From e7f1b2e62ca5fb7fcd834a8a4af9622a212f8529 Mon Sep 17 00:00:00 2001 From: Roy Wetherall Date: Mon, 3 Dec 2012 04:06:47 +0000 Subject: [PATCH] RM-567: Refactor protected aspects and properties * actions and capabilities no long linked * protected aspects and properties can be configured in their own right * protected model security service added * action implementation refactored accordingly * capability implementations refactored accordingly * unit tests git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@44229 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../model/rm-model-security-context.xml | 164 ++++++++ .../rm-action-context.xml | 82 ++-- .../rm-model-context.xml | 3 + .../rm-service-context.xml | 60 ++- .../action/RMActionExecuterAbstractBase.java | 48 +-- ...DispositionActionExecuterAbstractBase.java | 27 +- .../action/RecordsManagementAction.java | 6 +- .../RecordsManagementActionServiceImpl.java | 3 +- .../action/impl/ApplyCustomTypeAction.java | 2 +- ...spositionActionDefinitionUpdateAction.java | 21 -- .../action/impl/CloseRecordFolderAction.java | 11 - .../action/impl/CompleteEventAction.java | 34 +- .../action/impl/CutOffAction.java | 22 +- .../action/impl/DeclareRecordAction.java | 12 - .../EditDispositionActionAsOfDateAction.java | 14 - .../action/impl/EditHoldReasonAction.java | 25 -- .../action/impl/EditReviewAsOfDateAction.java | 19 +- .../action/impl/FileAction.java | 36 +- .../action/impl/FreezeAction.java | 28 +- .../action/impl/OpenRecordFolderAction.java | 11 - .../action/impl/RelinquishHoldAction.java | 14 - .../action/impl/SplitEmailAction.java | 4 +- .../action/impl/UndeclareRecordAction.java | 15 +- .../action/impl/UndoEventAction.java | 20 - .../action/impl/UnfreezeAction.java | 14 - .../capability/AbstractCapability.java | 94 +++-- .../capability/Capability.java | 12 - .../capability/RMEntryVoter.java | 99 ----- .../capability/RMSecurityCommon.java | 6 - .../capability/impl/CreateCapability.java | 4 +- .../capability/impl/UpdateCapability.java | 18 +- .../impl/UpdatePropertiesCapability.java | 10 +- .../security/ModelAccessDeniedException.java | 42 +++ .../model/security/ModelSecurityService.java | 114 ++++++ .../security/ModelSecurityServiceImpl.java | 351 ++++++++++++++++++ .../model/security/ProtectedAspect.java | 28 ++ .../security/ProtectedModelArtifact.java | 80 ++++ .../model/security/ProtectedProperty.java | 38 ++ .../RecordsManagementSecurityService.java | 28 +- .../RecordsManagementSecurityServiceImpl.java | 52 +-- .../BroadcastVitalRecordDefinitionAction.java | 25 +- .../vital/ReviewedAction.java | 13 +- .../impl/RMPermissionServiceImpl.java | 1 + .../test/capabilities/CapabilitiesTest.java | 137 +------ .../DeclarativeCapabilityTest.java | 3 +- .../test/service/DataSetServiceImplTest.java | 24 ++ .../ExtendedSecurityServiceImplTest.java | 19 +- .../service/ModelSecurityServiceImplTest.java | 254 +++++++++++++ .../test/service/RecordServiceTestImpl.java | 5 +- .../test/util/BaseRMTestCase.java | 58 ++- rm-server/test/resources/test-context.xml | 19 + rm-server/test/resources/test-model.xml | 13 +- 52 files changed, 1469 insertions(+), 773 deletions(-) create mode 100644 rm-server/config/alfresco/module/org_alfresco_module_rm/model/rm-model-security-context.xml create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelAccessDeniedException.java create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityService.java create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityServiceImpl.java create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedAspect.java create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedModelArtifact.java create mode 100644 rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedProperty.java create mode 100644 rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/model/rm-model-security-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/model/rm-model-security-context.xml new file mode 100644 index 0000000000..d5d6ca9392 --- /dev/null +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/model/rm-model-security-context.xml @@ -0,0 +1,164 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-action-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-action-context.xml index 2be23cf20e..b9957f7141 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-action-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-action-context.xml @@ -90,10 +90,7 @@ - - - - + @@ -119,9 +116,7 @@ - - - + @@ -146,9 +141,7 @@ - - - + @@ -182,7 +175,6 @@ ${rm.ghosting.enabled} - @@ -234,9 +226,7 @@ - - - + @@ -261,9 +251,7 @@ - - - + @@ -288,9 +276,7 @@ - - - + @@ -316,7 +302,7 @@ - + @@ -342,14 +328,7 @@ - - - - - - - - + @@ -375,8 +354,7 @@ - - + @@ -402,9 +380,7 @@ - - - + @@ -429,9 +405,7 @@ - - - + @@ -446,9 +420,7 @@ - - - + @@ -473,9 +445,7 @@ - - - + @@ -500,9 +470,7 @@ - - - + @@ -527,9 +495,7 @@ - - - + @@ -612,8 +578,7 @@ - - + @@ -639,8 +604,7 @@ - - + @@ -666,8 +630,7 @@ - - + @@ -684,8 +647,7 @@ - - + @@ -711,8 +673,7 @@ - - + @@ -729,8 +690,7 @@ - - + diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml index caaa8b304d..f3b361fdd7 100644 --- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml +++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml @@ -107,6 +107,9 @@ parent="org_alfresco_module_rm_BaseBehaviour"> + + + - - + + @@ -544,8 +544,64 @@ + + + + + + + + + + + + + org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService + + + + + + + + + + + + + + + + + + + ${server.transaction.mode.default} + + + + + + + + + + + + + + + + + + + + diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java index 3db77a7800..f2802c6fa9 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMActionExecuterAbstractBase.java @@ -19,19 +19,14 @@ package org.alfresco.module.org_alfresco_module_rm.action; import java.io.Serializable; -import java.util.Collection; -import java.util.Collections; import java.util.Date; import java.util.HashMap; -import java.util.LinkedList; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementAdminService; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService; -import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionActionDefinition; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule; @@ -122,7 +117,7 @@ public abstract class RMActionExecuterAbstractBase extends ActionExecuterAbstra /** Freeze Service */ protected FreezeService freezeService; - protected LinkedList capabilities = new LinkedList();; + // protected LinkedList capabilities = new LinkedList();; /** Default constructor */ public RMActionExecuterAbstractBase() @@ -259,19 +254,19 @@ public abstract class RMActionExecuterAbstractBase extends ActionExecuterAbstra * Register with a single capability * @param capability */ - public void setCapability(AbstractCapability capability) - { - capabilities.add(capability); - } + // public void setCapability(AbstractCapability capability) + // { + // capabilities.add(capability); + // } /** * Register with several capabilities * @param capabilities */ - public void setCapabilities(Collection capabilities) - { - this.capabilities.addAll(capabilities); - } + // public void setCapabilities(Collection capabilities) + // { + // this.capabilities.addAll(capabilities); + // } public void setRecordsManagementAdminService(RecordsManagementAdminService recordsManagementAdminService) { @@ -302,10 +297,10 @@ public abstract class RMActionExecuterAbstractBase extends ActionExecuterAbstra PropertyCheck.mandatory(this, "recordsManagementAdminService", recordsManagementAdminService); PropertyCheck.mandatory(this, "recordsManagementEventService", recordsManagementEventService); - for(AbstractCapability capability : capabilities) - { - capability.registerAction(this); - } + // for(AbstractCapability capability : capabilities) + // { + // capability.registerAction(this); + // } } /** @@ -429,23 +424,6 @@ public abstract class RMActionExecuterAbstractBase extends ActionExecuterAbstra { // No parameters } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction#getProtectedProperties() - */ - public Set getProtectedProperties() - { - return Collections.emptySet(); - } - - - /** - * @see org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction#getProtectedAspects() - */ - public Set getProtectedAspects() - { - return Collections.emptySet(); - } /** * @see org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction#isExecutable(org.alfresco.service.cmr.repository.NodeRef, java.util.Map) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMDispositionActionExecuterAbstractBase.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMDispositionActionExecuterAbstractBase.java index 228d0e6f84..c2fcc8552e 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMDispositionActionExecuterAbstractBase.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RMDispositionActionExecuterAbstractBase.java @@ -20,10 +20,8 @@ package org.alfresco.module.org_alfresco_module_rm.action; import java.io.Serializable; import java.util.Date; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule; @@ -32,7 +30,6 @@ import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.action.ParameterDefinition; import org.alfresco.service.cmr.repository.ChildAssociationRef; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.RegexQNamePattern; import org.springframework.extensions.surf.util.I18NUtil; @@ -97,7 +94,7 @@ public abstract class RMDispositionActionExecuterAbstractBase extends RMActionEx if (di.isRecordLevelDisposition() == true) { // Check that we do indeed have a record - if (this.recordsManagementService.isRecord(actionedUponNodeRef) == true) + if (recordService.isRecord(actionedUponNodeRef) == true) { // Can only execute disposition action on record if declared if (recordService.isDeclared(actionedUponNodeRef) == true) @@ -273,16 +270,16 @@ public abstract class RMDispositionActionExecuterAbstractBase extends RMActionEx return result; } - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_DISPOSITION_ACTION_STARTED_AT); - qnames.add(PROP_DISPOSITION_ACTION_STARTED_BY); - qnames.add(PROP_DISPOSITION_ACTION_COMPLETED_AT); - qnames.add(PROP_DISPOSITION_ACTION_COMPLETED_BY); - return qnames; - } +// @Override +// public Set getProtectedProperties() +// { +// HashSet qnames = new HashSet(); +// qnames.add(PROP_DISPOSITION_ACTION_STARTED_AT); +// qnames.add(PROP_DISPOSITION_ACTION_STARTED_BY); +// qnames.add(PROP_DISPOSITION_ACTION_COMPLETED_AT); +// qnames.add(PROP_DISPOSITION_ACTION_COMPLETED_BY); +// return qnames; +// } @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) @@ -312,7 +309,7 @@ public abstract class RMDispositionActionExecuterAbstractBase extends RMActionEx if (di.isRecordLevelDisposition() == true) { // Check that we do indeed have a record - if (this.recordsManagementService.isRecord(filePlanComponent) == true) + if (recordService.isRecord(filePlanComponent) == true) { // Can only