RM-567: Refactor protected aspects and properties

* actions and capabilities no long linked * protected aspects and properties can be configured in their own right * protected model security service added * action implementation refactored accordingly * capability implementations refactored accordingly * unit tests git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@44229 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-10-08 14:51:49 +00:00 · 2012-12-03 04:06:47 +00:00
parent 0f7197eb25
commit e7f1b2e62c
52 changed files with 1469 additions and 773 deletions
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/model/rm-model-security-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/model/rm-model-security-context.xml
@@ -0,0 +1,164 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+
+<beans>
+	
+	<!--  Helper abstract bean definitions -->
+	
+	<bean id="protectedArtifact"
+	      abstract="true"
+	      init-method="init">	      
+		<property name="modelSecurityService" ref="modelSecurityService" />
+		<property name="namespaceService" ref="namespaceService" />	
+	</bean>
+	
+	<bean id="protectedProperty" 
+		  abstract="true" 
+		  parent="protectedArtifact"
+		  class="org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedProperty">
+	</bean>
+	
+	<bean id="protectedAspect" 
+		  abstract="true" 
+		  parent="protectedArtifact"
+		  class="org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedAspect">
+	</bean>	
+	
+	<!--  Protected Aspects -->
+	
+	<bean id="rm.protectedAspect.rma_cutOff" parent="protectedAspect">
+	    <property name="name" value="rma:cutOff"/>
+		<property name="capabilities">
+			<set>
+				<ref bean="rmCutOffCapability" />
+				<ref bean="rmUndoCutOffCapability" />
+			</set>
+		</property>
+	</bean>
+	
+	<bean id="rm.protectedAspect.rma_declaredRecord" parent="protectedAspect">
+	    <property name="name" value="rma:declaredRecord"/>
+	    <property name="capabilities">
+			<set>
+				<ref bean="rmDeclare" />
+				<ref bean="rmUndeclareRecordsCapability" />
+			</set>
+		</property>
+	</bean>
+
+	
+	<bean id="rm.protectedAspect.rma_frozen" parent="protectedAspect">
+	    <property name="name" value="rma:frozen" />
+	    <property name="capabilities">
+			<set>
+				<ref bean="rmExtendRetentionPeriodOrFreezeCapability" />
+				<ref bean="rmUnfreezeCapability" />
+			</set>
+		</property>
+	</bean>
+
+	<!--  Protected Properties -->
+	
+	<bean id="rm.protectedProperty.rma_cutoffDate" parent="protectedProperty">
+		<property name="name" value="rma:cutOffDate"/>
+		<property name="capabilities">
+			<set>
+				<ref bean="rmCutOffCapability" />
+				<ref bean="rmUndoCutOffCapability" />
+			</set>
+		</property>
+	</bean>
+	
+	<bean id="rm.protectedProperty.rma_isClosed" parent="protectedProperty">
+		<property name="name" value="rma:isClosed"/>
+		<property name="capabilities">
+			<set>
+				<ref bean="rmCloseFoldersCapability" />
+				<ref bean="rmReOpenFoldersCapability" />
+			</set>
+		</property>
+	</bean>
+
+	<bean id="rm.protectedProperty.rma_declaredAt" parent="protectedProperty">
+		<property name="name" value="rma:declaredAt"/>
+		<property name="capabilities">
+			<set>
+				<ref bean="rmDeclare" />
+				<ref bean="rmUndeclareRecordsCapability" />
+			</set>
+		</property>
+	</bean>
+	
+    <bean id="rm.protectedProperty.rma_declaredBy" parent="protectedProperty">
+		<property name="name" value="rma:declaredBy"/>
+		<property name="capabilities">
+			<set>
+				<ref bean="rmDeclare" />
+				<ref bean="rmUndeclareRecordsCapability" />
+			</set>
+		</property>
+	</bean>
+    
+    <bean id="rm.protectedProperty.rma_dateFiled" parent="protectedProperty">
+		<property name="name" value="rma:dateFiled"/>
+		<property name="capabilities">
+			<set>
+				<ref bean="rmFileRecordsCapability" />
+			</set>
+		</property>
+	</bean>
+    
+    <bean id="rm.protectedProperty.rma_reviewAsOf" parent="protectedProperty">
+		<property name="name" value="rma:reviewAsOf"/>
+		<property name="allwaysAllowNew" value = "true" />
+		<property name="capabilities">
+			<set>
+				<ref bean="rmCycleVitalRecordsCapability" />
+				<ref bean="rmPlanningReviewCyclesCapability" />
+			</set>
+		</property>
+	</bean>
+    
+    <bean id="rm.protectedProperty.rma_dispositionAsOf" parent="protectedProperty">
+		<property name="name" value="rma:dispositionAsOf"/>
+		<property name="capabilities">
+			<set>
+				<ref bean="rmManuallyChangeDispositionDatesCapability" />
+			</set>
+		</property>
+	</bean>
+    
+    <bean id="rm.protectedProperty.rma_holdReason" parent="protectedProperty">
+		<property name="name" value="rma:holdReason"/>
+		<property name="capabilities">
+			<set>
+				<ref bean="rmViewUpdateReasonsForFreezeCapability" />
+				<ref bean="rmExtendRetentionPeriodOrFreezeCapability" />
+				<ref bean="rmUnfreezeCapability" />
+			</set>
+		</property>
+	</bean>
+
+    <bean id="rm.protectedProperty.rma_frozenAt" parent="protectedProperty">
+		<property name="name" value="rma:frozenAt"/>
+		<property name="capabilities">
+			<set>
+				<ref bean="rmViewUpdateReasonsForFreezeCapability" />
+				<ref bean="rmExtendRetentionPeriodOrFreezeCapability" />
+				<ref bean="rmUnfreezeCapability" />
+			</set>
+		</property>
+	</bean>
+	
+    <bean id="rm.protectedProperty.rma_frozenBy" parent="protectedProperty">
+		<property name="name" value="rma:frozenBy"/>
+		<property name="capabilities">
+			<set>
+				<ref bean="rmViewUpdateReasonsForFreezeCapability" />
+				<ref bean="rmExtendRetentionPeriodOrFreezeCapability" />
+				<ref bean="rmUnfreezeCapability" />
+			</set>
+		</property>
+	</bean>
+
+</beans>
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-action-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-action-context.xml
@@ -90,10 +90,7 @@
    </bean>
    
