCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedProperty.rma_dateFiled" parent="protectedProperty">
<property name="name" value="rma:dateFiled"/>
<property name="capabilities">
<set>
<ref bean="rmFileRecordsCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedProperty.rma_reviewAsOf" parent="protectedProperty">
<property name="name" value="rma:reviewAsOf"/>
<property name="allwaysAllowNew" value = "true" />
<property name="capabilities">
<set>
<ref bean="rmCycleVitalRecordsCapability" />
<ref bean="rmPlanningReviewCyclesCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedProperty.rma_dispositionAsOf" parent="protectedProperty">
<property name="name" value="rma:dispositionAsOf"/>
<property name="capabilities">
<set>
<ref bean="rmManuallyChangeDispositionDatesCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedProperty.rma_holdReason" parent="protectedProperty">
<property name="name" value="rma:holdReason"/>
<property name="capabilities">
<set>
<ref bean="rmViewUpdateReasonsForFreezeCapability" />
<ref bean="rmExtendRetentionPeriodOrFreezeCapability" />
<ref bean="rmUnfreezeCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedProperty.rma_frozenAt" parent="protectedProperty">
<property name="name" value="rma:frozenAt"/>
<property name="capabilities">
<set>
<ref bean="rmViewUpdateReasonsForFreezeCapability" />
<ref bean="rmExtendRetentionPeriodOrFreezeCapability" />
<ref bean="rmUnfreezeCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedProperty.rma_frozenBy" parent="protectedProperty">
<property name="name" value="rma:frozenBy"/>
<property name="capabilities">
<set>
<ref bean="rmViewUpdateReasonsForFreezeCapability" />
<ref bean="rmExtendRetentionPeriodOrFreezeCapability" />
<ref bean="rmUnfreezeCapability" />
</set>
</property>
</bean>
</beans>

82
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-action-context.xml
View File

@@ -90,10 +90,7 @@
</bean>
<!-- disable normal registration - the proxy will do it so the proxy is registered -->
<bean id="file" class="org.alfresco.module.org_alfresco_module_rm.action.impl.FileAction" parent="rmAction" depends-on="rmFileRecordsCapability">
<property name="capability" ref="rmFileRecordsCapability"/>
</bean>
<bean id="file" class="org.alfresco.module.org_alfresco_module_rm.action.impl.FileAction" parent="rmAction" />
<!-- Cutoff action -->
@@ -119,9 +116,7 @@
</property>
</bean>
<bean id="cutoff" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction" parent="rmAction" depends-on="rmApproveRecordsScheduledForCutoffCapability">
<property name="capability" ref="rmApproveRecordsScheduledForCutoffCapability"/>
</bean>
<bean id="cutoff" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction" parent="rmAction"/>
<!-- UnCutoff action -->
@@ -146,9 +141,7 @@
</property>
</bean>
<bean id="unCutoff" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UnCutoffAction" parent="rmAction" depends-on="rmApproveRecordsScheduledForCutoffCapability">
<property name="capability" ref="rmApproveRecordsScheduledForCutoffCapability"/>
</bean>
<bean id="unCutoff" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UnCutoffAction" parent="rmAction" />
<!-- Destroy -->
@@ -182,7 +175,6 @@
<property name="ghostingEnabled">
<value>${rm.ghosting.enabled}</value>
</property>
<property name="capability" ref="rmDestroyRecordsScheduledForDestructionCapability" />
</bean>
<!-- retain -->
@@ -234,9 +226,7 @@
</property>
</bean>
<bean id="openRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.OpenRecordFolderAction" parent="rmAction" depends-on="rmReOpenFoldersCapability">
<property name="capability" ref="rmReOpenFoldersCapability"/>
</bean>
<bean id="openRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.OpenRecordFolderAction" parent="rmAction" />
<!-- close record folder -->
@@ -261,9 +251,7 @@
</property>
</bean>
<bean id="closeRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CloseRecordFolderAction" parent="rmAction" depends-on="rmCloseFoldersCapability">
<property name="capability" ref="rmCloseFoldersCapability"/>
</bean>
<bean id="closeRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CloseRecordFolderAction" parent="rmAction" />
<!-- reviewed -->
@@ -288,9 +276,7 @@
</property>
</bean>
<bean id="reviewed" class="org.alfresco.module.org_alfresco_module_rm.vital.ReviewedAction" parent="rmAction" depends-on="rmCycleVitalRecordsCapability">
<property name="capability" ref="rmCycleVitalRecordsCapability"/>
</bean>
<bean id="reviewed" class="org.alfresco.module.org_alfresco_module_rm.vital.ReviewedAction" parent="rmAction" depends-on="rmCycleVitalRecordsCapability" />
<!-- set up record folder -->
<!-- bound to policy: allow -->
@@ -316,7 +302,7 @@
</property>
</bean>
<bean id="setupRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.SetupRecordFolderAction" parent="rmAction" depends-on="rmFileRecordsCapability"/>
<bean id="setupRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.SetupRecordFolderAction" parent="rmAction" />
<!-- declare record -->
<!-- fileable?? -->
@@ -342,14 +328,7 @@
</property>
</bean>
<bean id="declareRecord" class="org.alfresco.module.org_alfresco_module_rm.action.impl.DeclareRecordAction" parent="rmAction" depends-on="rmDeclareRecordsCapability">
<property name="capabilities">
<list>
<ref bean="rmDeclareRecordsCapability" />
<ref bean="rmDeclareRecordsInClosedFoldersCapability" />
</list>
</property>
<property name="capability" ref="rmDeclareRecordsCapability"/>
<bean id="declareRecord" class="org.alfresco.module.org_alfresco_module_rm.action.impl.DeclareRecordAction" parent="rmAction">
</bean>
<!-- undeclare record -->
@@ -375,8 +354,7 @@
</property>
</bean>
<bean id="undeclareRecord" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UndeclareRecordAction" parent="rmAction" depends-on="rmUndeclareRecordsCapability">
<property name="capability" ref="rmUndeclareRecordsCapability"/>
<bean id="undeclareRecord" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UndeclareRecordAction" parent="rmAction">
</bean>
<!-- Freeze record -->
@@ -402,9 +380,7 @@
</property>
</bean>
<bean id="freeze" class="org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction" parent="rmAction" depends-on="rmExtendRetentionPeriodOrFreezeCapability">
<property name="capability" ref="rmExtendRetentionPeriodOrFreezeCapability" />
</bean>
<bean id="freeze" class="org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction" parent="rmAction" depends-on="rmExtendRetentionPeriodOrFreezeCapability" />
<!-- Unfreeze record -->
@@ -429,9 +405,7 @@
</property>
</bean>
<bean id="unfreeze" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UnfreezeAction" parent="rmAction" depends-on="rmUnfreezeCapability">
<property name="capability" ref="rmUnfreezeCapability" />
</bean>
<bean id="unfreeze" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UnfreezeAction" parent="rmAction" />
<!-- Relinquish Hold Action-->
@@ -446,9 +420,7 @@
</property>
</bean>
<bean id="relinquishHold" class="org.alfresco.module.org_alfresco_module_rm.action.impl.RelinquishHoldAction" parent="rmAction" depends-on="rmUnfreezeCapability">
<property name="capability" ref="rmUnfreezeCapability" />
</bean>
<bean id="relinquishHold" class="org.alfresco.module.org_alfresco_module_rm.action.impl.RelinquishHoldAction" parent="rmAction" />
<!-- Edit hold reason -->
@@ -473,9 +445,7 @@
</property>
</bean>
<bean id="editHoldReason" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditHoldReasonAction" parent="rmAction" depends-on="rmViewUpdateReasonsForFreezeCapability">
<property name="capability" ref="rmViewUpdateReasonsForFreezeCapability" />
</bean>
<bean id="editHoldReason" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditHoldReasonAction" parent="rmAction" />
<!-- Edit review as of date -->
@@ -500,9 +470,7 @@
</property>
</bean>
<bean id="editReviewAsOfDate" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditReviewAsOfDateAction" parent="rmAction" depends-on="rmPlanningReviewCyclesCapability">
<property name="capability" ref="rmPlanningReviewCyclesCapability"/>
</bean>
<bean id="editReviewAsOfDate" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditReviewAsOfDateAction" parent="rmAction" />
<!-- Edit disposition action as of date -->
@@ -527,9 +495,7 @@
</property>
</bean>
<bean id="editDispositionActionAsOfDate" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditDispositionActionAsOfDateAction" parent="rmAction" depends-on="rmManuallyChangeDispositionDatesCapability">
<property name="capability" ref="rmManuallyChangeDispositionDatesCapability"/>
</bean>
<bean id="editDispositionActionAsOfDate" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditDispositionActionAsOfDateAction" parent="rmAction" />
<!-- broadcast vital record definition -->
<!-- bound to policy: allow -->
@@ -612,8 +578,7 @@
</property>
</bean>
<bean id="completeEvent" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction" parent="rmAction" depends-on="rmAddModifyEventDatesCapability">
<property name="capability" ref="rmAddModifyEventDatesCapability"/>
<bean id="completeEvent" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction" parent="rmAction">
</bean>
<!-- undo event -->
@@ -639,8 +604,7 @@
</property>
</bean>
<bean id="undoEvent" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UndoEventAction" parent="rmAction" depends-on="rmAddModifyEventDatesCapability">
<property name="capability" ref="rmAddModifyEventDatesCapability"/>
<bean id="undoEvent" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UndoEventAction" parent="rmAction">
</bean>
<!-- transfer -->
@@ -666,8 +630,7 @@
</property>
</bean>
<bean id="transfer" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction" parent="rmAction" depends-on="rmAuthorizeAllTransfersCapability">
<property name="capability" ref="rmAuthorizeAllTransfersCapability"/>
<bean id="transfer" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction" parent="rmAction">
<property name="isAccession" value="false"/>
</bean>
@@ -684,8 +647,7 @@
</property>
</bean>
<bean id="transferComplete" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction" parent="rmAction" depends-on="rmAuthorizeAllTransfersCapability">
<property name="capability" ref="rmAuthorizeAllTransfersCapability"/>
<bean id="transferComplete" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction" parent="rmAction" >
</bean>
<!-- accession -->
@@ -711,8 +673,7 @@
</property>
</bean>
<bean id="accession" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction" parent="rmAction" depends-on="rmAuthorizeNominatedTransfersCapability">
<property name="capability" ref="rmAuthorizeNominatedTransfersCapability"/>
<bean id="accession" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction" parent="rmAction">
<property name="isAccession" value="true"/>
</bean>
@@ -729,8 +690,7 @@
</property>
</bean>
<bean id="accessionComplete" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction" parent="rmAction" depends-on="rmAuthorizeNominatedTransfersCapability">
<property name="capability" ref="rmAuthorizeNominatedTransfersCapability"/>
<bean id="accessionComplete" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction" parent="rmAction">
</bean>
<!-- Split Email -->