execute disposition action on record if declared if (recordService.isDeclared(filePlanComponent) == true) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RecordsManagementAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RecordsManagementAction.java index 1e64b22162..82a20ae0bd 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RecordsManagementAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RecordsManagementAction.java @@ -20,10 +20,8 @@ package org.alfresco.module.org_alfresco_module_rm.action; import java.io.Serializable; import java.util.Map; -import java.util.Set; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; /** @@ -87,14 +85,14 @@ public interface RecordsManagementAction * * @return the set of protected properties */ - public Set getProtectedProperties(); + //public Set getProtectedProperties(); /** * Get a set of aspects that should be updated via this or other actions. * The aspect can not be added via public services, such as the NodeService. * @return */ - public Set getProtectedAspects(); + //public Set getProtectedAspects(); /** * Some admin-related rmActions execute against a target nodeRef which is not provided diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RecordsManagementActionServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RecordsManagementActionServiceImpl.java index 26260dc190..b34af27e62 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RecordsManagementActionServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/RecordsManagementActionServiceImpl.java @@ -159,8 +159,9 @@ public class RecordsManagementActionServiceImpl implements RecordsManagementActi /** * @see org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService#getDispositionActions(org.alfresco.service.cmr.repository.NodeRef) */ + @SuppressWarnings("unused") public List getDispositionActions(NodeRef nodeRef) - { + { String userName = AuthenticationUtil.getFullyAuthenticatedUser(); List result = new ArrayList(this.rmActions.size()); diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/ApplyCustomTypeAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/ApplyCustomTypeAction.java index 01c5b71dcf..9f154597b2 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/ApplyCustomTypeAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/ApplyCustomTypeAction.java @@ -113,7 +113,7 @@ public class ApplyCustomTypeAction extends RMActionExecuterAbstractBase public boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) { - if (recordsManagementService.isRecord(filePlanComponent)) + if (recordService.isRecord(filePlanComponent)) { return true; } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/BroadcastDispositionActionDefinitionUpdateAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/BroadcastDispositionActionDefinitionUpdateAction.java index a34501d0e0..204e3334d5 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/BroadcastDispositionActionDefinitionUpdateAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/BroadcastDispositionActionDefinitionUpdateAction.java @@ -20,12 +20,9 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; import java.util.ArrayList; -import java.util.Collections; import java.util.Date; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction; @@ -336,22 +333,4 @@ public class BroadcastDispositionActionDefinitionUpdateAction extends RMActionEx { return true; } - - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_DISPOSITION_AS_OF); - qnames.add(PROP_DISPOSITION_EVENT); - qnames.add(PROP_DISPOSITION_EVENT_COMBINATION); - qnames.add(PROP_DISPOSITION_EVENTS_ELIGIBLE); - return qnames; - } - - @Override - public Set getProtectedAspects() - { - return Collections.emptySet(); - } - } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CloseRecordFolderAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CloseRecordFolderAction.java index 6c59750de6..381f36f08a 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CloseRecordFolderAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CloseRecordFolderAction.java @@ -19,17 +19,14 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.action.ParameterDefinition; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; import org.springframework.extensions.surf.util.I18NUtil; /** @@ -74,14 +71,6 @@ public class CloseRecordFolderAction extends RMActionExecuterAbstractBase } - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_IS_CLOSED); - return qnames; - } - @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CompleteEventAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CompleteEventAction.java index 50d674030d..90727ed1a6 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CompleteEventAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CompleteEventAction.java @@ -20,10 +20,8 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; import java.util.Date; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; @@ -122,25 +120,25 @@ public class CompleteEventAction extends RMActionExecuterAbstractBase } - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_EVENT_EXECUTION_COMPLETE); - qnames.add(PROP_EVENT_EXECUTION_COMPLETED_AT); - qnames.add(PROP_EVENT_EXECUTION_COMPLETED_BY); - return qnames; - } +// @Override +// public Set getProtectedProperties() +// { +// HashSet qnames = new HashSet(); +// qnames.add(PROP_EVENT_EXECUTION_COMPLETE); +// qnames.add(PROP_EVENT_EXECUTION_COMPLETED_AT); +// qnames.add(PROP_EVENT_EXECUTION_COMPLETED_BY); +// return qnames; +// } - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(ASPECT_DISPOSITION_LIFECYCLE); - return qnames; - } + // @Override + // public Set getProtectedAspects() + // { + // HashSet qnames = new HashSet(); + // qnames.add(ASPECT_DISPOSITION_LIFECYCLE); + // return qnames; + // } @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CutOffAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CutOffAction.java index 299b48614c..413ae68c4a 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CutOffAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/CutOffAction.java @@ -21,10 +21,8 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; import java.util.Date; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMDispositionActionExecuterAbstractBase; @@ -91,22 +89,6 @@ public class CutOffAction extends RMDispositionActionExecuterAbstractBase this.nodeService.addAspect(nodeRef, ASPECT_CUT_OFF, cutOffProps); } } - - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_CUT_OFF_DATE); - return qnames; - } - - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(ASPECT_CUT_OFF); - return qnames; - } @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) @@ -117,8 +99,8 @@ public class CutOffAction extends RMDispositionActionExecuterAbstractBase } // duplicates code from close .. it should get the closed action somehow? - if (this.recordsManagementService.isRecordFolder(filePlanComponent) - || this.recordsManagementService.isRecord(filePlanComponent)) + if (recordsManagementService.isRecordFolder(filePlanComponent) + || recordService.isRecord(filePlanComponent)) { return true; } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/DeclareRecordAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/DeclareRecordAction.java index b387eee6ef..740d234f9f 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/DeclareRecordAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/DeclareRecordAction.java @@ -22,7 +22,6 @@ import java.io.Serializable; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; @@ -176,17 +175,6 @@ public class DeclareRecordAction extends RMActionExecuterAbstractBase missingProperties.add(propDef.getName().toString()); } - /** - * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedAspects() - */ - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(ASPECT_DECLARED_RECORD); - return qnames; - } - /** * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean) */ diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditDispositionActionAsOfDateAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditDispositionActionAsOfDateAction.java index f1a8e45609..3ae9747492 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditDispositionActionAsOfDateAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditDispositionActionAsOfDateAction.java @@ -20,10 +20,8 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; import java.util.Date; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; @@ -31,7 +29,6 @@ import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionAction; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.action.ParameterDefinition; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.extensions.surf.util.I18NUtil; @@ -87,17 +84,6 @@ public class EditDispositionActionAsOfDateAction extends RMActionExecuterAbstrac { // Intentionally empty } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedProperties() - */ - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_DISPOSITION_AS_OF); - return qnames; - } /** * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditHoldReasonAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditHoldReasonAction.java index 221aff710b..aa591e5b57 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditHoldReasonAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditHoldReasonAction.java @@ -19,15 +19,12 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; -import java.util.HashSet; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; import org.apache.commons.lang.StringUtils; import org.springframework.extensions.surf.util.I18NUtil; @@ -68,28 +65,6 @@ public class EditHoldReasonAction extends RMActionExecuterAbstractBase } } - /** - * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedAspects() - */ - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(ASPECT_FROZEN); - return qnames; - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedProperties() - */ - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_HOLD_REASON); - return qnames; - } - /** * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean) */ diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditReviewAsOfDateAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditReviewAsOfDateAction.java index 114ba6eb79..046b763b29 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditReviewAsOfDateAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/EditReviewAsOfDateAction.java @@ -20,17 +20,14 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; import java.util.Date; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.action.ParameterDefinition; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.extensions.surf.util.I18NUtil; @@ -59,8 +56,8 @@ public class EditReviewAsOfDateAction extends RMActionExecuterAbstractBase @Override protected void executeImpl(Action action, NodeRef actionedUponNodeRef) { - if (recordsManagementService.isRecord(actionedUponNodeRef) == true && - this.nodeService.hasAspect(actionedUponNodeRef, ASPECT_VITAL_RECORD) == true) + if (recordService.isRecord(actionedUponNodeRef) == true && + nodeService.hasAspect(actionedUponNodeRef, ASPECT_VITAL_RECORD) == true) { // Get the action parameter Date reviewAsOf = (Date)action.getParameterValue(PARAM_AS_OF_DATE); @@ -84,21 +81,13 @@ public class EditReviewAsOfDateAction extends RMActionExecuterAbstractBase { // Intentionally empty } - - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_REVIEW_AS_OF); - return qnames; - } @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) { boolean result = false; - if (recordsManagementService.isRecord(filePlanComponent) == true && - this.nodeService.hasAspect(filePlanComponent, ASPECT_VITAL_RECORD) == true) + if (recordService.isRecord(filePlanComponent) == true && + nodeService.hasAspect(filePlanComponent, ASPECT_VITAL_RECORD) == true) { result = true; } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FileAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FileAction.java index 754eb1fe2a..bcb0607e24 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FileAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FileAction.java @@ -22,10 +22,8 @@ import java.io.Serializable; import java.util.Calendar; import java.util.Date; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule; @@ -143,23 +141,23 @@ public class FileAction extends RMActionExecuterAbstractBase paramList.add(new ParameterDefinitionImpl(PARAM_RECORD_METADATA_ASPECTS, DataTypeDefinition.QNAME, false, "Record Metadata Aspects", true)); } - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(ASPECT_RECORD); - qnames.add(ASPECT_VITAL_RECORD); - return qnames; - } - - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_DATE_FILED); - qnames.add(PROP_REVIEW_AS_OF); - return qnames; - } +// @Override +// public Set getProtectedAspects() +// { +// HashSet qnames = new HashSet(); +// qnames.add(ASPECT_RECORD); +// qnames.add(ASPECT_VITAL_RECORD); +// return qnames; +// } +// +// @Override +// public Set getProtectedProperties() +// { +// HashSet qnames = new HashSet(); +// qnames.add(PROP_DATE_FILED); +// qnames.add(PROP_REVIEW_AS_OF); +// return qnames; +// } @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java index 8211c5890a..6a55b9ee9f 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/FreezeAction.java @@ -19,15 +19,12 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; -import java.util.HashSet; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; import org.springframework.extensions.surf.util.I18NUtil; /** @@ -52,29 +49,6 @@ public class FreezeAction extends RMActionExecuterAbstractBase freezeService.freeze((String) action.getParameterValue(PARAM_REASON), actionedUponNodeRef); } - /** - * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedAspects() - */ - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(ASPECT_FROZEN); - return qnames; - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedProperties() - */ - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_HOLD_REASON); - //TODO Add prop frozen at/by? - return qnames; - } - /** * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean) */ @@ -82,7 +56,7 @@ public class FreezeAction extends RMActionExecuterAbstractBase protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) { if (this.recordService.isRecord(filePlanComponent) == true || - this.recordsManagementService.isRecordFolder(filePlanComponent) == true) + this.recordsManagementService.isRecordFolder(filePlanComponent) == true) { // Get the property values if(parameters != null) diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/OpenRecordFolderAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/OpenRecordFolderAction.java index 7cda1b9960..7e12405f6c 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/OpenRecordFolderAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/OpenRecordFolderAction.java @@ -19,17 +19,14 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.action.ParameterDefinition; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; import org.springframework.extensions.surf.util.I18NUtil; /** @@ -73,14 +70,6 @@ public class OpenRecordFolderAction extends RMActionExecuterAbstractBase // TODO Auto-generated method stub } - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_IS_CLOSED); - return qnames; - } - @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/RelinquishHoldAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/RelinquishHoldAction.java index 927d336c92..082496ee72 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/RelinquishHoldAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/RelinquishHoldAction.java @@ -19,15 +19,12 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; -import java.util.HashSet; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; import org.springframework.extensions.surf.util.I18NUtil; /** @@ -56,17 +53,6 @@ public class RelinquishHoldAction extends RMActionExecuterAbstractBase } } - /** - * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedAspects() - */ - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(ASPECT_FROZEN); - return qnames; - } - /** * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean) */ diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/SplitEmailAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/SplitEmailAction.java index 75152018ac..72ed016f58 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/SplitEmailAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/SplitEmailAction.java @@ -112,7 +112,7 @@ public class SplitEmailAction extends RMActionExecuterAbstractBase logger.debug("split email:" + actionedUponNodeRef); } - if (recordsManagementService.isRecord(actionedUponNodeRef) == true) + if (recordService.isRecord(actionedUponNodeRef) == true) { if (recordService.isDeclared(actionedUponNodeRef) == false) { @@ -173,7 +173,7 @@ public class SplitEmailAction extends RMActionExecuterAbstractBase @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) { - if (recordsManagementService.isRecord(filePlanComponent) == true) + if (recordService.isRecord(filePlanComponent) == true) { if (recordService.isDeclared(filePlanComponent)) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UndeclareRecordAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UndeclareRecordAction.java index bbf53afd2b..0027c87c07 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UndeclareRecordAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UndeclareRecordAction.java @@ -19,15 +19,12 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; -import java.util.HashSet; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; import org.springframework.extensions.surf.util.I18NUtil; /** @@ -46,7 +43,7 @@ public class UndeclareRecordAction extends RMActionExecuterAbstractBase @Override protected void executeImpl(Action action, NodeRef actionedUponNodeRef) { - if (recordsManagementService.isRecord(actionedUponNodeRef) == true) + if (recordService.isRecord(actionedUponNodeRef) == true) { if (recordService.isDeclared(actionedUponNodeRef) == true) { @@ -59,19 +56,11 @@ public class UndeclareRecordAction extends RMActionExecuterAbstractBase throw new AlfrescoRuntimeException(I18NUtil.getMessage(MSG_RECORDS_ONLY_UNDECLARED)); } } - - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(ASPECT_DECLARED_RECORD); - return qnames; - } @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) { - if (recordsManagementService.isRecord(filePlanComponent) == true) + if (recordService.isRecord(filePlanComponent) == true) { if (recordService.isDeclared(filePlanComponent) == true) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UndoEventAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UndoEventAction.java index 571fe8d159..da2c05a507 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UndoEventAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UndoEventAction.java @@ -19,10 +19,8 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; @@ -157,24 +155,6 @@ public class UndoEventAction extends RMActionExecuterAbstractBase } - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(ASPECT_DISPOSITION_LIFECYCLE); - return qnames; - } - - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_EVENT_EXECUTION_COMPLETE); - qnames.add(PROP_EVENT_EXECUTION_COMPLETED_AT); - qnames.add(PROP_EVENT_EXECUTION_COMPLETED_BY); - return qnames; - } - @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UnfreezeAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UnfreezeAction.java index 4836696de0..62d2ae2f0b 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UnfreezeAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/UnfreezeAction.java @@ -19,14 +19,11 @@ package org.alfresco.module.org_alfresco_module_rm.action.impl; import java.io.Serializable; -import java.util.HashSet; import java.util.Map; -import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; /** * Unfreeze Action @@ -44,17 +41,6 @@ public class UnfreezeAction extends RMActionExecuterAbstractBase freezeService.unFreeze(actionedUponNodeRef); } - /** - * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#getProtectedAspects() - */ - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(ASPECT_FROZEN); - return qnames; - } - /** * @see org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase#isExecutableImpl(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, boolean) */ diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java index bffae26036..eeeb1e9fe0 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java @@ -18,12 +18,8 @@ */ package org.alfresco.module.org_alfresco_module_rm.capability; -import java.util.ArrayList; -import java.util.List; - import net.sf.acegisecurity.vote.AccessDecisionVoter; -import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.AccessStatus; @@ -66,10 +62,10 @@ public abstract class AbstractCapability extends RMSecurityCommon protected boolean isPrivate = false; /** List of actions */ - protected List actions = new ArrayList(1); + // protected List actions = new ArrayList(1); /** Action names */ - protected List actionNames = new ArrayList(1); + // protected List actionNames = new ArrayList(1); /** * @param voter RM entry voter @@ -100,13 +96,11 @@ public abstract class AbstractCapability extends RMSecurityCommon * * @param action */ - public void registerAction(RecordsManagementAction action) - { - this.actions.add(action); - this.actionNames.add(action.getName()); - voter.addProtectedAspects(action.getProtectedAspects()); - voter.addProtectedProperties(action.getProtectedProperties()); - } +// public void registerAction(RecordsManagementAction action) + // { + // this.actions.add(action); + // this.actionNames.add(action.getName()); + // } /** * @param name capability name @@ -214,31 +208,31 @@ public abstract class AbstractCapability extends RMSecurityCommon * @param nodeRef * @return */ - public int checkActionConditionsIfPresent(NodeRef