    <!-- disable normal registration - the proxy will do it so the proxy is registered -->
-    <bean id="file" class="org.alfresco.module.org_alfresco_module_rm.action.impl.FileAction" parent="rmAction" depends-on="rmFileRecordsCapability">
-        <property name="capability" ref="rmFileRecordsCapability"/>
-    </bean>    
-    
+    <bean id="file" class="org.alfresco.module.org_alfresco_module_rm.action.impl.FileAction" parent="rmAction" />

    <!-- Cutoff action -->
    
@@ -119,9 +116,7 @@
        </property>
    </bean>
    
-    <bean id="cutoff" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction" parent="rmAction" depends-on="rmApproveRecordsScheduledForCutoffCapability">
-        <property name="capability" ref="rmApproveRecordsScheduledForCutoffCapability"/>
-    </bean>   
+    <bean id="cutoff" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction" parent="rmAction"/>   
    
    <!-- UnCutoff action -->    
    
@@ -146,9 +141,7 @@
        </property>
    </bean>
    
-    <bean id="unCutoff" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UnCutoffAction" parent="rmAction" depends-on="rmApproveRecordsScheduledForCutoffCapability">
-        <property name="capability" ref="rmApproveRecordsScheduledForCutoffCapability"/>
-    </bean> 
+    <bean id="unCutoff" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UnCutoffAction" parent="rmAction" /> 
    
    <!-- Destroy -->
    
@@ -182,7 +175,6 @@
        <property name="ghostingEnabled">
            <value>${rm.ghosting.enabled}</value>
        </property>
-        <property name="capability" ref="rmDestroyRecordsScheduledForDestructionCapability" />
    </bean>    
    