3
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml
View File

@@ -107,6 +107,9 @@
parent="org_alfresco_module_rm_BaseBehaviour">
<property name="permissionService" ref="PermissionService"/>
</bean>
<!-- Model Security Definitions -->
<import resource="classpath:alfresco/module/org_alfresco_module_rm/model/rm-model-security-context.xml"/>
<!-- Base bean definition for customisable email mapping keys bootstrap -->
<bean id="customisableEmailMappingKeyBootstrap"

60
rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
View File

@@ -419,13 +419,13 @@
class="org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityServiceImpl"
depends-on="org_alfresco_module_rm_dictionaryBootstrap"
init-method="init">
<property name="voter" ref="rmEntryVoter"/>
<property name="capabilityService" ref="CapabilityService"/>
<property name="authorityService" ref="AuthorityService"/>
<property name="permissionService" ref="PermissionService"/>
<property name="nodeService" ref="NodeService"/>
<property name="policyComponent" ref="policyComponent"/>
<property name="recordsManagementService" ref="RecordsManagementService"/>
<property name="recordsManagementService" ref="RecordsManagementService"/>
<property name="modelSecurityService" ref="modelSecurityService" />
</bean>
<bean id="RecordsManagementSecurityService" class="org.springframework.aop.framework.ProxyFactoryBean">
@@ -544,8 +544,64 @@
</value>
</property>
</bean>
<!-- Model Security service -->
<bean id="modelSecurityService"
class="org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityServiceImpl"
init-method="init">
<property name="policyComponent" ref="policyComponent" />
<property name="nodeService" ref="NodeService" />
<property name="capabilityService" ref="CapabilityService" />
<property name="namespaceService" ref="namespaceService" />
</bean>
<bean id="ModelSecurityService" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService</value>
</property>
<property name="target">
<ref bean="modelSecurityService"/>
</property>
<property name="interceptorNames">
<list>
<idref local="ModelSecurityService_transaction"/>
<idref bean="exceptionTranslator"/>
<idref local="ModelSecurityService_security"/>
</list>
</property>
</bean>
<bean id="ModelSecurityService_transaction" class="org.springframework.transaction.interceptor.TransactionInterceptor">
<property name="transactionManager">
<ref bean="transactionManager"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<bean id="ModelSecurityService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref bean="accessDecisionManager"/>
</property>
<property name="afterInvocationManager">
<ref bean="afterInvocationManager"/>
</property>
<property name="objectDefinitionSource">
<value>
<![CDATA[
org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService.*=RM_ALLOW
]]>
</value>
</property>
</bean>
<!-- Records Management Action Service -->
<bean id="recordsManagementActionService" class="org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionServiceImpl" init-method="init">

48
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java
View File

@@ -19,19 +19,14 @@
package org.alfresco.module.org_alfresco_module_rm.action;
import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementAdminService;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionActionDefinition;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
@@ -122,7 +117,7 @@ public abstract class RMActionExecuterAbstractBase extends ActionExecuterAbstra
/** Freeze Service */
protected FreezeService freezeService;
protected LinkedList<AbstractCapability> capabilities = new LinkedList<AbstractCapability>();;
// protected LinkedList<AbstractCapability> capabilities = new LinkedList<AbstractCapability>();;
/** Default constructor */
public RMActionExecuterAbstractBase()
@@ -259,19 +254,19 @@ public abstract class RMActionExecuterAbstractBase extends ActionExecuterAbstra
* Register with a single capability
* @param capability
*/
public void setCapability(AbstractCapability capability)
{
capabilities.add(capability);
}
// public void setCapability(AbstractCapability capability)
// {
// capabilities.add(capability);
// }
/**
* Register with several capabilities
* @param capabilities
*/
public void setCapabilities(Collection<AbstractCapability> capabilities)
{
this.capabilities.addAll(capabilities);
}
// public void setCapabilities(Collection<AbstractCapability> capabilities)
// {
// this.capabilities.addAll(capabilities);
// }
public void setRecordsManagementAdminService(RecordsManagementAdminService recordsManagementAdminService)
{
@@ -302,10 +297,10 @@ public abstract class RMActionExecuterAbstractBase extends ActionExecuterAbstra
PropertyCheck.mandatory(this, "recordsManagementAdminService", recordsManagementAdminService);
PropertyCheck.mandatory(this, "recordsManagementEventService", recordsManagementEventService);
for(AbstractCapability capability : capabilities)
{
capability.registerAction(this);
}
// for(AbstractCapability capability : capabilities)
// {
// capability.registerAction(this);
// }
}
/**
@@ -429,23 +424,6 @@ public abstract class RMActionExecuterAbstractBase extends ActionExecuterAbstra
{
// No parameters
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction#getProtectedProperties()
*/
public Set<QName> getProtectedProperties()
{
return Collections.<QName>emptySet();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction#getProtectedAspects()
*/
public Set<QName> getProtectedAspects()
{
return Collections.<QName>emptySet();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction#isExecutable(org.alfresco.service.cmr.repository.NodeRef, java.util.Map)

27
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMDispositionActionExecuterAbstractBase.java
View File

@@ -20,10 +20,8 @@ package org.alfresco.module.org_alfresco_module_rm.action;
import java.io.Serializable;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
@@ -32,7 +30,6 @@ import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.action.ParameterDefinition;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.springframework.extensions.surf.util.I18NUtil;
@@ -97,7 +94,7 @@ public abstract class RMDispositionActionExecuterAbstractBase extends RMActionEx
if (di.isRecordLevelDisposition() == true)
{
// Check that we do indeed have a record
if (this.recordsManagementService.isRecord(actionedUponNodeRef) == true)
if (recordService.isRecord(actionedUponNodeRef) == true)
{
// Can only execute disposition action on record if declared
if (recordService.isDeclared(actionedUponNodeRef) == true)
@@ -273,16 +270,16 @@ public abstract class RMDispositionActionExecuterAbstractBase extends RMActionEx
return result;
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_DISPOSITION_ACTION_STARTED_AT);
qnames.add(PROP_DISPOSITION_ACTION_STARTED_BY);
qnames.add(PROP_DISPOSITION_ACTION_COMPLETED_AT);
qnames.add(PROP_DISPOSITION_ACTION_COMPLETED_BY);
return qnames;
}
// @Override
// public Set<QName> getProtectedProperties()
// {
// HashSet<QName> qnames = new HashSet<QName>();
// qnames.add(PROP_DISPOSITION_ACTION_STARTED_AT);
// qnames.add(PROP_DISPOSITION_ACTION_STARTED_BY);
// qnames.add(PROP_DISPOSITION_ACTION_COMPLETED_AT);
// qnames.add(PROP_DISPOSITION_ACTION_COMPLETED_BY);
// return qnames;
// }
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)
@@ -312,7 +309,7 @@ public abstract class RMDispositionActionExecuterAbstractBase extends RMActionEx
if (di.isRecordLevelDisposition() == true)
{
// Check that we do indeed have a record
if (this.recordsManagementService.isRecord(filePlanComponent) == true)
if (recordService.isRecord(filePlanComponent) == true)
{
// Can only execute disposition action on record if declared
if (recordService.isDeclared(filePlanComponent) == true)

6
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RecordsManagementAction.java
View File

@@ -20,10 +20,8 @@ package org.alfresco.module.org_alfresco_module_rm.action;
import java.io.Serializable;
import java.util.Map;
import java.util.Set;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
@@ -87,14 +85,14 @@ public interface RecordsManagementAction
*
* @return the set of protected properties
*/
public Set<QName> getProtectedProperties();
//public Set<QName> getProtectedProperties();
/**
* Get a set of aspects that should be updated via this or other actions.
* The aspect can not be added via public services, such as the NodeService.
* @return
*/
public Set<QName> getProtectedAspects();
//public Set<QName> getProtectedAspects();
/**
* Some admin-related rmActions execute against a target nodeRef which is not provided