nodeRef) - { - String prefix = "checkActionConditionsIfPresent" + getName(); - int result = getTransactionCache(prefix, nodeRef); - if (result != NOSET_VALUE) - { - return result; - } - - if (actions.size() > 0) - { - for (RecordsManagementAction action : actions) - { - if (action.isExecutable(nodeRef, null)) - { - return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_GRANTED); - } - } - return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_DENIED); - } - else - { - return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_GRANTED); - } - } +// public int checkActionConditionsIfPresent(NodeRef nodeRef) +// { +// String prefix = "checkActionConditionsIfPresent" + getName(); +// int result = getTransactionCache(prefix, nodeRef); +// if (result != NOSET_VALUE) +// { +// return result; +// } +// +// if (actions.size() > 0) +// { +// for (RecordsManagementAction action : actions) +// { +// if (action.isExecutable(nodeRef, null)) +// { +// return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_GRANTED); +// } +// } +// return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_DENIED); +// } +// else +// { +// return setTransactionCache(prefix, nodeRef, AccessDecisionVoter.ACCESS_GRANTED); +// } +// } /** * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#hasPermission(org.alfresco.service.cmr.repository.NodeRef) @@ -269,10 +263,10 @@ public abstract class AbstractCapability extends RMSecurityCommon { result = AccessDecisionVoter.ACCESS_DENIED; } - else if (checkActionConditionsIfPresent(nodeRef) == AccessDecisionVoter.ACCESS_DENIED) - { - result = AccessDecisionVoter.ACCESS_DENIED; - } + //else if (checkActionConditionsIfPresent(nodeRef) == AccessDecisionVoter.ACCESS_DENIED) + // { + // result = AccessDecisionVoter.ACCESS_DENIED; + // } else { result = hasPermissionImpl(nodeRef); @@ -303,18 +297,18 @@ public abstract class AbstractCapability extends RMSecurityCommon /** * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getActionNames() */ - public List getActionNames() - { - return actionNames; - } + // public List getActionNames() + // { + // return actionNames; + // } /** * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getActions() */ - public List getActions() - { - return actions; - } + // public List getActions() + // { + // return actions; + // } /** * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#getGroupId() diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java index ec3addc916..9f6b0766a7 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java @@ -92,18 +92,6 @@ public interface Capability */ String getDescription(); - /** - * Get the name of optional actions tied to this capability - * @return - */ - List getActionNames(); - - /** - * - * @return - */ - List getActions(); - /** * Gets the group id of a capability * diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java index c4c4f7f30c..7294721c7c 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java @@ -21,13 +21,10 @@ package org.alfresco.module.org_alfresco_module_rm.capability; import java.io.Serializable; import java.lang.reflect.Method; import java.util.ArrayList; -import java.util.Collections; import java.util.HashMap; -import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.StringTokenizer; import net.sf.acegisecurity.Authentication; @@ -36,7 +33,6 @@ import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.vote.AccessDecisionVoter; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; -import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction; import org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability; import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability; import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability; @@ -57,7 +53,6 @@ import org.alfresco.service.cmr.security.OwnableService; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.NamespacePrefixResolver; import org.alfresco.service.namespace.QName; -import org.alfresco.util.EqualsHelper; import org.aopalliance.intercept.MethodInvocation; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -92,11 +87,6 @@ public class RMEntryVoter extends RMSecurityCommon private static HashMap policies = new HashMap(); - private HashSet protectedProperties = new HashSet(); - - private HashSet protectedAspects = new HashSet(); - - static { policies.put("Read", new ReadPolicy()); @@ -110,9 +100,6 @@ public class RMEntryVoter extends RMSecurityCommon policies.put("Capability", new CapabilityPolicy()); policies.put("Declare", new DeclarePolicy()); policies.put("ReadProperty", new ReadPropertyPolicy()); - - // restrictedProperties.put(RecordsManagementModel.PROP_IS_CLOSED, value) - } /** @@ -209,26 +196,6 @@ public class RMEntryVoter extends RMSecurityCommon return (MethodInvocation.class.isAssignableFrom(clazz)); } - public void addProtectedProperties(Set properties) - { - protectedProperties.addAll(properties); - } - - public void addProtectedAspects(Set aspects) - { - protectedAspects.addAll(aspects); - } - - public Set getProtectedProperties() - { - return Collections.unmodifiableSet(protectedProperties); - } - - public Set getProtetcedAscpects() - { - return Collections.unmodifiableSet(protectedAspects); - } - @SuppressWarnings("unchecked") public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) { @@ -658,72 +625,6 @@ public class RMEntryVoter extends RMSecurityCommon return dictionaryService; } - public boolean isProtectedAspect(NodeRef nodeRef, QName aspectQName) - { - if(protectedAspects.contains(aspectQName)) - { - for(Capability capability : capabilityService.getCapabilities()) - { - for(RecordsManagementAction action : capability.getActions()) - { - if(action.getProtectedAspects().contains(aspectQName)) - { - if(action.isExecutable(nodeRef, null)) - { - return false; - } - } - } - } - return true; - } - else - { - return false; - } - } - - public boolean isProtectedProperty(NodeRef nodeRef, QName propertyQName) - { - if(protectedProperties.contains(propertyQName)) - { - for(Capability capability : capabilityService.getCapabilities()) - { - for(RecordsManagementAction action : capability.getActions()) - { - if(action.getProtectedProperties().contains(propertyQName)) - { - if(action.isExecutable(nodeRef, null)) - { - return false; - } - } - } - } - return true; - } - else - { - return false; - } - } - - public boolean includesProtectedPropertyChange(NodeRef nodeRef, Map properties) - { - Map originals = nodeService.getProperties(nodeRef); - for (QName test : properties.keySet()) - { - if (isProtectedProperty(nodeRef, test)) - { - if (!EqualsHelper.nullSafeEquals(originals.get(test), properties.get(test))) - { - return true; - } - } - } - return false; - } - private class ConfigAttributeDefintion { String typeString; diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java index 756faefff9..c098cc4ed6 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.java @@ -22,7 +22,6 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent; -import org.alfresco.module.org_alfresco_module_rm.record.RecordService; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.transaction.AlfrescoTransactionSupport; import org.alfresco.service.cmr.repository.NodeRef; @@ -31,9 +30,6 @@ import org.alfresco.service.cmr.security.AccessStatus; import org.alfresco.service.cmr.security.PermissionService; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.springframework.beans.BeansException; -import org.springframework.context.ApplicationContext; -import org.springframework.context.ApplicationContextAware; /** * @author Roy Wetherall @@ -45,8 +41,6 @@ public class RMSecurityCommon private static Log logger = LogFactory.getLog(RMSecurityCommon.class); - private ApplicationContext applicationContext; - protected NodeService nodeService; protected PermissionService permissionService; protected RecordsManagementService rmService; diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java index c606f4a7b7..9c00f2320c 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java @@ -78,7 +78,7 @@ public class CreateCapability extends DeclarativeCapability { if(linkee == null) { - if(rmService.isRecord(destination) && recordService.isDeclared(destination) == false) + if(recordService.isRecord(destination) && recordService.isDeclared(destination) == false) { if (permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) { @@ -88,7 +88,7 @@ public class CreateCapability extends DeclarativeCapability } else { - if(rmService.isRecord(linkee) && rmService.isRecord(destination) && recordService.isDeclared(destination) == false) + if(recordService.isRecord(linkee) && recordService.isRecord(destination) && recordService.isDeclared(destination) == false) { if (permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED) { diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java index db528dcd0c..37f5bd0059 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java @@ -21,8 +21,6 @@ package org.alfresco.module.org_alfresco_module_rm.capability.impl; import java.io.Serializable; import java.util.Map; -import net.sf.acegisecurity.vote.AccessDecisionVoter; - import org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.namespace.QName; @@ -43,15 +41,15 @@ public class UpdateCapability extends CompositeCapability */ public int evaluate(NodeRef nodeRef, QName aspectQName, Map properties) { - if ((aspectQName != null) && (voter.isProtectedAspect(nodeRef, aspectQName))) - { - return AccessDecisionVoter.ACCESS_DENIED; - } + // if ((aspectQName != null) && (voter.isProtectedAspect(nodeRef, aspectQName))) + // { + // return AccessDecisionVoter.ACCESS_DENIED; + // } - if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties))) - { - return AccessDecisionVoter.ACCESS_DENIED; - } + // if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties))) + // { + // return AccessDecisionVoter.ACCESS_DENIED; + // } return evaluate(nodeRef); } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java index 2ece0c8ea7..d17a2171cf 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java @@ -21,8 +21,6 @@ package org.alfresco.module.org_alfresco_module_rm.capability.impl; import java.io.Serializable; import java.util.Map; -import net.sf.acegisecurity.vote.AccessDecisionVoter; - import org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.namespace.QName; @@ -42,10 +40,10 @@ public class UpdatePropertiesCapability extends CompositeCapability */ public int evaluate(NodeRef nodeRef, Map properties) { - if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties))) - { - return AccessDecisionVoter.ACCESS_DENIED; - } + // if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties))) + // { + // return AccessDecisionVoter.ACCESS_DENIED; + // } return evaluate(nodeRef); } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelAccessDeniedException.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelAccessDeniedException.java new file mode 100644 index 0000000000..a3a4c5f34c --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelAccessDeniedException.java @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.model.security; + +import org.alfresco.repo.security.permissions.AccessDeniedException; + +/** + * Model access denied exception implementation + * + * @author Roy Wetherall + * @since 2.1 + */ +public class ModelAccessDeniedException extends AccessDeniedException +{ + private static final long serialVersionUID = 6796435040345714366L; + + public ModelAccessDeniedException(String msg) + { + super(msg); + } + + public ModelAccessDeniedException(String msg, Throwable cause) + { + super(msg, cause); + } +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityService.java new file mode 100644 index 0000000000..f6b54ae559 --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityService.java @@ -0,0 +1,114 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.model.security; + +import java.util.Set; + +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.namespace.QName; + +/** + * Model security service interface. + * + * @author Roy Wetherall + * @since 2.1 + */ +public interface ModelSecurityService +{ + /** + * Registers a protected model artifact with the service. + * + * @param atrifact protected model artifact + */ + void register(ProtectedModelArtifact atrifact); + + /** + * Indicates whether a property is protected or not. + * + * @param name name of property + * @return boolean true if property is protected, false otherwise + */ + boolean isProtectedProperty(QName property); + + /** + * Get the protected properties + * + * @return {@link Set}<{@link QName}> all the protected properties + */ + Set getProtectedProperties(); + + /** + * Get the details of the protected property, returns null if property + * is not protected. + * + * @param name name of the protected property + * @return {@link ProtectedProperty} protected property details, null otherwise + */ + ProtectedProperty getProtectedProperty(QName name); + + /** + * Indicates whether the current user can edit a protected property in the context of + * a given node. + *

+ * If the property is not protected then returns true. + * + * @param nodeRef node reference + * @param property name of the property + * @return boolean true if the current user can edit the protected property or the property + * is not protected, false otherwise + */ + boolean canEditProtectedProperty(NodeRef nodeRef, QName property); + + /** + * Indicates whether an aspect is protected or not. + * + * @param aspect aspect name + * @return boolean true if aspect is protected, false otherwise + */ + boolean isProtectedAspect(QName aspect); + + /** + * Get the protected aspects. + * + * @return {@link Set}<{@link QName}> all the protected aspects + */ + Set getProtectedAspects(); + + /** + * Get the details of the protected aspect, returns null if aspect is + * not protected. + * + * @param name name of the aspect + * @return {@link ProtectedAspect} protected aspect details, null otherwise + */ + ProtectedAspect getProtectedAspect(QName name); + + /** + * Indicates whether the current user can edit (ie add or remove) a protected + * aspect in the context of a given node. + *

+ * If the aspect is not protected then returns true. + * + * @param nodeRef node reference + * @param aspect name of the of aspect + * @return boolean true if the current user can edit the protected aspect or the the + * aspect is not protected, false otherwise + */ + boolean canEditProtectedAspect(NodeRef nodeRef, QName aspect); +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityServiceImpl.java new file mode 100644 index 0000000000..7f0285bb45 --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ModelSecurityServiceImpl.java @@ -0,0 +1,351 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.model.security; + +import java.io.Serializable; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import org.alfresco.module.org_alfresco_module_rm.capability.Capability; +import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; +import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; +import org.alfresco.repo.node.NodeServicePolicies; +import org.alfresco.repo.policy.JavaBehaviour; +import org.alfresco.repo.policy.PolicyComponent; +import org.alfresco.repo.policy.Behaviour.NotificationFrequency; +import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.repository.NodeService; +import org.alfresco.service.cmr.security.AccessStatus; +import org.alfresco.service.namespace.NamespaceService; +import org.alfresco.service.namespace.QName; +import org.alfresco.util.EqualsHelper; + + +/** + * Model security service implementation. + *

+ * This service records the protected properties and aspects, ensuring that only those with the appropriate capabilities can edit them. + * + * @author Roy Wetherall + * @since 2.1 + */ +public class ModelSecurityServiceImpl implements ModelSecurityService, + RecordsManagementModel, + NodeServicePolicies.BeforeAddAspectPolicy, + NodeServicePolicies.BeforeRemoveAspectPolicy, + NodeServicePolicies.OnUpdatePropertiesPolicy +{ + /** Policy component */ + private PolicyComponent policyComponent; + + /** Node service */ + private NodeService nodeService; + + /** Capability service */ + private CapabilityService capabilityService; + + /** Namespace service */ + private NamespaceService namespaceService; + + /** Map of protected properties keyed by name */ + private Map protectedProperties = new HashMap(21); + + /** Map of protected aspects keyed by name */ + private Map protectedAspects= new HashMap(21); + + /** Behaviour instances */ + private JavaBehaviour beforeAddAspectBehaviour = new JavaBehaviour(this, + "beforeAddAspect", + NotificationFrequency.EVERY_EVENT); + private JavaBehaviour beforeRemoveAspectBehaviour = new JavaBehaviour(this, + "beforeRemoveAspect", + NotificationFrequency.EVERY_EVENT); + private JavaBehaviour onUpdatePropertiesBehaviour = new JavaBehaviour(this, + "onUpdateProperties", + NotificationFrequency.EVERY_EVENT); + + /** + * @param policyComponent policy component + */ + public void setPolicyComponent(PolicyComponent policyComponent) + { + this.policyComponent = policyComponent; + } + + /** + * @param nodeService node service + */ + public void setNodeService(NodeService nodeService) + { + this.nodeService = nodeService; + } + + /** + * @param capabilityService capability service + */ + public void setCapabilityService(CapabilityService capabilityService) + { + this.capabilityService = capabilityService; + } + + /** + * @param namespaceService namespace service + */ + public void setNamespaceService(NamespaceService namespaceService) + { + this.namespaceService = namespaceService; + } + + /** + * Init method + */ + public void init() + { + // bind model security behaviours to all records management artifacts components + policyComponent.bindClassBehaviour( + NodeServicePolicies.BeforeAddAspectPolicy.QNAME, + this, + beforeAddAspectBehaviour); + policyComponent.bindClassBehaviour( + NodeServicePolicies.BeforeRemoveAspectPolicy.QNAME, + this, + beforeRemoveAspectBehaviour); + policyComponent.bindClassBehaviour( + NodeServicePolicies.OnUpdatePropertiesPolicy.QNAME, + this, + onUpdatePropertiesBehaviour); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#register(org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedModelArtifact) + */ + @Override + public void register(ProtectedModelArtifact artifact) + { + // TODO validate that the artifact has a valid property and has a capability set ... + + if (artifact instanceof ProtectedProperty) + { + protectedProperties.put(artifact.getQName(), (ProtectedProperty)artifact); + } + else if (artifact instanceof ProtectedAspect) + { + protectedAspects.put(artifact.getQName(), (ProtectedAspect)artifact); + } + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#isProtectedProperty(org.alfresco.service.namespace.QName) + */ + @Override + public boolean isProtectedProperty(QName property) + { + return protectedProperties.containsKey(property); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#getProtectedProperties() + */ + @Override + public Set getProtectedProperties() + { + return Collections.unmodifiableSet(protectedProperties.keySet()); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#getProtectedProperty(org.alfresco.service.namespace.QName) + */ + @Override + public ProtectedProperty getProtectedProperty(QName name) + { + return protectedProperties.get(name); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#canEditProtectedProperty(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName) + */ + @Override + public boolean canEditProtectedProperty(NodeRef nodeRef, QName property) + { + boolean result = false; + + ProtectedModelArtifact artifact = getProtectedProperty(property); + if (artifact == null) + { + result = true; + } + else + { + result = canEdit(nodeRef, artifact); + } + + return result; + } + + /** + * Indicates whether the current user can edit protected model artifact in the context + * of a given node or not. + * + * @param nodeRef node reference + * @param artifact protected model artifact + * @return boolean true if the current user can edit the protected model artifact, false otherwise + */ + private boolean canEdit(NodeRef nodeRef, ProtectedModelArtifact artifact) + { + boolean result = false; + + for (Capability capability : artifact.getCapabilities()) + { + AccessStatus accessStatus = capabilityService.getCapabilityAccessState(nodeRef, capability.getName()); + if (AccessStatus.ALLOWED.equals(accessStatus) == true) + { + result = true; + break; + } + } + + return result; + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#isProtectedAspect(org.alfresco.service.namespace.QName) + */ + @Override + public boolean isProtectedAspect(QName aspect) + { + return protectedAspects.containsKey(aspect); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#getProtectedAspects() + */ + @Override + public Set getProtectedAspects() + { + return Collections.unmodifiableSet(protectedAspects.keySet()); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#getProtectedAspect(org.alfresco.service.namespace.QName) + */ + @Override + public ProtectedAspect getProtectedAspect(QName name) + { + return protectedAspects.get(name); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService#canEditProtectedAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName) + */ + @Override + public boolean canEditProtectedAspect(NodeRef nodeRef, QName aspect) + { + boolean result = false; + + ProtectedModelArtifact artifact = getProtectedAspect(aspect); + if (artifact == null) + { + result = true; + } + else + { + result = canEdit(nodeRef, artifact); + } + + return result; + } + + /** + * @see org.alfresco.repo.node.NodeServicePolicies.BeforeAddAspectPolicy#beforeAddAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName) + */ + @Override + public void beforeAddAspect(NodeRef nodeRef, QName aspect) + { + if (AuthenticationUtil.getFullyAuthenticatedUser() != null && + AuthenticationUtil.isRunAsUserTheSystemUser() == false && + isProtectedAspect(aspect) == true && + nodeService.exists(nodeRef) == true && + canEditProtectedAspect(nodeRef, aspect) == false) + { + // the user can't edit the protected aspect + throw new ModelAccessDeniedException( + "The user " + AuthenticationUtil.getFullyAuthenticatedUser() + + " does not have the permission to add the protected aspect " + aspect.toPrefixString(namespaceService) + + " from the node " + nodeRef.toString()); + } + } + + /** + * @see org.alfresco.repo.node.NodeServicePolicies.BeforeRemoveAspectPolicy#beforeRemoveAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName) + */ + @Override + public void beforeRemoveAspect(NodeRef nodeRef, QName aspect) + { + if (AuthenticationUtil.getFullyAuthenticatedUser() != null && + AuthenticationUtil.isRunAsUserTheSystemUser() == false && + isProtectedAspect(aspect) == true && + nodeService.exists(nodeRef) == true && + canEditProtectedAspect(nodeRef, aspect) == false) + { + // the user can't edit the protected aspect + throw new ModelAccessDeniedException( + "The user " + AuthenticationUtil.getFullyAuthenticatedUser() + + " does not have the permission to remove the protected aspect " + aspect.toPrefixString(namespaceService) + + " from the node " + nodeRef.toString()); + } + } + + /** + * @see org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy#onUpdateProperties(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, java.util.Map) + */ + @Override + public void onUpdateProperties(NodeRef nodeRef, Map before, Map after) + { + if (AuthenticationUtil.getFullyAuthenticatedUser() != null && + AuthenticationUtil.isRunAsUserTheSystemUser() == false && + nodeService.exists(nodeRef) == true) + { + for (QName property : after.keySet()) + { + if (isProtectedProperty(property) == true) + { + ProtectedProperty protectedProperty = getProtectedProperty(property); + if ((before == null || before.isEmpty() || before.get(property) == null) && + protectedProperty.isAllwaysAllowNew() == true) + { + return; + } + + if (EqualsHelper.nullSafeEquals(before.get(property), after.get(property)) == false && + canEditProtectedProperty(nodeRef, property) == false) + { + // the user can't edit the protected property + throw new ModelAccessDeniedException( + "The user " + AuthenticationUtil.getFullyAuthenticatedUser() + + " does not have the permission to edit the protected property " + property.toPrefixString(namespaceService) + + " on the node " + nodeRef.toString()); + } + } + } + } + } +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedAspect.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedAspect.java new file mode 100644 index 0000000000..2a8ceab365 --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedAspect.java @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.model.security; + +/** + * @author Roy Wetherall + * @since 2.1 + */ +public class ProtectedAspect extends ProtectedModelArtifact +{ + +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedModelArtifact.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedModelArtifact.java new file mode 100644 index 0000000000..9961b898c0 --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedModelArtifact.java @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.model.security; + +import java.util.Set; + +import org.alfresco.module.org_alfresco_module_rm.capability.Capability; +import org.alfresco.service.namespace.NamespaceService; +import org.alfresco.service.namespace.QName; + +/** + * + * + * @author Roy Wetherall + * @since 2.1 + */ +public abstract class ProtectedModelArtifact +{ + /** Model security service */ + private ModelSecurityService modelSecurityService; + + /** Namespace service */ + private NamespaceService namespaceService; + + private QName name; + + private Set capabilities; + + public void setNamespaceService(NamespaceService namespaceService) + { + this.namespaceService = namespaceService; + } + + public void setModelSecurityService(ModelSecurityService modelSecurityService) + { + this.modelSecurityService = modelSecurityService; + } + + public void init() + { + modelSecurityService.register(this); + } + + public void setName(String name) + { + QName qname = QName.createQName(name, namespaceService); + this.name = qname; + } + + public QName getQName() + { + return name; + } + + public void setCapabilities(Set capabilities) + { + this.capabilities = capabilities; + } + + public Set getCapabilities() + { + return capabilities; + } +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedProperty.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedProperty.java new file mode 100644 index 0000000000..60a64cf3e4 --- /dev/null +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/security/ProtectedProperty.java @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.model.security; + +/** + * @author Roy Wetherall + * @since 2.1 + */ +public class ProtectedProperty extends ProtectedModelArtifact +{ + private boolean allwaysAllowNew = false; + + public void setAllwaysAllowNew(boolean allwaysAllowNew) + { + this.allwaysAllowNew = allwaysAllowNew; + } + + public boolean isAllwaysAllowNew() + { + return allwaysAllowNew; + } +} diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java index 7cb8b18895..e5c2dade7f 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java @@ -21,6 +21,7 @@ package org.alfresco.module.org_alfresco_module_rm.security; import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; +import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.namespace.QName; @@ -31,20 +32,6 @@ import org.alfresco.service.namespace.QName; */ public interface RecordsManagementSecurityService { - /** - * Get the set of aspect QNames which can not be added direct via the public node service; - * they must be managed via the appropriate actions. - * @return - */ - Set getProtectedAspects(); - - /** - * Get the set of property QNames which can not be added, updated or removed direct via the public node service; - * they must be managed via the appropriate actions. - * @return - */ - Set getProtectedProperties(); - /** * Creates the initial set of default roles for a root records management node * @@ -152,4 +139,17 @@ public interface RecordsManagementSecurityService * @param permission permission */ void deletePermission(NodeRef nodeRef, String authority, String permission); + + /** + * @return {@link Set}<{@link QName}> protected aspect names + * @deprecated As of release 2.1, replaced by {@link ModelSecurityService#getProtectedAspects} + */ + @Deprecated + Set getProtectedAspects(); + + /** + * @return {@link Set}<{@link QName}> protected properties + * @deprecated As of release 2.1, replaced by {@link ModelSecurityService#getProtectedProperties} + */ + Set getProtectedProperties(); } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java index 24afefad39..eea3c7eaab 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java @@ -34,9 +34,9 @@ import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; -import org.alfresco.module.org_alfresco_module_rm.capability.RMEntryVoter; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; +import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService; import org.alfresco.repo.node.NodeServicePolicies; import org.alfresco.repo.policy.JavaBehaviour; import org.alfresco.repo.policy.PolicyComponent; @@ -84,12 +84,12 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe /** Records management service */ private RecordsManagementService recordsManagementService; + /** Model security service */ + private ModelSecurityService modelSecurityService; + /** Node service */ private NodeService nodeService; - /** RM Entry voter */ - private RMEntryVoter voter; - /** Records management role zone */ public static final String RM_ROLE_ZONE_PREFIX = "rmRoleZone"; @@ -160,13 +160,11 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe } /** - * Set the RM voter - * - * @param voter + * @param modelSecurityService model security service */ - public void setVoter(RMEntryVoter voter) + public void setModelSecurityService(ModelSecurityService modelSecurityService) { - this.voter = voter; + this.modelSecurityService = modelSecurityService; } /** @@ -416,22 +414,6 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe }, AuthenticationUtil.getSystemUserName()); } } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedAspects() - */ - public Set getProtectedAspects() - { - return voter.getProtetcedAscpects(); - } - - /** - * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedProperties() - */ - public Set getProtectedProperties() - { - return voter.getProtectedProperties(); - } /** * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#bootstrapDefaultRoles(org.alfresco.service.cmr.repository.NodeRef) @@ -1016,4 +998,24 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe } }, AuthenticationUtil.getSystemUserName()); } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedAspects() + */ + @Deprecated + @Override + public Set getProtectedAspects() + { + return modelSecurityService.getProtectedAspects(); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityService#getProtectedProperties() + */ + @Deprecated + @Override + public Set getProtectedProperties() + { + return modelSecurityService.getProtectedProperties(); + } } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/BroadcastVitalRecordDefinitionAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/BroadcastVitalRecordDefinitionAction.java index e7adec62e7..254fcc4cc6 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/BroadcastVitalRecordDefinitionAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/BroadcastVitalRecordDefinitionAction.java @@ -20,10 +20,8 @@ package org.alfresco.module.org_alfresco_module_rm.vital; import java.io.Serializable; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; @@ -77,7 +75,7 @@ public class BroadcastVitalRecordDefinitionAction extends RMActionExecuterAbstra NodeRef nextChild = nextAssoc.getChildRef(); // If the child is a record, then the VitalRecord aspect needs to be applied or updated - if (recordsManagementService.isRecord(nextChild)) + if (recordService.isRecord(nextChild)) { if (parentVri) { @@ -102,7 +100,7 @@ public class BroadcastVitalRecordDefinitionAction extends RMActionExecuterAbstra } // Recurse down the containment hierarchy to all containers - if (recordsManagementService.isRecord(nextChild) == false) + if (recordService.isRecord(nextChild) == false) { this.propagateChangeToChildrenOf(nextChild); } @@ -114,23 +112,4 @@ public class BroadcastVitalRecordDefinitionAction extends RMActionExecuterAbstra { return true; } - - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_REVIEW_PERIOD); - qnames.add(PROP_VITAL_RECORD_INDICATOR); - qnames.add(PROP_REVIEW_AS_OF); - return