    <!-- retain -->
@@ -234,9 +226,7 @@
        </property>
    </bean>
    
-    <bean id="openRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.OpenRecordFolderAction" parent="rmAction" depends-on="rmReOpenFoldersCapability">
-        <property name="capability" ref="rmReOpenFoldersCapability"/>
-    </bean>    
+    <bean id="openRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.OpenRecordFolderAction" parent="rmAction" />    
    
    <!-- close record folder -->
    
@@ -261,9 +251,7 @@
        </property>
    </bean>
    
-    <bean id="closeRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CloseRecordFolderAction" parent="rmAction" depends-on="rmCloseFoldersCapability">
-        <property name="capability" ref="rmCloseFoldersCapability"/>
-    </bean>    
+    <bean id="closeRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CloseRecordFolderAction" parent="rmAction" />    
    
    <!-- reviewed -->
    
@@ -288,9 +276,7 @@
        </property>
    </bean>
    
-    <bean id="reviewed" class="org.alfresco.module.org_alfresco_module_rm.vital.ReviewedAction" parent="rmAction" depends-on="rmCycleVitalRecordsCapability">
-        <property name="capability" ref="rmCycleVitalRecordsCapability"/>
-    </bean>    
+    <bean id="reviewed" class="org.alfresco.module.org_alfresco_module_rm.vital.ReviewedAction" parent="rmAction" depends-on="rmCycleVitalRecordsCapability" />    
    
    <!-- set up record folder -->
    <!-- bound to policy: allow -->
@@ -316,7 +302,7 @@
        </property>
    </bean>
    
-    <bean id="setupRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.SetupRecordFolderAction" parent="rmAction" depends-on="rmFileRecordsCapability"/>
+    <bean id="setupRecordFolder" class="org.alfresco.module.org_alfresco_module_rm.action.impl.SetupRecordFolderAction" parent="rmAction" />
    
    <!-- declare record -->
    <!-- fileable?? -->
@@ -342,14 +328,7 @@
        </property>
    </bean>
    
-    <bean id="declareRecord" class="org.alfresco.module.org_alfresco_module_rm.action.impl.DeclareRecordAction" parent="rmAction" depends-on="rmDeclareRecordsCapability">
-        <property name="capabilities">
-            <list>
-                <ref bean="rmDeclareRecordsCapability" />
-                <ref bean="rmDeclareRecordsInClosedFoldersCapability" />
-            </list>
-        </property>
-        <property name="capability" ref="rmDeclareRecordsCapability"/>
+    <bean id="declareRecord" class="org.alfresco.module.org_alfresco_module_rm.action.impl.DeclareRecordAction" parent="rmAction">
    </bean>    
    
    <!-- undeclare record -->
@@ -375,8 +354,7 @@
        </property>
    </bean>
    
-    <bean id="undeclareRecord" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UndeclareRecordAction" parent="rmAction" depends-on="rmUndeclareRecordsCapability">
-        <property name="capability" ref="rmUndeclareRecordsCapability"/>
+    <bean id="undeclareRecord" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UndeclareRecordAction" parent="rmAction">
    </bean>    

    <!-- Freeze record -->
@@ -402,9 +380,7 @@
        </property>
    </bean>
    
-    <bean id="freeze" class="org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction" parent="rmAction" depends-on="rmExtendRetentionPeriodOrFreezeCapability">
-        <property name="capability" ref="rmExtendRetentionPeriodOrFreezeCapability" />
-    </bean>
+    <bean id="freeze" class="org.alfresco.module.org_alfresco_module_rm.action.impl.FreezeAction" parent="rmAction" depends-on="rmExtendRetentionPeriodOrFreezeCapability" />

    <!-- Unfreeze record -->

@@ -429,9 +405,7 @@
        </property>
    </bean>
    
-    <bean id="unfreeze" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UnfreezeAction" parent="rmAction" depends-on="rmUnfreezeCapability">
-        <property name="capability" ref="rmUnfreezeCapability" />
-    </bean>
+    <bean id="unfreeze" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UnfreezeAction" parent="rmAction" />
    
