From eab55958360da83d2dc0d8bb3ac53048d24fb97f Mon Sep 17 00:00:00 2001
From: David Caruana <david.caruana@alfresco.com>
Date: Thu, 25 Jan 2007 15:44:08 +0000
Subject: [PATCH] Workflow: - Ensure group support is available to all users
 (i.e. fix up all permission errors)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@4927 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 config/alfresco/bootstrap-context.xml         |  4 ++
 .../alfrescoAuthorityStorePermission.xml      | 16 +++++
 .../messages/patch-service.properties         |  2 +
 .../alfresco/patch/patch-services-context.xml | 18 +++++
 config/alfresco/version.properties            |  2 +-
 .../patch/impl/GenericBootstrapPatch.java     | 32 +++++----
 .../repo/security/authority/AuthorityDAO.java |  9 +++
 .../security/authority/AuthorityDAOImpl.java  | 18 +++++
 .../workflow/jbpm/AlfrescoAssignment.java     | 72 +++++++++++--------
 .../repo/workflow/jbpm/JBPMEngine.java        | 32 ++++++---
 10 files changed, 151 insertions(+), 54 deletions(-)
 create mode 100644 config/alfresco/bootstrap/alfrescoAuthorityStorePermission.xml

diff --git a/config/alfresco/bootstrap-context.xml b/config/alfresco/bootstrap-context.xml
index ace0c2dc91..d6edcc9ed2 100644
--- a/config/alfresco/bootstrap-context.xml
+++ b/config/alfresco/bootstrap-context.xml
@@ -66,6 +66,10 @@
                     <prop key="path">/${alfresco_user_store.system_container.childname}</prop>
                     <prop key="location">alfresco/bootstrap/alfrescoAuthorityStore.xml</prop>
                 </props>
+                <props>
+                    <prop key="path">/${alfresco_user_store.system_container.childname}</prop>
+                    <prop key="location">alfresco/bootstrap/alfrescoAuthorityStorePermission.xml</prop>
+                </props>
             </list>
         </property>
     </bean>
diff --git a/config/alfresco/bootstrap/alfrescoAuthorityStorePermission.xml b/config/alfresco/bootstrap/alfrescoAuthorityStorePermission.xml
new file mode 100644
index 0000000000..90e4deb25c
--- /dev/null
+++ b/config/alfresco/bootstrap/alfrescoAuthorityStorePermission.xml
@@ -0,0 +1,16 @@
+<view:view xmlns:view="http://www.alfresco.org/view/repository/1.0"
+           xmlns:cm="http://www.alfresco.org/model/content/1.0"
+           xmlns:sys="http://www.alfresco.org/model/system/1.0"
+           xmlns:usr="http://www.alfresco.org/model/user/1.0"
+           xmlns:app="http://www.alfresco.org/model/application/1.0">
+           
+    <view:reference view:pathref="${alfresco_user_store.authorities_container.childname}">
+        <view:acl>
+            <view:ace view:access="ALLOWED">
+                <view:authority>GROUP_EVERYONE</view:authority>
+                <view:permission>Read</view:permission>
+            </view:ace>
+        </view:acl>
+    </view:reference>
+           
+</view:view>
\ No newline at end of file
diff --git a/config/alfresco/messages/patch-service.properties b/config/alfresco/messages/patch-service.properties
index a8d167552a..b725fa9bcf 100644
--- a/config/alfresco/messages/patch-service.properties
+++ b/config/alfresco/messages/patch-service.properties
@@ -32,6 +32,8 @@ patch.updatePermissionData.result=Changed {0} 'folder' access control entries to
 
 patch.authoritiesFolder.description=Ensures the existence of the user authorities folder [JIRA: AR-497].
 