qnames; - } - - @Override - public Set getProtectedAspects() - { - HashSet qnames = new HashSet(); - qnames.add(RecordsManagementModel.ASPECT_VITAL_RECORD); - return qnames; - } - } diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/ReviewedAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/ReviewedAction.java index 731d7b67fe..d077ef8cbe 100644 --- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/ReviewedAction.java +++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/ReviewedAction.java @@ -20,16 +20,13 @@ package org.alfresco.module.org_alfresco_module_rm.vital; import java.io.Serializable; import java.util.Date; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.action.RMActionExecuterAbstractBase; import org.alfresco.service.cmr.action.Action; import org.alfresco.service.cmr.action.ParameterDefinition; import org.alfresco.service.cmr.repository.NodeRef; -import org.alfresco.service.namespace.QName; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -53,7 +50,7 @@ public class ReviewedAction extends RMActionExecuterAbstractBase VitalRecordDefinition vrDef = vitalRecordService.getVitalRecordDefinition(actionedUponNodeRef); if (vrDef != null && vrDef.isEnabled() == true) { - if (recordsManagementService.isRecord(actionedUponNodeRef) == true) + if (recordService.isRecord(actionedUponNodeRef) == true) { reviewRecord(actionedUponNodeRef, vrDef); } @@ -104,14 +101,6 @@ public class ReviewedAction extends RMActionExecuterAbstractBase { // Intentionally empty } - - @Override - public Set getProtectedProperties() - { - HashSet qnames = new HashSet(); - qnames.add(PROP_REVIEW_AS_OF); - return qnames; - } @Override protected boolean isExecutableImpl(NodeRef filePlanComponent, Map parameters, boolean throwException) diff --git a/rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java b/rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java index 21649f23bc..4b25a60aab 100644 --- a/rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java +++ b/rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java @@ -25,6 +25,7 @@ import java.util.Set; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.repo.security.permissions.AccessControlEntry; import org.alfresco.repo.security.permissions.AccessControlList; +import org.alfresco.repo.security.permissions.PermissionReference; import org.alfresco.service.cmr.security.PermissionService; /** diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java index b52e688b3d..b97bdd0f41 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java @@ -66,6 +66,12 @@ public class CapabilitiesTest extends BaseRMTestCase implements return true; } + @Override + protected boolean isFillingForAllUsers() + { + return true; + } + @Override protected void setupTestDataImpl() { @@ -73,19 +79,6 @@ public class CapabilitiesTest extends BaseRMTestCase implements record = utils.createRecord(rmFolder, "CapabilitiesTest.txt"); } - - @Override - protected void setupTestUsersImpl(NodeRef filePlan) - { - super.setupTestUsersImpl(filePlan); - - // Give all the users file permission objects - for (String user : testUsers) - { - securityService.setPermission(filePlan, user, FILING); - securityService.setPermission(rmContainer, user, FILING); - } - } protected void check(Map access, String name, AccessStatus accessStatus) { @@ -289,124 +282,6 @@ public class CapabilitiesTest extends BaseRMTestCase implements } - /** - * Test the capability configuration - */ - public void testConfig() - { - retryingTransactionHelper.doInTransaction( - new RetryingTransactionCallback() - { - @Override - public Object execute() throws Throwable - { - // As system user - AuthenticationUtil - .setFullyAuthenticatedUser(AuthenticationUtil - .getSystemUserName()); - - assertEquals(6, securityService.getProtectedAspects() - .size()); - assertEquals(13, securityService - .getProtectedProperties().size()); - - // Test action wire up - testCapabilityActions(0, ACCESS_AUDIT); - testCapabilityActions(2, ADD_MODIFY_EVENT_DATES); - testCapabilityActions(2, - APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF); - testCapabilityActions(0, - ATTACH_RULES_TO_METADATA_PROPERTIES); - testCapabilityActions(2, AUTHORIZE_ALL_TRANSFERS); - testCapabilityActions(2, AUTHORIZE_NOMINATED_TRANSFERS); - testCapabilityActions(0, CHANGE_OR_DELETE_REFERENCES); - testCapabilityActions(1, CLOSE_FOLDERS); - testCapabilityActions(0, - CREATE_AND_ASSOCIATE_SELECTION_LISTS); - testCapabilityActions(0, - CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES); - testCapabilityActions(0, CREATE_MODIFY_DESTROY_EVENTS); - testCapabilityActions(0, - CREATE_MODIFY_DESTROY_FILEPLAN_METADATA); - testCapabilityActions(0, - CREATE_MODIFY_DESTROY_FILEPLAN_TYPES); - testCapabilityActions(0, CREATE_MODIFY_DESTROY_FOLDERS); - testCapabilityActions(0, - CREATE_MODIFY_DESTROY_RECORD_TYPES); - testCapabilityActions(0, - CREATE_MODIFY_DESTROY_REFERENCE_TYPES); - testCapabilityActions(0, CREATE_MODIFY_DESTROY_ROLES); - testCapabilityActions(0, - CREATE_MODIFY_DESTROY_TIMEFRAMES); - testCapabilityActions(0, - CREATE_MODIFY_DESTROY_USERS_AND_GROUPS); - testCapabilityActions(0, - CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS); - testCapabilityActions(1, CYCLE_VITAL_RECORDS); - testCapabilityActions(0, DECLARE_AUDIT_AS_RECORD); - testCapabilityActions(2, DECLARE_RECORDS); - testCapabilityActions(1, - DECLARE_RECORDS_IN_CLOSED_FOLDERS); - testCapabilityActions(0, DELETE_AUDIT); - testCapabilityActions(0, DELETE_LINKS); - testCapabilityActions(0, DELETE_RECORDS); - testCapabilityActions(0, DESTROY_RECORDS); - testCapabilityActions(1, - DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION); - testCapabilityActions(0, DISPLAY_RIGHTS_REPORT); - testCapabilityActions(0, EDIT_DECLARED_RECORD_METADATA); - testCapabilityActions(0, EDIT_NON_RECORD_METADATA); - testCapabilityActions(0, EDIT_RECORD_METADATA); - testCapabilityActions(0, EDIT_SELECTION_LISTS); - testCapabilityActions(0, ENABLE_DISABLE_AUDIT_BY_TYPES); - testCapabilityActions(0, EXPORT_AUDIT); - testCapabilityActions(1, - EXTEND_RETENTION_PERIOD_OR_FREEZE); - testCapabilityActions(1, FILE_RECORDS); - testCapabilityActions(0, - MAKE_OPTIONAL_PARAMETERS_MANDATORY); - testCapabilityActions(0, MANAGE_ACCESS_CONTROLS); - testCapabilityActions(0, MANAGE_ACCESS_RIGHTS); - testCapabilityActions(1, - MANUALLY_CHANGE_DISPOSITION_DATES); - testCapabilityActions(0, - MAP_CLASSIFICATION_GUIDE_METADATA); - testCapabilityActions(0, MAP_EMAIL_METADATA); - testCapabilityActions(0, MOVE_RECORDS); - testCapabilityActions(0, PASSWORD_CONTROL); - testCapabilityActions(1, PLANNING_REVIEW_CYCLES); - testCapabilityActions(1, RE_OPEN_FOLDERS); - testCapabilityActions(0, SELECT_AUDIT_METADATA); - testCapabilityActions(0, TRIGGER_AN_EVENT); - testCapabilityActions(1, UNDECLARE_RECORDS); - testCapabilityActions(2, UNFREEZE); - testCapabilityActions(0, UPDATE_CLASSIFICATION_DATES); - testCapabilityActions(0, UPDATE_EXEMPTION_CATEGORIES); - testCapabilityActions(0, UPDATE_TRIGGER_DATES); - testCapabilityActions(0, - UPDATE_VITAL_RECORD_CYCLE_INFORMATION); - testCapabilityActions(0, - UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS); - testCapabilityActions(0, VIEW_RECORDS); - testCapabilityActions(1, VIEW_UPDATE_REASONS_FOR_FREEZE); - - return null; - } - }, false, true); - } - - /** - * Test the capability actions - * - * @param count - * @param capability - */ - private void testCapabilityActions(int count, String capability) - { - assertEquals(count, capabilityService.getCapability(capability) - .getActionNames().size()); - } - /** * Test file plan as system */ diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java index 928f507a92..ddbddd2dad 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java @@ -150,8 +150,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase capability.isPrivate() == false && capability.getName().equals("MoveRecords") == false && capability.getName().equals("DeleteLinks") == false && - capability.getName().equals("ChangeOrDeleteReferences") == false && - capability.getActionNames().isEmpty() == true) + capability.getName().equals("ChangeOrDeleteReferences") == false) { testDeclarativeCapability((DeclarativeCapability)capability); } diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/DataSetServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/DataSetServiceImplTest.java index 5599591cc8..aa8f781644 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/DataSetServiceImplTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/DataSetServiceImplTest.java @@ -1,3 +1,21 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ package org.alfresco.module.org_alfresco_module_rm.test.service; import java.io.Serializable; @@ -13,6 +31,12 @@ import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; import org.alfresco.module.org_alfresco_module_rm.vital.VitalRecordDefinition; import org.alfresco.service.cmr.repository.NodeRef; +/** + * Dataset Service Test + * + * @author Tuna Aksoy + * @since 2.1 + */ public class DataSetServiceImplTest extends BaseRMTestCase { /** Id of the test data set*/ diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java index a31b7f6776..2f6f56c39a 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ExtendedSecurityServiceImplTest.java @@ -1,4 +1,21 @@ - +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ package org.alfresco.module.org_alfresco_module_rm.test.service; import java.util.HashMap; diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java new file mode 100644 index 0000000000..8214d250ee --- /dev/null +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/ModelSecurityServiceImplTest.java @@ -0,0 +1,254 @@ +/* + * Copyright (C) 2005-2012 Alfresco Software Limited. + * + * This file is part of Alfresco + * + * Alfresco is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Alfresco is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with Alfresco. If not, see . + */ +package org.alfresco.module.org_alfresco_module_rm.test.service; + +import java.util.Set; + +import org.alfresco.module.org_alfresco_module_rm.model.security.ModelAccessDeniedException; +import org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService; +import org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedAspect; +import org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedProperty; +import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; +import org.alfresco.service.namespace.QName; + +/** + * Model security service test. + * + * @author Roy Wetherall + * @since 2.1 + */ +public class ModelSecurityServiceImplTest extends BaseRMTestCase +{ + private static final QName CUSTOM_ASPECT = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customAspect"); + private static final QName CUSTOM_PROTECTED_ASPECT = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProtectedAspect"); + + private static final