    <!-- Relinquish Hold Action-->

@@ -446,9 +420,7 @@
        </property>
    </bean>
    
-    <bean id="relinquishHold" class="org.alfresco.module.org_alfresco_module_rm.action.impl.RelinquishHoldAction" parent="rmAction" depends-on="rmUnfreezeCapability">
-        <property name="capability" ref="rmUnfreezeCapability" />
-    </bean>
+    <bean id="relinquishHold" class="org.alfresco.module.org_alfresco_module_rm.action.impl.RelinquishHoldAction" parent="rmAction" />
    
    <!-- Edit hold reason -->

@@ -473,9 +445,7 @@
        </property>
    </bean>
    
-    <bean id="editHoldReason" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditHoldReasonAction" parent="rmAction" depends-on="rmViewUpdateReasonsForFreezeCapability">
-        <property name="capability" ref="rmViewUpdateReasonsForFreezeCapability" />
-    </bean>  
+    <bean id="editHoldReason" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditHoldReasonAction" parent="rmAction" />  
    
    <!-- Edit review as of date -->

@@ -500,9 +470,7 @@
        </property>
    </bean>
    
-    <bean id="editReviewAsOfDate" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditReviewAsOfDateAction" parent="rmAction" depends-on="rmPlanningReviewCyclesCapability">
-        <property name="capability" ref="rmPlanningReviewCyclesCapability"/>
-    </bean> 
+    <bean id="editReviewAsOfDate" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditReviewAsOfDateAction" parent="rmAction" /> 
    
    <!-- Edit disposition action as of date -->

@@ -527,9 +495,7 @@
        </property>
    </bean>
    
-    <bean id="editDispositionActionAsOfDate" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditDispositionActionAsOfDateAction" parent="rmAction" depends-on="rmManuallyChangeDispositionDatesCapability">
-        <property name="capability" ref="rmManuallyChangeDispositionDatesCapability"/>
-    </bean> 
+    <bean id="editDispositionActionAsOfDate" class="org.alfresco.module.org_alfresco_module_rm.action.impl.EditDispositionActionAsOfDateAction" parent="rmAction" /> 
    
    <!-- broadcast vital record definition -->
    <!-- bound to policy: allow -->
@@ -612,8 +578,7 @@
        </property>
    </bean>
    
-    <bean id="completeEvent" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction" parent="rmAction" depends-on="rmAddModifyEventDatesCapability">
-        <property name="capability" ref="rmAddModifyEventDatesCapability"/>
+    <bean id="completeEvent" class="org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction" parent="rmAction">
    </bean>    
    
    <!-- undo event -->
@@ -639,8 +604,7 @@
        </property>
    </bean>
    
-    <bean id="undoEvent" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UndoEventAction" parent="rmAction" depends-on="rmAddModifyEventDatesCapability">
-        <property name="capability" ref="rmAddModifyEventDatesCapability"/>
+    <bean id="undoEvent" class="org.alfresco.module.org_alfresco_module_rm.action.impl.UndoEventAction" parent="rmAction">
    </bean>   
    
    <!-- transfer -->
@@ -666,8 +630,7 @@
        </property>
    </bean>
    
-    <bean id="transfer" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction" parent="rmAction" depends-on="rmAuthorizeAllTransfersCapability">
-        <property name="capability" ref="rmAuthorizeAllTransfersCapability"/>
+    <bean id="transfer" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction" parent="rmAction">
        <property name="isAccession" value="false"/>
    </bean>  
    
@@ -684,8 +647,7 @@
        </property>
    </bean>
    
-    <bean id="transferComplete" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction" parent="rmAction" depends-on="rmAuthorizeAllTransfersCapability">
-        <property name="capability" ref="rmAuthorizeAllTransfersCapability"/>
+    <bean id="transferComplete" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction" parent="rmAction" >
    </bean> 
    
    <!-- accession -->
@@ -711,8 +673,7 @@
        </property>
    </bean>
    
-    <bean id="accession" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction" parent="rmAction" depends-on="rmAuthorizeNominatedTransfersCapability">
-        <property name="capability" ref="rmAuthorizeNominatedTransfersCapability"/>
+    <bean id="accession" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction" parent="rmAction">
        <property name="isAccession" value="true"/>
    </bean> 
        