3
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RecordsManagementActionServiceImpl.java
View File

@@ -159,8 +159,9 @@ public class RecordsManagementActionServiceImpl implements RecordsManagementActi
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService#getDispositionActions(org.alfresco.service.cmr.repository.NodeRef)
*/
@SuppressWarnings("unused")
public List<RecordsManagementAction> getDispositionActions(NodeRef nodeRef)
{
{
String userName = AuthenticationUtil.getFullyAuthenticatedUser();
List<RecordsManagementAction> result = new ArrayList<RecordsManagementAction>(this.rmActions.size());

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/ApplyCustomTypeAction.java
View File

@@ -113,7 +113,7 @@ public class ApplyCustomTypeAction extends RMActionExecuterAbstractBase
public boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)
{
if (recordsManagementService.isRecord(filePlanComponent))
if (recordService.isRecord(filePlanComponent))
{
return true;
}

21
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/BroadcastDispositionActionDefinitionUpdateAction.java
View File

@@ -20,12 +20,9 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction;
@@ -336,22 +333,4 @@ public class BroadcastDispositionActionDefinitionUpdateAction extends RMActionEx
{
return true;
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_DISPOSITION_AS_OF);
qnames.add(PROP_DISPOSITION_EVENT);
qnames.add(PROP_DISPOSITION_EVENT_COMBINATION);
qnames.add(PROP_DISPOSITION_EVENTS_ELIGIBLE);
return qnames;
}
@Override
public Set<QName> getProtectedAspects()
{
return Collections.emptySet();
}
}

11
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CloseRecordFolderAction.java
View File

@@ -19,17 +19,14 @@
package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.action.ParameterDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.springframework.extensions.surf.util.I18NUtil;
/**
@@ -74,14 +71,6 @@ public class CloseRecordFolderAction extends RMActionExecuterAbstractBase
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_IS_CLOSED);
return qnames;
}
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)
{

34
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CompleteEventAction.java
View File

@@ -20,10 +20,8 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
@@ -122,25 +120,25 @@ public class CompleteEventAction extends RMActionExecuterAbstractBase
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_EVENT_EXECUTION_COMPLETE);
qnames.add(PROP_EVENT_EXECUTION_COMPLETED_AT);
qnames.add(PROP_EVENT_EXECUTION_COMPLETED_BY);
return qnames;
}
// @Override
// public Set<QName> getProtectedProperties()
// {
// HashSet<QName> qnames = new HashSet<QName>();
// qnames.add(PROP_EVENT_EXECUTION_COMPLETE);
// qnames.add(PROP_EVENT_EXECUTION_COMPLETED_AT);
// qnames.add(PROP_EVENT_EXECUTION_COMPLETED_BY);
// return qnames;
// }
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(ASPECT_DISPOSITION_LIFECYCLE);
return qnames;
}
// @Override
// public Set<QName> getProtectedAspects()
// {
// HashSet<QName> qnames = new HashSet<QName>();
// qnames.add(ASPECT_DISPOSITION_LIFECYCLE);
// return qnames;
// }
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)

22
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CutOffAction.java
View File

@@ -21,10 +21,8 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMDispositionActionExecuterAbstractBase;
@@ -91,22 +89,6 @@ public class CutOffAction extends RMDispositionActionExecuterAbstractBase
this.nodeService.addAspect(nodeRef, ASPECT_CUT_OFF, cutOffProps);
}
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_CUT_OFF_DATE);
return qnames;
}
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(ASPECT_CUT_OFF);
return qnames;
}
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)
@@ -117,8 +99,8 @@ public class CutOffAction extends RMDispositionActionExecuterAbstractBase
}
// duplicates code from close .. it should get the closed action somehow?
if (this.recordsManagementService.isRecordFolder(filePlanComponent)
|| this.recordsManagementService.isRecord(filePlanComponent))
if (recordsManagementService.isRecordFolder(filePlanComponent)
|| recordService.isRecord(filePlanComponent))
{
return true;
}

12
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/DeclareRecordAction.java
View File

@@ -22,7 +22,6 @@ import java.io.Serializable;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -176,17 +175,6 @@ public class DeclareRecordAction extends RMActionExecuterAbstractBase
missingProperties.add(propDef.getName().toString());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedAspects()
*/
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(ASPECT_DECLARED_RECORD);
return qnames;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean)
*/

14
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditDispositionActionAsOfDateAction.java
View File

@@ -20,10 +20,8 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
@@ -31,7 +29,6 @@ import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.action.ParameterDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.surf.util.I18NUtil;
@@ -87,17 +84,6 @@ public class EditDispositionActionAsOfDateAction extends RMActionExecuterAbstrac
{
// Intentionally empty
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedProperties()
*/
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_DISPOSITION_AS_OF);
return qnames;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean)

25
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditHoldReasonAction.java
View File

@@ -19,15 +19,12 @@
package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.apache.commons.lang.StringUtils;
import org.springframework.extensions.surf.util.I18NUtil;
@@ -68,28 +65,6 @@ public class EditHoldReasonAction extends RMActionExecuterAbstractBase
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedAspects()
*/
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(ASPECT_FROZEN);
return qnames;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedProperties()
*/
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_HOLD_REASON);
return qnames;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean)
*/

19
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditReviewAsOfDateAction.java
View File

@@ -20,17 +20,14 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.action.ParameterDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.surf.util.I18NUtil;
@@ -59,8 +56,8 @@ public class EditReviewAsOfDateAction extends RMActionExecuterAbstractBase
@Override
protected void executeImpl(Action action, NodeRef actionedUponNodeRef)
{
if (recordsManagementService.isRecord(actionedUponNodeRef) == true &&
this.nodeService.hasAspect(actionedUponNodeRef, ASPECT_VITAL_RECORD) == true)
if (recordService.isRecord(actionedUponNodeRef) == true &&
nodeService.hasAspect(actionedUponNodeRef, ASPECT_VITAL_RECORD) == true)
{
// Get the action parameter
Date reviewAsOf = (Date)action.getParameterValue(PARAM_AS_OF_DATE);
@@ -84,21 +81,13 @@ public class EditReviewAsOfDateAction extends RMActionExecuterAbstractBase
{
// Intentionally empty
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_REVIEW_AS_OF);
return qnames;
}
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)
{
boolean result = false;
if (recordsManagementService.isRecord(filePlanComponent) == true &&
this.nodeService.hasAspect(filePlanComponent, ASPECT_VITAL_RECORD) == true)
if (recordService.isRecord(filePlanComponent) == true &&
nodeService.hasAspect(filePlanComponent, ASPECT_VITAL_RECORD) == true)
{
result = true;
}

36
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FileAction.java
View File

@@ -22,10 +22,8 @@ import java.io.Serializable;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
@@ -143,23 +141,23 @@ public class FileAction extends RMActionExecuterAbstractBase
paramList.add(new ParameterDefinitionImpl(PARAM_RECORD_METADATA_ASPECTS, DataTypeDefinition.QNAME, false, "Record Metadata Aspects", true));
}
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(ASPECT_RECORD);
qnames.add(ASPECT_VITAL_RECORD);
return qnames;
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_DATE_FILED);
qnames.add(PROP_REVIEW_AS_OF);
return qnames;
}
// @Override
// public Set<QName> getProtectedAspects()
// {
// HashSet<QName> qnames = new HashSet<QName>();
// qnames.add(ASPECT_RECORD);
// qnames.add(ASPECT_VITAL_RECORD);
// return qnames;
// }
//
// @Override
// public Set<QName> getProtectedProperties()
// {
// HashSet<QName> qnames = new HashSet<QName>();
// qnames.add(PROP_DATE_FILED);
// qnames.add(PROP_REVIEW_AS_OF);
// return qnames;
// }
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)

28
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java
View File

@@ -19,15 +19,12 @@
package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.springframework.extensions.surf.util.I18NUtil;
/**
@@ -52,29 +49,6 @@ public class FreezeAction extends RMActionExecuterAbstractBase
freezeService.freeze((String) action.getParameterValue(PARAM_REASON), actionedUponNodeRef);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedAspects()
*/
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(ASPECT_FROZEN);
return qnames;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedProperties()
*/
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_HOLD_REASON);
//TODO Add prop frozen at/by?
return qnames;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean)
*/
@@ -82,7 +56,7 @@ public class FreezeAction extends RMActionExecuterAbstractBase
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)
{
if (this.recordService.isRecord(filePlanComponent) == true ||
this.recordsManagementService.isRecordFolder(filePlanComponent) == true)
this.recordsManagementService.isRecordFolder(filePlanComponent) == true)
{
// Get the property values
if(parameters != null)

11
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/OpenRecordFolderAction.java
View File

@@ -19,17 +19,14 @@
package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.action.ParameterDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.springframework.extensions.surf.util.I18NUtil;
/**
@@ -73,14 +70,6 @@ public class OpenRecordFolderAction extends RMActionExecuterAbstractBase
// TODO Auto-generated method stub
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_IS_CLOSED);
return qnames;
}
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)
{

14
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/RelinquishHoldAction.java
View File

@@ -19,15 +19,12 @@
package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.springframework.extensions.surf.util.I18NUtil;
/**
@@ -56,17 +53,6 @@ public class RelinquishHoldAction extends RMActionExecuterAbstractBase
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedAspects()
*/
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(ASPECT_FROZEN);
return qnames;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean)
*/