QName CUSTOM_PROPERTY = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProperty"); + private static final QName CUSTOM_PROTECTED_PROPERTY = QName.createQName("http://www.alfresco.org/model/rmtest/1.0", "customProtectedProperty"); + + + /** Model security service */ + private ModelSecurityService modelSecurityService; + + /** + * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest() + */ + @Override + protected boolean isUserTest() + { + return true; + } + + @Override + protected boolean isFillingForAllUsers() + { + return true; + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#initServices() + */ + @Override + protected void initServices() + { + super.initServices(); + modelSecurityService = (ModelSecurityService)applicationContext.getBean("ModelSecurityService"); + } + + /** + * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestDataImpl() + */ + @Override + protected void setupTestDataImpl() + { + super.setupTestDataImpl(); + } + + /** + * test - getProtectedAspects(), isProtectedAspect(), getProtectedAspect() + */ + public void testProtectedAspects() throws Exception + { + doTestInTransaction(new VoidTest() + { + @Override + public void runImpl() throws Exception + { + Set protectedAspects = modelSecurityService.getProtectedAspects(); + + assertNotNull(protectedAspects); + assertFalse(protectedAspects.isEmpty()); + assertTrue(protectedAspects.contains(CUSTOM_PROTECTED_ASPECT)); + assertFalse(protectedAspects.contains(CUSTOM_ASPECT)); + + assertTrue(modelSecurityService.isProtectedAspect(CUSTOM_PROTECTED_ASPECT)); + assertFalse(modelSecurityService.isProtectedAspect(CUSTOM_ASPECT)); + + ProtectedAspect protectedAspect = modelSecurityService.getProtectedAspect(CUSTOM_ASPECT); + assertNull(protectedAspect); + protectedAspect = modelSecurityService.getProtectedAspect(CUSTOM_PROTECTED_ASPECT); + assertNotNull(protectedAspect); + assertNotNull(protectedAspect.getQName()); + assertNotNull(protectedAspect.getCapabilities()); + } + }); + + doTestInTransaction(new VoidTest() + { + @Override + public void runImpl() throws Exception + { + assertTrue(modelSecurityService.isProtectedAspect(CUSTOM_PROTECTED_ASPECT)); + assertFalse(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT)); + } + }, powerUserName); + + doTestInTransaction(new FailureTest + ( + "Normal rm user should not have the permissions to add the protected aspect.", + ModelAccessDeniedException.class + ) + { + @Override + public void run() throws Exception + { + // try and add the aspect + nodeService.addAspect(rmFolder, CUSTOM_PROTECTED_ASPECT, null); + } + }, powerUserName); + + doTestInTransaction(new VoidTest() + { + @Override + public void runImpl() throws Exception + { + assertTrue(modelSecurityService.canEditProtectedAspect(rmFolder, CUSTOM_PROTECTED_ASPECT)); + + // try and add the aspect + nodeService.addAspect(rmFolder, CUSTOM_PROTECTED_ASPECT, null); + assertTrue(nodeService.hasAspect(rmFolder, CUSTOM_PROTECTED_ASPECT)); + } + }, rmAdminName); + + // check protected aspect via removeAspect + doTestInTransaction(new FailureTest + ( + "Normal rm user should not have the permissions to remove the custom aspect.", + ModelAccessDeniedException.class + ) + { + @Override + public void run() throws Exception + { + nodeService.removeAspect(rmFolder, CUSTOM_PROTECTED_ASPECT); + } + }, powerUserName); + + doTestInTransaction(new VoidTest() + { + @Override + public void runImpl() throws Exception + { + nodeService.removeAspect(rmFolder, CUSTOM_PROTECTED_ASPECT); + assertFalse(nodeService.hasAspect(rmFolder, CUSTOM_PROTECTED_ASPECT)); + } + }, rmAdminName); + } + + /** + * test - getProtectedProperties(), isProtectedProperty(), getProtectedProperty() + */ + public void testProtectedProperties() throws Exception + { + doTestInTransaction(new VoidTest() + { + public void runImpl() + { + Set protectedProperties = modelSecurityService.getProtectedProperties(); + + assertNotNull(protectedProperties); + assertFalse(protectedProperties.isEmpty()); + assertTrue(protectedProperties.contains(CUSTOM_PROTECTED_PROPERTY)); + assertFalse(protectedProperties.contains(CUSTOM_PROPERTY)); + + assertTrue(modelSecurityService.isProtectedProperty(CUSTOM_PROTECTED_PROPERTY)); + assertFalse(modelSecurityService.isProtectedProperty(CUSTOM_PROPERTY)); + + ProtectedProperty protectedProperty = modelSecurityService.getProtectedProperty(CUSTOM_PROPERTY); + assertNull(protectedProperty); + protectedProperty = modelSecurityService.getProtectedProperty(CUSTOM_PROTECTED_PROPERTY); + assertNotNull(protectedProperty); + assertNotNull(protectedProperty.getQName()); + assertNotNull(protectedProperty.getCapabilities()); + + doTestInTransaction(new VoidTest() + { + @Override + public void runImpl() throws Exception + { + assertTrue(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); + } + }, rmAdminName); + + doTestInTransaction(new VoidTest() + { + @Override + public void runImpl() throws Exception + { + assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); + } + }, powerUserName); + } + }); + + doTestInTransaction(new VoidTest() + { + @Override + public void runImpl() throws Exception + { + assertTrue(modelSecurityService.isProtectedProperty(CUSTOM_PROTECTED_PROPERTY)); + assertFalse(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); + } + }, powerUserName); + + doTestInTransaction(new FailureTest + ( + "Should not have the permissions to edit protected property.", + ModelAccessDeniedException.class + ) + { + @Override + public void run() throws Exception + { + nodeService.setProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY, "hello"); + } + }, powerUserName); + + doTestInTransaction(new VoidTest() + { + @Override + public void runImpl() throws Exception + { + assertTrue(modelSecurityService.canEditProtectedProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); + + nodeService.setProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY, "hello"); + assertEquals("hello", nodeService.getProperty(rmFolder, CUSTOM_PROTECTED_PROPERTY)); + } + }, rmAdminName); + } +} diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceTestImpl.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceTestImpl.java index 9bd4d054bf..bdc61b4b6e 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceTestImpl.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceTestImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2011 Alfresco Software Limited. + * Copyright (C) 2005-2012 Alfresco Software Limited. * * This file is part of Alfresco * @@ -22,7 +22,6 @@ import org.alfresco.model.ContentModel; import org.alfresco.module.org_alfresco_module_rm.action.dm.CreateRecordAction; import org.alfresco.module.org_alfresco_module_rm.capability.Capability; import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; -import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority; import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase; import org.alfresco.repo.security.authentication.AuthenticationUtil; import org.alfresco.repo.site.SiteModel; @@ -147,7 +146,7 @@ public class RecordServiceTestImpl extends BaseRMTestCase assertEquals(AccessStatus.ALLOWED, dmPermissionService.hasPermission(dmDocument, RMPermissionModel.READ_RECORDS)); assertEquals(AccessStatus.ALLOWED, dmPermissionService.hasPermission(filePlan, RMPermissionModel.VIEW_RECORDS)); - assertTrue(rmService.isRecord(dmDocument)); + assertTrue(recordService.isRecord(dmDocument)); // Capability createCapability = capabilityService.getCapability("Create"); diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java index 72a67d5330..f5010c0cb7 100644 --- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java +++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/BaseRMTestCase.java @@ -27,6 +27,7 @@ import org.alfresco.module.org_alfresco_module_rm.RecordsManagementAdminService; import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService; import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionService; import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService; +import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel; import org.alfresco.module.org_alfresco_module_rm.dataset.DataSetService; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionSchedule; import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService; @@ -70,7 +71,7 @@ import org.springframework.context.ApplicationContext; * @author Roy Wetherall */ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase - implements RecordsManagementModel, ContentModel + implements RecordsManagementModel, ContentModel, RMPermissionModel { /** Application context */ protected static final String[] CONFIG_LOCATIONS = new String[] @@ -221,6 +222,15 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase return false; } + /** + * Indicates whether the test users should have filling on the file plan structure + * by default or not. + */ + protected boolean isFillingForAllUsers() + { + return false; + } + /** * @see junit.framework.TestCase#setUp() */ @@ -431,8 +441,23 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase recordsManagerName, rmAdminName }; + + if (isFillingForAllUsers() == true) + { + // Give all the users file permission objects + for (String user : testUsers) + { + securityService.setPermission(filePlan, user, FILING); + securityService.setPermission(rmContainer, user, FILING); + } + } } + /** + * Util method to create a person. + * @param userName user name + * @return NodeRef user node reference + */ protected NodeRef createPerson(String userName) { authenticationService.createAuthentication(userName, "password".toCharArray()); @@ -498,4 +523,35 @@ public abstract class BaseRMTestCase extends RetryingTransactionHelperTestCase mhRecordFolder44 = rmService.createRecordFolder(mhContainer34, "mhFolder44"); mhRecordFolder45 = rmService.createRecordFolder(mhContainer35, "mhFolder45"); } + + /** + * Helper class to try and simplify {@link Void} tests. + * + * @author Roy Wetherall + * @since 2.1 + */ + protected abstract class VoidTest extends Test + { + @Override + public Void run() throws Exception + { + runImpl(); + return null; + } + + public abstract void runImpl() throws Exception; + + @Override + public void test(Void result) throws Exception + { + testImpl(); + } + + public void testImpl() throws Exception + { + // empty implementation + } + + + } } diff --git a/rm-server/test/resources/test-context.xml b/rm-server/test/resources/test-context.xml index 693d02d642..133a87ebea 100644 --- a/rm-server/test/resources/test-context.xml +++ b/rm-server/test/resources/test-context.xml @@ -73,4 +73,23 @@ + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/rm-server/test/resources/test-model.xml b/rm-server/test/resources/test-model.xml index 5bf81115d2..af44cdc8c6 100644 --- a/rm-server/test/resources/test-model.xml +++ b/rm-server/test/resources/test-model.xml @@ -33,7 +33,18 @@ - + + + + + + + d:text + + + d:text + +