@@ -729,8 +690,7 @@
        </property>
    </bean>
    
-    <bean id="accessionComplete" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction" parent="rmAction" depends-on="rmAuthorizeNominatedTransfersCapability">
-        <property name="capability" ref="rmAuthorizeNominatedTransfersCapability"/>
+    <bean id="accessionComplete" class="org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction" parent="rmAction">
    </bean> 
    
    <!-- Split Email -->
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml
@@ -107,6 +107,9 @@
      parent="org_alfresco_module_rm_BaseBehaviour">
      <property name="permissionService" ref="PermissionService"/>
   </bean>
+   
+   <!--  Model Security Definitions -->
+   <import resource="classpath:alfresco/module/org_alfresco_module_rm/model/rm-model-security-context.xml"/>

   <!-- Base bean definition for customisable email mapping keys bootstrap -->
   <bean id="customisableEmailMappingKeyBootstrap"
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-service-context.xml
@@ -419,13 +419,13 @@
          class="org.alfresco.module.org_alfresco_module_rm.security.RecordsManagementSecurityServiceImpl"
          depends-on="org_alfresco_module_rm_dictionaryBootstrap"
          init-method="init">
-        <property name="voter" ref="rmEntryVoter"/>
        <property name="capabilityService" ref="CapabilityService"/>
        <property name="authorityService" ref="AuthorityService"/>
        <property name="permissionService" ref="PermissionService"/>
        <property name="nodeService" ref="NodeService"/>
        <property name="policyComponent" ref="policyComponent"/>
-        <property name="recordsManagementService" ref="RecordsManagementService"/>
+        <property name="recordsManagementService" ref="RecordsManagementService"/>    
+        <property name="modelSecurityService" ref="modelSecurityService" />    
    </bean>

    <bean id="RecordsManagementSecurityService" class="org.springframework.aop.framework.ProxyFactoryBean">
@@ -544,8 +544,64 @@
            </value>
        </property>
    </bean>
+    
+    <!--  Model Security service -->
+    
+    <bean id="modelSecurityService" 
+          class="org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityServiceImpl"
+          init-method="init">        
+    	<property name="policyComponent" ref="policyComponent" />
+    	<property name="nodeService" ref="NodeService" />
+    	<property name="capabilityService" ref="CapabilityService" />
+    	<property name="namespaceService" ref="namespaceService" />
+    </bean>
+    
+    <bean id="ModelSecurityService" class="org.springframework.aop.framework.ProxyFactoryBean">
+        <property name="proxyInterfaces">
+            <value>org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService</value>
+        </property>
+        <property name="target">
+            <ref bean="modelSecurityService"/>
+        </property>
+        <property name="interceptorNames">
+            <list>
+                <idref local="ModelSecurityService_transaction"/>
+                <idref bean="exceptionTranslator"/>
+                <idref local="ModelSecurityService_security"/>
+            </list>
+        </property>
+    </bean>

+    <bean id="ModelSecurityService_transaction" class="org.springframework.transaction.interceptor.TransactionInterceptor">
+        <property name="transactionManager">
+            <ref bean="transactionManager"/>
+        </property>
+        <property name="transactionAttributes">
+            <props>
+                <prop key="*">${server.transaction.mode.default}</prop>
+            </props>
+        </property>
+    </bean>

+    <bean id="ModelSecurityService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
+        <property name="authenticationManager">
+            <ref bean="authenticationManager"/>
+        </property>
+        <property name="accessDecisionManager">
+            <ref bean="accessDecisionManager"/>
+        </property>
+        <property name="afterInvocationManager">
+            <ref bean="afterInvocationManager"/>
+        </property>
+        <property name="objectDefinitionSource">
+            <value>
+                <![CDATA[   
+    			org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityService.*=RM_ALLOW             
+                ]]>
+            </value>
+        </property>
+    </bean>    
+    
    <!-- Records Management Action Service -->

    <bean id="recordsManagementActionService" class="org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementActionServiceImpl" init-method="init">