4
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/SplitEmailAction.java
View File

@@ -112,7 +112,7 @@ public class SplitEmailAction extends RMActionExecuterAbstractBase
logger.debug("split email:" + actionedUponNodeRef);
}
if (recordsManagementService.isRecord(actionedUponNodeRef) == true)
if (recordService.isRecord(actionedUponNodeRef) == true)
{
if (recordService.isDeclared(actionedUponNodeRef) == false)
{
@@ -173,7 +173,7 @@ public class SplitEmailAction extends RMActionExecuterAbstractBase
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)
{
if (recordsManagementService.isRecord(filePlanComponent) == true)
if (recordService.isRecord(filePlanComponent) == true)
{
if (recordService.isDeclared(filePlanComponent))
{

15
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UndeclareRecordAction.java
View File

@@ -19,15 +19,12 @@
package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.springframework.extensions.surf.util.I18NUtil;
/**
@@ -46,7 +43,7 @@ public class UndeclareRecordAction extends RMActionExecuterAbstractBase
@Override
protected void executeImpl(Action action, NodeRef actionedUponNodeRef)
{
if (recordsManagementService.isRecord(actionedUponNodeRef) == true)
if (recordService.isRecord(actionedUponNodeRef) == true)
{
if (recordService.isDeclared(actionedUponNodeRef) == true)
{
@@ -59,19 +56,11 @@ public class UndeclareRecordAction extends RMActionExecuterAbstractBase
throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_RECORDS_ONLY_UNDECLARED));
}
}
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(ASPECT_DECLARED_RECORD);
return qnames;
}
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)
{
if (recordsManagementService.isRecord(filePlanComponent) == true)
if (recordService.isRecord(filePlanComponent) == true)
{
if (recordService.isDeclared(filePlanComponent) == true)
{

20
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UndoEventAction.java
View File

@@ -19,10 +19,8 @@
package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
@@ -157,24 +155,6 @@ public class UndoEventAction extends RMActionExecuterAbstractBase
}
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(ASPECT_DISPOSITION_LIFECYCLE);
return qnames;
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_EVENT_EXECUTION_COMPLETE);
qnames.add(PROP_EVENT_EXECUTION_COMPLETED_AT);
qnames.add(PROP_EVENT_EXECUTION_COMPLETED_BY);
return qnames;
}
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)
{

14
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UnfreezeAction.java
View File

@@ -19,14 +19,11 @@
package org.alfresco.module.org_alfresco_module_rm.action.impl;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* Unfreeze Action
@@ -44,17 +41,6 @@ public class UnfreezeAction extends RMActionExecuterAbstractBase
freezeService.unFreeze(actionedUponNodeRef);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedAspects()
*/
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(ASPECT_FROZEN);
return qnames;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean)
*/

94
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
View File

@@ -18,12 +18,8 @@
*/
package org.alfresco.module.org_alfresco_module_rm.capability;
import java.util.ArrayList;
import java.util.List;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
@@ -66,10 +62,10 @@ public abstract class AbstractCapability extends RMSecurityCommon
protected boolean isPrivate = false;
/** List of actions */
protected List<RecordsManagementAction> actions = new ArrayList<RecordsManagementAction>(1);
// protected List<RecordsManagementAction> actions = new ArrayList<RecordsManagementAction>(1);
/** Action names */
protected List<String> actionNames = new ArrayList<String>(1);
// protected List<String> actionNames = new ArrayList<String>(1);
/**
* @param voter RM entry voter
@@ -100,13 +96,11 @@ public abstract class AbstractCapability extends RMSecurityCommon
*
* @param action
*/
public void registerAction(RecordsManagementAction action)
{
this.actions.add(action);
this.actionNames.add(action.getName());
voter.addProtectedAspects(action.getProtectedAspects());
voter.addProtectedProperties(action.getProtectedProperties());
}
// public void registerAction(RecordsManagementAction action)
// {
// this.actions.add(action);
// this.actionNames.add(action.getName());
// }
/**
* @param name capability name
@@ -214,31 +208,31 @@ public abstract class AbstractCapability extends RMSecurityCommon
* @param nodeRef
* @return
*/
public int checkActionConditionsIfPresent(NodeRef nodeRef)
{
String prefix = "checkActionConditionsIfPresent" + getName();
int result = getTransactionCache(prefix, nodeRef);
if (result != NOSET_VALUE)
{
return result;
}
if (actions.size() > 0)
{
for (RecordsManagementAction action : actions)
{
if (action.isExecutable(nodeRef, null))
{
return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_GRANTED);
}
}
return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_DENIED);
}
else
{
return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_GRANTED);
}
}
// public int checkActionConditionsIfPresent(NodeRef nodeRef)
// {
// String prefix = "checkActionConditionsIfPresent" + getName();
// int result = getTransactionCache(prefix, nodeRef);
// if (result != NOSET_VALUE)
// {
// return result;
// }
//
// if (actions.size() > 0)
// {
// for (RecordsManagementAction action : actions)
// {
// if (action.isExecutable(nodeRef, null))
// {
// return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_GRANTED);
// }
// }
// return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_DENIED);
// }
// else
// {
// return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_GRANTED);
// }
// }
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#hasPermission(org.alfresco.service.cmr.repository.NodeRef)
@@ -269,10 +263,10 @@ public abstract class AbstractCapability extends RMSecurityCommon
{
result = AccessDecisionVoter.ACCESS_DENIED;
}
else if (checkActionConditionsIfPresent(nodeRef) == AccessDecisionVoter.ACCESS_DENIED)
{
result = AccessDecisionVoter.ACCESS_DENIED;
}
//else if (checkActionConditionsIfPresent(nodeRef) == AccessDecisionVoter.ACCESS_DENIED)
// {
// result = AccessDecisionVoter.ACCESS_DENIED;
// }
else
{
result = hasPermissionImpl(nodeRef);
@@ -303,18 +297,18 @@ public abstract class AbstractCapability extends RMSecurityCommon
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getActionNames()
*/
public List<String> getActionNames()
{
return actionNames;
}
// public List<String> getActionNames()
// {
// return actionNames;
// }
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getActions()
*/
public List<RecordsManagementAction> getActions()
{
return actions;
}
// public List<RecordsManagementAction> getActions()
// {
// return actions;
// }
/**
* @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getGroupId()

12
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java
View File

@@ -92,18 +92,6 @@ public interface Capability
*/
String getDescription();
/**
* Get the name of optional actions tied to this capability
* @return
*/
List<String> getActionNames();
/**
*
* @return
*/
List<RecordsManagementAction> getActions();
/**
* Gets the group id of a capability
*

99
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java
View File

@@ -21,13 +21,10 @@ package org.alfresco.module.org_alfresco_module_rm.capability;
import java.io.Serializable;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import net.sf.acegisecurity.Authentication;
@@ -36,7 +33,6 @@ import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability;
import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability;
@@ -57,7 +53,6 @@ import org.alfresco.service.cmr.security.OwnableService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.EqualsHelper;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -92,11 +87,6 @@ public class RMEntryVoter extends RMSecurityCommon
private static HashMap<String, Policy> policies = new HashMap<String, Policy>();
private HashSet<QName> protectedProperties = new HashSet<QName>();
private HashSet<QName> protectedAspects = new HashSet<QName>();
static
{
policies.put("Read", new ReadPolicy());
@@ -110,9 +100,6 @@ public class RMEntryVoter extends RMSecurityCommon
policies.put("Capability", new CapabilityPolicy());
policies.put("Declare", new DeclarePolicy());
policies.put("ReadProperty", new ReadPropertyPolicy());
// restrictedProperties.put(RecordsManagementModel.PROP_IS_CLOSED, value)
}
/**
@@ -209,26 +196,6 @@ public class RMEntryVoter extends RMSecurityCommon
return (MethodInvocation.class.isAssignableFrom(clazz));
}
public void addProtectedProperties(Set<QName> properties)
{
protectedProperties.addAll(properties);
}
public void addProtectedAspects(Set<QName> aspects)
{
protectedAspects.addAll(aspects);
}
public Set<QName> getProtectedProperties()
{
return Collections.unmodifiableSet(protectedProperties);
}
public Set<QName> getProtetcedAscpects()
{
return Collections.unmodifiableSet(protectedAspects);
}
@SuppressWarnings("unchecked")
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config)
{
@@ -658,72 +625,6 @@ public class RMEntryVoter extends RMSecurityCommon
return dictionaryService;
}
public boolean isProtectedAspect(NodeRef nodeRef, QName aspectQName)
{
if(protectedAspects.contains(aspectQName))
{
for(Capability capability : capabilityService.getCapabilities())
{
for(RecordsManagementAction action : capability.getActions())
{
if(action.getProtectedAspects().contains(aspectQName))
{
if(action.isExecutable(nodeRef, null))
{
return false;
}
}
}
}
return true;
}
else
{
return false;
}
}
public boolean isProtectedProperty(NodeRef nodeRef, QName propertyQName)
{
if(protectedProperties.contains(propertyQName))
{
for(Capability capability : capabilityService.getCapabilities())
{
for(RecordsManagementAction action : capability.getActions())
{
if(action.getProtectedProperties().contains(propertyQName))
{
if(action.isExecutable(nodeRef, null))
{
return false;
}
}
}
}
return true;
}
else
{
return false;
}
}
public boolean includesProtectedPropertyChange(NodeRef nodeRef, Map<QName, Serializable> properties)
{
Map<QName, Serializable> originals = nodeService.getProperties(nodeRef);
for (QName test : properties.keySet())
{
if (isProtectedProperty(nodeRef, test))
{
if (!EqualsHelper.nullSafeEquals(originals.get(test), properties.get(test)))
{
return true;
}
}
}
return false;
}
private class ConfigAttributeDefintion
{
String typeString;

6
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java
View File

@@ -22,7 +22,6 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.service.cmr.repository.NodeRef;
@@ -31,9 +30,6 @@ import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
/**
* @author Roy Wetherall
@@ -45,8 +41,6 @@ public class RMSecurityCommon
private static Log logger = LogFactory.getLog(RMSecurityCommon.class);
private ApplicationContext applicationContext;
protected NodeService nodeService;
protected PermissionService permissionService;
protected RecordsManagementService rmService;

4
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
View File

@@ -78,7 +78,7 @@ public class CreateCapability extends DeclarativeCapability
{
if(linkee == null)
{
if(rmService.isRecord(destination) && recordService.isDeclared(destination) == false)
if(recordService.isRecord(destination) && recordService.isDeclared(destination) == false)
{
if (permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
{
@@ -88,7 +88,7 @@ public class CreateCapability extends DeclarativeCapability
}
else
{
if(rmService.isRecord(linkee) && rmService.isRecord(destination) && recordService.isDeclared(destination) == false)
if(recordService.isRecord(linkee) && recordService.isRecord(destination) && recordService.isDeclared(destination) == false)
{
if (permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
{

18
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java
View File

@@ -21,8 +21,6 @@ package org.alfresco.module.org_alfresco_module_rm.capability.impl;
import java.io.Serializable;
import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
@@ -43,15 +41,15 @@ public class UpdateCapability extends CompositeCapability
*/
public int evaluate(NodeRef nodeRef, QName aspectQName, Map<QName, Serializable> properties)
{
if ((aspectQName != null) && (voter.isProtectedAspect(nodeRef, aspectQName)))
{
return AccessDecisionVoter.ACCESS_DENIED;
}
// if ((aspectQName != null) && (voter.isProtectedAspect(nodeRef, aspectQName)))
// {
// return AccessDecisionVoter.ACCESS_DENIED;
// }
if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
{
return AccessDecisionVoter.ACCESS_DENIED;
}
// if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
// {
// return AccessDecisionVoter.ACCESS_DENIED;
// }
return evaluate(nodeRef);
}

10
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java
View File

@@ -21,8 +21,6 @@ package org.alfresco.module.org_alfresco_module_rm.capability.impl;
import java.io.Serializable;
import java.util.Map;
import net.sf.acegisecurity.vote.AccessDecisionVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
@@ -42,10 +40,10 @@ public class UpdatePropertiesCapability extends CompositeCapability
*/
public int evaluate(NodeRef nodeRef, Map<QName, Serializable> properties)
{
if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
{
return AccessDecisionVoter.ACCESS_DENIED;
}
// if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
// {
// return AccessDecisionVoter.ACCESS_DENIED;
// }
return evaluate(nodeRef);
}

42
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelAccessDeniedException.java Normal file
View File

@@ -0,0 +1,42 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.model.security;
import org.alfresco.repo.security.permissions.AccessDeniedException;
/**
* Model access denied exception implementation
*
* @author Roy Wetherall
* @since 2.1
*/
public class ModelAccessDeniedException extends AccessDeniedException
{
private static final long serialVersionUID = 6796435040345714366L;
public ModelAccessDeniedException(String msg)
{
super(msg);
}
public ModelAccessDeniedException(String msg, Throwable cause)
{
super(msg, cause);
}
}

114
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityService.java Normal file
View File

@@ -0,0 +1,114 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.model.security;
import java.util.Set;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* Model security service interface.
*
* @author Roy Wetherall
* @since 2.1
*/
public interface ModelSecurityService
{
/**
* Registers a protected model artifact with the service.
*
* @param atrifact protected model artifact
*/
void register(ProtectedModelArtifact atrifact);
/**
* Indicates whether a property is protected or not.
*
* @param name name of property
* @return boolean true if property is protected, false otherwise
*/
boolean isProtectedProperty(QName property);
/**
* Get the protected properties
*
* @return {@link Set}<{@link QName}> all the protected properties
*/
Set<QName> getProtectedProperties();
/**
* Get the details of the protected property, returns null if property
* is not protected.
*
* @param name name of the protected property
* @return {@link ProtectedProperty} protected property details, null otherwise
*/
ProtectedProperty getProtectedProperty(QName name);
/**
* Indicates whether the current user can edit a protected property in the context of
* a given node.
* <p>
* If the property is not protected then returns true.
*
* @param nodeRef node reference
* @param property name of the property
* @return boolean true if the current user can edit the protected property or the property
* is not protected, false otherwise
*/
boolean canEditProtectedProperty(NodeRef nodeRef, QName property);
/**
* Indicates whether an aspect is protected or not.
*
* @param aspect aspect name
* @return boolean true if aspect is protected, false otherwise
*/
boolean isProtectedAspect(QName aspect);
/**
* Get the protected aspects.
*
* @return {@link Set}<{@link QName}> all the protected aspects
*/
Set<QName> getProtectedAspects();
/**
* Get the details of the protected aspect, returns null if aspect is
* not protected.
*
* @param name name of the aspect
* @return {@link ProtectedAspect} protected aspect details, null otherwise
*/
ProtectedAspect getProtectedAspect(QName name);
/**
* Indicates whether the current user can edit (ie add or remove) a protected
* aspect in the context of a given node.
* <p>
* If the aspect is not protected then returns true.
*
* @param nodeRef node reference
* @param aspect name of the of aspect
* @return boolean true if the current user can edit the protected aspect or the the
* aspect is not protected, false otherwise
*/
boolean canEditProtectedAspect(NodeRef nodeRef, QName aspect);
}

351
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityServiceImpl.java Normal file
View File

@@ -0,0 +1,351 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.model.security;
import java.io.Serializable;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.EqualsHelper;
/**
* Model security service implementation.
* <p>
* This service records the protected properties and aspects, ensuring that only those with the appropriate capabilities can edit them.
*
* @author Roy Wetherall
* @since 2.1
*/
public class ModelSecurityServiceImpl implements ModelSecurityService,
RecordsManagementModel,
NodeServicePolicies.BeforeAddAspectPolicy,
NodeServicePolicies.BeforeRemoveAspectPolicy,
NodeServicePolicies.OnUpdatePropertiesPolicy
{
/** Policy component */
private PolicyComponent policyComponent;
/** Node service */
private NodeService nodeService;
/** Capability service */
private CapabilityService capabilityService;
/** Namespace service */
private NamespaceService namespaceService;
/** Map of protected properties keyed by name */
private Map<QName, ProtectedProperty> protectedProperties = new HashMap<QName, ProtectedProperty>(21);
/** Map of protected aspects keyed by name */
private Map<QName, ProtectedAspect> protectedAspects= new HashMap<QName, ProtectedAspect>(21);
/** Behaviour instances */
private JavaBehaviour beforeAddAspectBehaviour = new JavaBehaviour(this,
"beforeAddAspect",
NotificationFrequency.EVERY_EVENT);
private JavaBehaviour beforeRemoveAspectBehaviour = new JavaBehaviour(this,
"beforeRemoveAspect",
NotificationFrequency.EVERY_EVENT);
private JavaBehaviour onUpdatePropertiesBehaviour = new JavaBehaviour(this,
"onUpdateProperties",
NotificationFrequency.EVERY_EVENT);
/**
* @param policyComponent policy component
*/
public void setPolicyComponent(PolicyComponent policyComponent)
{
this.policyComponent = policyComponent;
}
/**
* @param nodeService node service
*/
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
/**
* @param capabilityService capability service
*/
public void setCapabilityService(CapabilityService capabilityService)
{
this.capabilityService = capabilityService;
}
/**
* @param namespaceService namespace service
*/
public void setNamespaceService(NamespaceService namespaceService)
{
this.namespaceService = namespaceService;
}
/**
* Init method
*/
public void init()
{
// bind model security behaviours to all records management artifacts components
policyComponent.bindClassBehaviour(
NodeServicePolicies.BeforeAddAspectPolicy.QNAME,
this,
beforeAddAspectBehaviour);
policyComponent.bindClassBehaviour(
NodeServicePolicies.BeforeRemoveAspectPolicy.QNAME,
this,
beforeRemoveAspectBehaviour);
policyComponent.bindClassBehaviour(
NodeServicePolicies.OnUpdatePropertiesPolicy.QNAME,
this,
onUpdatePropertiesBehaviour);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#register(org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedModelArtifact)
*/
@Override
public void register(ProtectedModelArtifact artifact)
{
// TODO validate that the artifact has a valid property and has a capability set ...
if (artifact instanceof ProtectedProperty)
{
protectedProperties.put(artifact.getQName(), (ProtectedProperty)artifact);
}
else if (artifact instanceof ProtectedAspect)
{
protectedAspects.put(artifact.getQName(), (ProtectedAspect)artifact);
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#isProtectedProperty(org.alfresco.service.namespace.QName)
*/
@Override
public boolean isProtectedProperty(QName property)
{
return protectedProperties.containsKey(property);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#getProtectedProperties()
*/
@Override
public Set<QName> getProtectedProperties()
{
return Collections.unmodifiableSet(protectedProperties.keySet());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#getProtectedProperty(org.alfresco.service.namespace.QName)
*/
@Override
public ProtectedProperty getProtectedProperty(QName name)
{
return protectedProperties.get(name);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#canEditProtectedProperty(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
*/
@Override
public boolean canEditProtectedProperty(NodeRef nodeRef, QName property)
{
boolean result = false;
ProtectedModelArtifact artifact = getProtectedProperty(property);
if (artifact == null)
{
result = true;
}
else
{
result = canEdit(nodeRef, artifact);
}
return result;
}
/**
* Indicates whether the current user can edit protected model artifact in the context
* of a given node or not.
*
* @param nodeRef node reference
* @param artifact protected model artifact
* @return boolean true if the current user can edit the protected model artifact, false otherwise
*/
private boolean canEdit(NodeRef nodeRef, ProtectedModelArtifact artifact)
{
boolean result = false;
for (Capability capability : artifact.getCapabilities())
{
AccessStatus accessStatus = capabilityService.getCapabilityAccessState(nodeRef, capability.getName());
if (AccessStatus.ALLOWED.equals(accessStatus) == true)
{
result = true;
break;
}
}
return result;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#isProtectedAspect(org.alfresco.service.namespace.QName)
*/
@Override
public boolean isProtectedAspect(QName aspect)
{
return protectedAspects.containsKey(aspect);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#getProtectedAspects()
*/
@Override
public Set<QName> getProtectedAspects()
{
return Collections.unmodifiableSet(protectedAspects.keySet());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#getProtectedAspect(org.alfresco.service.namespace.QName)
*/
@Override
public ProtectedAspect getProtectedAspect(QName name)
{
return protectedAspects.get(name);
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#canEditProtectedAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
*/
@Override
public boolean canEditProtectedAspect(NodeRef nodeRef, QName aspect)
{
boolean result = false;
ProtectedModelArtifact artifact = getProtectedAspect(aspect);
if (artifact == null)
{
result = true;
}
else
{
result = canEdit(nodeRef, artifact);
}
return result;
}
/**
* @see org.alfresco.repo.node.NodeServicePolicies.BeforeAddAspectPolicy#beforeAddAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
*/
@Override
public void beforeAddAspect(NodeRef nodeRef, QName aspect)
{
if (AuthenticationUtil.getFullyAuthenticatedUser() != null &&
AuthenticationUtil.isRunAsUserTheSystemUser() == false &&
isProtectedAspect(aspect) == true &&
nodeService.exists(nodeRef) == true &&
canEditProtectedAspect(nodeRef, aspect) == false)
{
// the user can't edit the protected aspect
throw new ModelAccessDeniedException(
"The user " + AuthenticationUtil.getFullyAuthenticatedUser() +
" does not have the permission to add the protected aspect " + aspect.toPrefixString(namespaceService) +
" from the node " + nodeRef.toString());
}
}
/**
* @see org.alfresco.repo.node.NodeServicePolicies.BeforeRemoveAspectPolicy#beforeRemoveAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
*/
@Override
public void beforeRemoveAspect(NodeRef nodeRef, QName aspect)
{
if (AuthenticationUtil.getFullyAuthenticatedUser() != null &&
AuthenticationUtil.isRunAsUserTheSystemUser() == false &&
isProtectedAspect(aspect) == true &&
nodeService.exists(nodeRef) == true &&
canEditProtectedAspect(nodeRef, aspect) == false)
{
// the user can't edit the protected aspect
throw new ModelAccessDeniedException(
"The user " + AuthenticationUtil.getFullyAuthenticatedUser() +
" does not have the permission to remove the protected aspect " + aspect.toPrefixString(namespaceService) +
" from the node " + nodeRef.toString());
}
}
/**
* @see org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy#onUpdateProperties(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, java.util.Map)
*/
@Override
public void onUpdateProperties(NodeRef nodeRef, Map<QName, Serializable> before, Map<QName, Serializable> after)
{
if (AuthenticationUtil.getFullyAuthenticatedUser() != null &&
AuthenticationUtil.isRunAsUserTheSystemUser() == false &&
nodeService.exists(nodeRef) == true)
{
for (QName property : after.keySet())
{
if (isProtectedProperty(property) == true)
{
ProtectedProperty protectedProperty = getProtectedProperty(property);
if ((before == null || before.isEmpty() || before.get(property) == null) &&
protectedProperty.isAllwaysAllowNew() == true)
{
return;
}
if (EqualsHelper.nullSafeEquals(before.get(property), after.get(property)) == false &&
canEditProtectedProperty(nodeRef, property) == false)
{
// the user can't edit the protected property
throw new ModelAccessDeniedException(
"The user " + AuthenticationUtil.getFullyAuthenticatedUser() +
" does not have the permission to edit the protected property " + property.toPrefixString(namespaceService) +
" on the node " + nodeRef.toString());
}
}
}
}
}
}

28
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedAspect.java Normal file
View File

@@ -0,0 +1,28 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.model.security;
/**
* @author Roy Wetherall
* @since 2.1
*/
public class ProtectedAspect extends ProtectedModelArtifact
{
}

80
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedModelArtifact.java Normal file
View File

@@ -0,0 +1,80 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.model.security;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
/**
*
*
* @author Roy Wetherall
* @since 2.1
*/
public abstract class ProtectedModelArtifact
{
/** Model security service */
private ModelSecurityService modelSecurityService;
/** Namespace service */
private NamespaceService namespaceService;
private QName name;
private Set<Capability> capabilities;
public void setNamespaceService(NamespaceService namespaceService)
{
this.namespaceService = namespaceService;
}
public void setModelSecurityService(ModelSecurityService modelSecurityService)
{
this.modelSecurityService = modelSecurityService;
}
public void init()
{
modelSecurityService.register(this);
}
public void setName(String name)
{
QName qname = QName.createQName(name, namespaceService);
this.name = qname;
}
public QName getQName()
{
return name;
}
public void setCapabilities(Set<Capability> capabilities)
{
this.capabilities = capabilities;
}
public Set<Capability> getCapabilities()
{
return capabilities;
}
}

38
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedProperty.java Normal file
View File

@@ -0,0 +1,38 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.model.security;
/**
* @author Roy Wetherall
* @since 2.1
*/
public class ProtectedProperty extends ProtectedModelArtifact
{
private boolean allwaysAllowNew = false;
public void setAllwaysAllowNew(boolean allwaysAllowNew)
{
this.allwaysAllowNew = allwaysAllowNew;
}
public boolean isAllwaysAllowNew()
{
return allwaysAllowNew;
}
}

28
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java
View File

@@ -21,6 +21,7 @@ package org.alfresco.module.org_alfresco_module_rm.security;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
@@ -31,20 +32,6 @@ import org.alfresco.service.namespace.QName;
*/
public interface RecordsManagementSecurityService
{
/**
* Get the set of aspect QNames which can not be added direct via the public node service;
* they must be managed via the appropriate actions.
* @return
*/
Set<QName> getProtectedAspects();
/**
* Get the set of property QNames which can not be added, updated or removed direct via the public node service;
* they must be managed via the appropriate actions.
* @return
*/
Set<QName> getProtectedProperties();
/**
* Creates the initial set of default roles for a root records management node
*
@@ -152,4 +139,17 @@ public interface RecordsManagementSecurityService
* @param permission permission
*/
void deletePermission(NodeRef nodeRef, String authority, String permission);
/**
* @return {@link Set}<{@link QName}> protected aspect names
* @deprecated As of release 2.1, replaced by {@link ModelSecurityService#getProtectedAspects}
*/
@Deprecated
Set<QName> getProtectedAspects();
/**
* @return {@link Set}<{@link QName}> protected properties
* @deprecated As of release 2.1, replaced by {@link ModelSecurityService#getProtectedProperties}
*/
Set<QName> getProtectedProperties();
}

52
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
View File

@@ -34,9 +34,9 @@ import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoter;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
@@ -84,12 +84,12 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
/** Records management service */
private RecordsManagementService recordsManagementService;
/** Model security service */
private ModelSecurityService modelSecurityService;
/** Node service */
private NodeService nodeService;
/** RM Entry voter */
private RMEntryVoter voter;
/** Records management role zone */
public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone";
@@ -160,13 +160,11 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
}
/**
* Set the RM voter
*
* @param voter
* @param modelSecurityService model security service
*/
public void setVoter(RMEntryVoter voter)
public void setModelSecurityService(ModelSecurityService modelSecurityService)
{
this.voter = voter;
this.modelSecurityService = modelSecurityService;
}
/**
@@ -416,22 +414,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
}, AuthenticationUtil.getSystemUserName());
}
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedAspects()
*/
public Set<QName> getProtectedAspects()
{
return voter.getProtetcedAscpects();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedProperties()
*/
public Set<QName> getProtectedProperties()
{
return voter.getProtectedProperties();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#bootstrapDefaultRoles(org.alfresco.service.cmr.repository.NodeRef)
@@ -1016,4 +998,24 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
}
}, AuthenticationUtil.getSystemUserName());
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedAspects()
*/
@Deprecated
@Override
public Set<QName> getProtectedAspects()
{
return modelSecurityService.getProtectedAspects();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedProperties()
*/
@Deprecated
@Override
public Set<QName> getProtectedProperties()
{
return modelSecurityService.getProtectedProperties();
}
}

25
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/BroadcastVitalRecordDefinitionAction.java
View File

@@ -20,10 +20,8 @@ package org.alfresco.module.org_alfresco_module_rm.vital;
import java.io.Serializable;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
@@ -77,7 +75,7 @@ public class BroadcastVitalRecordDefinitionAction extends RMActionExecuterAbstra
NodeRef nextChild = nextAssoc.getChildRef();
// If the child is a record, then the VitalRecord aspect needs to be applied or updated
if (recordsManagementService.isRecord(nextChild))
if (recordService.isRecord(nextChild))
{
if (parentVri)
{
@@ -102,7 +100,7 @@ public class BroadcastVitalRecordDefinitionAction extends RMActionExecuterAbstra
}
// Recurse down the containment hierarchy to all containers
if (recordsManagementService.isRecord(nextChild) == false)
if (recordService.isRecord(nextChild) == false)
{
this.propagateChangeToChildrenOf(nextChild);
}
@@ -114,23 +112,4 @@ public class BroadcastVitalRecordDefinitionAction extends RMActionExecuterAbstra
{
return true;
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_REVIEW_PERIOD);
qnames.add(PROP_VITAL_RECORD_INDICATOR);
qnames.add(PROP_REVIEW_AS_OF);
return qnames;
}
@Override
public Set<QName> getProtectedAspects()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(RecordsManagementModel.ASPECT_VITAL_RECORD);
return qnames;
}
}

13
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/ReviewedAction.java
View File

@@ -20,16 +20,13 @@ package org.alfresco.module.org_alfresco_module_rm.vital;
import java.io.Serializable;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase;
import org.alfresco.service.cmr.action.Action;
import org.alfresco.service.cmr.action.ParameterDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -53,7 +50,7 @@ public class ReviewedAction extends RMActionExecuterAbstractBase
VitalRecordDefinition vrDef = vitalRecordService.getVitalRecordDefinition(actionedUponNodeRef);
if (vrDef != null && vrDef.isEnabled() == true)
{
if (recordsManagementService.isRecord(actionedUponNodeRef) == true)
if (recordService.isRecord(actionedUponNodeRef) == true)
{
reviewRecord(actionedUponNodeRef, vrDef);
}
@@ -104,14 +101,6 @@ public class ReviewedAction extends RMActionExecuterAbstractBase
{
// Intentionally empty
}
@Override
public Set<QName> getProtectedProperties()
{
HashSet<QName> qnames = new HashSet<QName>();
qnames.add(PROP_REVIEW_AS_OF);
return qnames;
}
@Override
protected boolean isExecutableImpl(NodeRef filePlanComponent, Map<String, Serializable> parameters, boolean throwException)

1
rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java
View File

@@ -25,6 +25,7 @@ import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.service.cmr.security.PermissionService;
/**

137
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
View File

@@ -66,6 +66,12 @@ public class CapabilitiesTest extends BaseRMTestCase implements
return true;
}
@Override
protected boolean isFillingForAllUsers()
{
return true;
}
@Override
protected void setupTestDataImpl()
{
@@ -73,19 +79,6 @@ public class CapabilitiesTest extends BaseRMTestCase implements
record = utils.createRecord(rmFolder, "CapabilitiesTest.txt");
}
@Override
protected void setupTestUsersImpl(NodeRef filePlan)
{
super.setupTestUsersImpl(filePlan);
// Give all the users file permission objects
for (String user : testUsers)
{
securityService.setPermission(filePlan, user, FILING);
securityService.setPermission(rmContainer, user, FILING);
}
}
protected void check(Map<Capability, AccessStatus> access, String name, AccessStatus accessStatus)
{
@@ -289,124 +282,6 @@ public class CapabilitiesTest extends BaseRMTestCase implements
}
/**
* Test the capability configuration
*/
public void testConfig()
{
retryingTransactionHelper.doInTransaction(
new RetryingTransactionCallback<Object>()
{
@Override
public Object execute() throws Throwable
{
// As system user
AuthenticationUtil
.setFullyAuthenticatedUser(AuthenticationUtil
.getSystemUserName());
assertEquals(6, securityService.getProtectedAspects()
.size());
assertEquals(13, securityService
.getProtectedProperties().size());
// Test action wire up
testCapabilityActions(0, ACCESS_AUDIT);
testCapabilityActions(2, ADD_MODIFY_EVENT_DATES);
testCapabilityActions(2,
APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF);
testCapabilityActions(0,
ATTACH_RULES_TO_METADATA_PROPERTIES);
testCapabilityActions(2, AUTHORIZE_ALL_TRANSFERS);
testCapabilityActions(2, AUTHORIZE_NOMINATED_TRANSFERS);
testCapabilityActions(0, CHANGE_OR_DELETE_REFERENCES);
testCapabilityActions(1, CLOSE_FOLDERS);
testCapabilityActions(0,
CREATE_AND_ASSOCIATE_SELECTION_LISTS);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES);
testCapabilityActions(0, CREATE_MODIFY_DESTROY_EVENTS);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_FILEPLAN_METADATA);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_FILEPLAN_TYPES);
testCapabilityActions(0, CREATE_MODIFY_DESTROY_FOLDERS);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_RECORD_TYPES);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_REFERENCE_TYPES);
testCapabilityActions(0, CREATE_MODIFY_DESTROY_ROLES);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_TIMEFRAMES);
testCapabilityActions(0,
CREATE_MODIFY_DESTROY_USERS_AND_GROUPS);
testCapabilityActions(0,
CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS);
testCapabilityActions(1, CYCLE_VITAL_RECORDS);
testCapabilityActions(0, DECLARE_AUDIT_AS_RECORD);
testCapabilityActions(2, DECLARE_RECORDS);
testCapabilityActions(1,
DECLARE_RECORDS_IN_CLOSED_FOLDERS);
testCapabilityActions(0, DELETE_AUDIT);
testCapabilityActions(0, DELETE_LINKS);
testCapabilityActions(0, DELETE_RECORDS);
testCapabilityActions(0, DESTROY_RECORDS);
testCapabilityActions(1,
DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION);
testCapabilityActions(0, DISPLAY_RIGHTS_REPORT);
testCapabilityActions(0, EDIT_DECLARED_RECORD_METADATA);
testCapabilityActions(0, EDIT_NON_RECORD_METADATA);
testCapabilityActions(0, EDIT_RECORD_METADATA);
testCapabilityActions(0, EDIT_SELECTION_LISTS);
testCapabilityActions(0, ENABLE_DISABLE_AUDIT_BY_TYPES);
testCapabilityActions(0, EXPORT_AUDIT);
testCapabilityActions(1,
EXTEND_RETENTION_PERIOD_OR_FREEZE);
testCapabilityActions(1, FILE_RECORDS);
testCapabilityActions(0,
MAKE_OPTIONAL_PARAMETERS_MANDATORY);
testCapabilityActions(0, MANAGE_ACCESS_CONTROLS);
testCapabilityActions(0, MANAGE_ACCESS_RIGHTS);
testCapabilityActions(1,
MANUALLY_CHANGE_DISPOSITION_DATES);
testCapabilityActions(0,
MAP_CLASSIFICATION_GUIDE_METADATA);
testCapabilityActions(0, MAP_EMAIL_METADATA);
testCapabilityActions(0, MOVE_RECORDS);
testCapabilityActions(0, PASSWORD_CONTROL);
testCapabilityActions(1, PLANNING_REVIEW_CYCLES);
testCapabilityActions(1, RE_OPEN_FOLDERS);
testCapabilityActions(0, SELECT_AUDIT_METADATA);
testCapabilityActions(0, TRIGGER_AN_EVENT);
testCapabilityActions(1, UNDECLARE_RECORDS);
testCapabilityActions(2, UNFREEZE);
testCapabilityActions(0, UPDATE_CLASSIFICATION_DATES);
testCapabilityActions(0, UPDATE_EXEMPTION_CATEGORIES);
testCapabilityActions(0, UPDATE_TRIGGER_DATES);
testCapabilityActions(0,
UPDATE_VITAL_RECORD_CYCLE_INFORMATION);
testCapabilityActions(0,
UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS);
testCapabilityActions(0, VIEW_RECORDS);
testCapabilityActions(1, VIEW_UPDATE_REASONS_FOR_FREEZE);
return null;
}
}, false, true);
}
/**
* Test the capability actions
*
* @param count
* @param capability
*/
private void testCapabilityActions(int count, String capability)
{
assertEquals(count, capabilityService.getCapability(capability)
.getActionNames().size());
}
/**
* Test file plan as system
*/

3
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
View File

@@ -150,8 +150,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
capability.isPrivate() == false &&
capability.getName().equals("MoveRecords") == false &&
capability.getName().equals("DeleteLinks") == false &&
capability.getName().equals("ChangeOrDeleteReferences") == false &&
capability.getActionNames().isEmpty() == true)
capability.getName().equals("ChangeOrDeleteReferences") == false)
{
testDeclarativeCapability((DeclarativeCapability)capability);
}

24
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/DataSetServiceImplTest.java
View File

@@ -1,3 +1,21 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.service;
import java.io.Serializable;
@@ -13,6 +31,12 @@ import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordDefinition;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Dataset Service Test
*
* @author Tuna Aksoy
* @since 2.1
*/
public class DataSetServiceImplTest extends BaseRMTestCase
{
/** Id of the test data set*/

19
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java
View File

@@ -1,4 +1,21 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.service;
import java.util.HashMap;

254
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java Normal file
View File

@@ -0,0 +1,254 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.test.service;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelAccessDeniedException;
import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService;
import org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedAspect;
import org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedProperty;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.service.namespace.QName;
/**
* Model security service test.
*
* @author Roy Wetherall
* @since 2.1
*/
public class ModelSecurityServiceImplTest extends BaseRMTestCase
{
private static final QName CUSTOM_ASPECT = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customAspect");
private static final QName CUSTOM_PROTECTED_ASPECT = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProtectedAspect");
private static final QName CUSTOM_PROPERTY = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProperty");
private static final QName CUSTOM_PROTECTED_PROPERTY = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProtectedProperty");
/** Model security service */
private ModelSecurityService modelSecurityService;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
*/
@Override
protected boolean isUserTest()
{
return true;
}
@Override
protected boolean isFillingForAllUsers()
{
return true;
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#initServices()
*/
@Override
protected void initServices()
{
super.initServices();
modelSecurityService = (ModelSecurityService)applicationContext.getBean("ModelSecurityService");
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestDataImpl()
*/
@Override
protected void setupTestDataImpl()
{
super.setupTestDataImpl();
}
/**
* test - getProtectedAspects(), isProtectedAspect(), getProtectedAspect()
*/
public void testProtectedAspects() throws Exception
{
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
Set<QName> protectedAspects = modelSecurityService.getProtectedAspects();
assertNotNull(protectedAspects);
assertFalse(protectedAspects.isEmpty());
assertTrue(protectedAspects.contains(CUSTOM_PROTECTED_ASPECT));
assertFalse(protectedAspects.contains(CUSTOM_ASPECT));
assertTrue(modelSecurityService.isProtectedAspect(CUSTOM_PROTECTED_ASPECT));
assertFalse(modelSecurityService.isProtectedAspect(CUSTOM_ASPECT));
ProtectedAspect protectedAspect = modelSecurityService.getProtectedAspect(CUSTOM_ASPECT);
assertNull(protectedAspect);
protectedAspect = modelSecurityService.getProtectedAspect(CUSTOM_PROTECTED_ASPECT);
assertNotNull(protectedAspect);
assertNotNull(protectedAspect.getQName());
assertNotNull(protectedAspect.getCapabilities());
}
});
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.isProtectedAspect(CUSTOM_PROTECTED_ASPECT));
assertFalse(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
}
}, powerUserName);
doTestInTransaction(new FailureTest
(
"Normal rm user should not have the permissions to add the protected aspect.",
ModelAccessDeniedException.class
)
{
@Override
public void run() throws Exception
{
// try and add the aspect
nodeService.addAspect(rmFolder, CUSTOM_PROTECTED_ASPECT, null);
}
}, powerUserName);
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
// try and add the aspect
nodeService.addAspect(rmFolder, CUSTOM_PROTECTED_ASPECT, null);
assertTrue(nodeService.hasAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
}
}, rmAdminName);
// check protected aspect via removeAspect
doTestInTransaction(new FailureTest
(
"Normal rm user should not have the permissions to remove the custom aspect.",
ModelAccessDeniedException.class
)
{
@Override
public void run() throws Exception
{
nodeService.removeAspect(rmFolder, CUSTOM_PROTECTED_ASPECT);
}
}, powerUserName);
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
nodeService.removeAspect(rmFolder, CUSTOM_PROTECTED_ASPECT);
assertFalse(nodeService.hasAspect(rmFolder, CUSTOM_PROTECTED_ASPECT));
}
}, rmAdminName);
}
/**
* test - getProtectedProperties(), isProtectedProperty(), getProtectedProperty()
*/
public void testProtectedProperties() throws Exception
{
doTestInTransaction(new VoidTest()
{
public void runImpl()
{
Set<QName> protectedProperties = modelSecurityService.getProtectedProperties();
assertNotNull(protectedProperties);
assertFalse(protectedProperties.isEmpty());
assertTrue(protectedProperties.contains(CUSTOM_PROTECTED_PROPERTY));
assertFalse(protectedProperties.contains(CUSTOM_PROPERTY));
assertTrue(modelSecurityService.isProtectedProperty(CUSTOM_PROTECTED_PROPERTY));
assertFalse(modelSecurityService.isProtectedProperty(CUSTOM_PROPERTY));
ProtectedProperty protectedProperty = modelSecurityService.getProtectedProperty(CUSTOM_PROPERTY);
assertNull(protectedProperty);
protectedProperty = modelSecurityService.getProtectedProperty(CUSTOM_PROTECTED_PROPERTY);
assertNotNull(protectedProperty);
assertNotNull(protectedProperty.getQName());
assertNotNull(protectedProperty.getCapabilities());
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, rmAdminName);
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, powerUserName);
}
});
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.isProtectedProperty(CUSTOM_PROTECTED_PROPERTY));
assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, powerUserName);
doTestInTransaction(new FailureTest
(
"Should not have the permissions to edit protected property.",
ModelAccessDeniedException.class
)
{
@Override
public void run() throws Exception
{
nodeService.setProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY, "hello");
}
}, powerUserName);
doTestInTransaction(new VoidTest()
{
@Override
public void runImpl() throws Exception
{
assertTrue(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
nodeService.setProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY, "hello");
assertEquals("hello", nodeService.getProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY));
}
}, rmAdminName);
}
}

5
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceTestImpl.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -22,7 +22,6 @@ import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.action.dm.CreateRecordAction;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.site.SiteModel;
@@ -147,7 +146,7 @@ public class RecordServiceTestImpl extends BaseRMTestCase
assertEquals(AccessStatus.ALLOWED, dmPermissionService.hasPermission(dmDocument, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.ALLOWED, dmPermissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS));
assertTrue(rmService.isRecord(dmDocument));
assertTrue(recordService.isRecord(dmDocument));
//
Capability createCapability = capabilityService.getCapability("Create");

58
rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java
View File

@@ -27,6 +27,7 @@ import org.alfresco.module.org_alfresco_module_rm.RecordsManagementAdminService;
import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.dataset.DataSetService;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule;
import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
@@ -70,7 +71,7 @@ import org.springframework.context.ApplicationContext;
* @author Roy Wetherall
*/
public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
implements RecordsManagementModel, ContentModel
implements RecordsManagementModel, ContentModel, RMPermissionModel
{
/** Application context */
protected static final String[] CONFIG_LOCATIONS = new String[]
@@ -221,6 +222,15 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
return false;
}
/**
* Indicates whether the test users should have filling on the file plan structure
* by default or not.
*/
protected boolean isFillingForAllUsers()
{
return false;
}
/**
* @see junit.framework.TestCase#setUp()
*/
@@ -431,8 +441,23 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
recordsManagerName,
rmAdminName
};
if (isFillingForAllUsers() == true)
{
// Give all the users file permission objects
for (String user : testUsers)
{
securityService.setPermission(filePlan, user, FILING);
securityService.setPermission(rmContainer, user, FILING);
}
}
}
/**
* Util method to create a person.
* @param userName user name
* @return NodeRef user node reference
*/
protected NodeRef createPerson(String userName)
{
authenticationService.createAuthentication(userName, "password".toCharArray());
@@ -498,4 +523,35 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase
mhRecordFolder44 = rmService.createRecordFolder(mhContainer34, "mhFolder44");
mhRecordFolder45 = rmService.createRecordFolder(mhContainer35, "mhFolder45");
}
/**
* Helper class to try and simplify {@link Void} tests.
*
* @author Roy Wetherall
* @since 2.1
*/
protected abstract class VoidTest extends Test<Void>
{
@Override
public Void run() throws Exception
{
runImpl();
return null;
}
public abstract void runImpl() throws Exception;
@Override
public void test(Void result) throws Exception
{
testImpl();
}
public void testImpl() throws Exception
{
// empty implementation
}
}
}

19
rm-server/test/resources/test-context.xml
View File

@@ -73,4 +73,23 @@
<property name="id" value="testExampleData"/>
<property name="path" value="test-filePlan.xml" />
</bean>
<bean id="rm.protectedAspect.rmt_customProtectedAspect" parent="protectedAspect">
<property name="name" value="rmt:customProtectedAspect"/>
<property name="capabilities">
<set>
<ref bean="rmPasswordControlCapability" />
</set>
</property>
</bean>
<bean id="rm.protectedProperty.rmt_customProtectedProperty" parent="protectedProperty">
<property name="name" value="rmt:customProtectedProperty"/>
<property name="capabilities">
<set>
<ref bean="rmPasswordControlCapability" />
</set>
</property>
</bean>
</beans>

13
rm-server/test/resources/test-model.xml
View File

@@ -33,7 +33,18 @@
<aspects>
<aspect name="rmt:customAspect">
<aspect name="rmt:customAspect">
</aspect>
<aspect name="rmt:customProtectedAspect">
<properties>
<property name="rmt:customProperty">
<type>d:text</type>
</property>
<property name="rmt:customProtectedProperty">
<type>d:text</type>
</property>
</properties>
</aspect>
<aspect name="rmt:recordMetaData">