+patch.authoritiesFolderPermission.description=Ensures group authorities are visible to everyone.
+
 patch.guestUser.description=Add the guest user, guest home space; and fix permissions on company home, guest home and guest person. 
 patch.guestUser.result=Added guest user and fixed permissions.
 
diff --git a/config/alfresco/patch/patch-services-context.xml b/config/alfresco/patch/patch-services-context.xml
index 67ac68de95..e009b0a2dd 100644
--- a/config/alfresco/patch/patch-services-context.xml
+++ b/config/alfresco/patch/patch-services-context.xml
@@ -568,4 +568,22 @@
         </property>
     </bean>
 
+    <bean id="patch.authoritiesFolderPermission" class="org.alfresco.repo.admin.patch.impl.GenericBootstrapPatch" parent="basePatch" >
+        <property name="id"><value>patch.authoritiesFolderPermission</value></property>
+        <property name="description"><value>patch.authoritiesFolderPermission.description</value></property>
+        <property name="fixesFromSchema"><value>0</value></property>
+        <property name="fixesToSchema"><value>32</value></property>
+        <property name="targetSchema"><value>33</value></property>
+        <!-- bootstrap view -->
+        <property name="importerBootstrap">
+            <ref bean="userBootstrap" />
+        </property>
+        <property name="bootstrapView">
+            <props>
+                <prop key="path">/${alfresco_user_store.system_container.childname}</prop>
+                <prop key="location">alfresco/bootstrap/alfrescoAuthorityStorePermission.xml</prop>
+            </props>
+        </property>
+    </bean>
+
 </beans>
diff --git a/config/alfresco/version.properties b/config/alfresco/version.properties
index 79d864dbb9..f95eff8cbb 100644
--- a/config/alfresco/version.properties
+++ b/config/alfresco/version.properties
@@ -19,4 +19,4 @@ version.build=@build-number@
 
 # Schema number
 
-version.schema=32
+version.schema=33
diff --git a/source/java/org/alfresco/repo/admin/patch/impl/GenericBootstrapPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/GenericBootstrapPatch.java
index 93a10ff8b6..d97943e8c2 100644
--- a/source/java/org/alfresco/repo/admin/patch/impl/GenericBootstrapPatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/GenericBootstrapPatch.java
@@ -80,7 +80,6 @@ public class GenericBootstrapPatch extends AbstractPatch
     protected void checkProperties()
     {
         checkPropertyNotNull(importerBootstrap, "importerBootstrap");
-        checkPropertyNotNull(checkPath, "checkPath");
         checkPropertyNotNull(bootstrapView, "bootstrapView");
         // fulfil contract of override
         super.checkProperties();
@@ -91,21 +90,24 @@ public class GenericBootstrapPatch extends AbstractPatch
     {
         StoreRef storeRef = importerBootstrap.getStoreRef();
         NodeRef rootNodeRef = nodeService.getRootNode(storeRef);
-        List<NodeRef> results = searchService.selectNodes(
-                rootNodeRef,
-                checkPath,
-                null,
-                namespaceService,
-                false);
-        if (results.size() > 1)
+        if (checkPath != null)
         {
-            throw new PatchException(ERR_MULTIPLE_FOUND, checkPath);
-        }
-        else if (results.size() == 1)
-        {
-            // nothing to do - it exsists
-            return I18NUtil.getMessage(MSG_EXISTS, checkPath);
-            
+            List<NodeRef> results = searchService.selectNodes(
+                    rootNodeRef,
+                    checkPath,
+                    null,
+                    namespaceService,
+                    false);
+            if (results.size() > 1)
+            {
+                throw new PatchException(ERR_MULTIPLE_FOUND, checkPath);
+            }
+            else if (results.size() == 1)
+            {
+                // nothing to do - it exsists
+                return I18NUtil.getMessage(MSG_EXISTS, checkPath);
+                
+            }
         }
         String path = bootstrapView.getProperty("path");
         List<Properties> bootstrapViews = Collections.singletonList(bootstrapView);
diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityDAO.java b/source/java/org/alfresco/repo/security/authority/AuthorityDAO.java
index 4dbf17f4cb..161487833a 100644
--- a/source/java/org/alfresco/repo/security/authority/AuthorityDAO.java
+++ b/source/java/org/alfresco/repo/security/authority/AuthorityDAO.java
@@ -105,4 +105,13 @@ public interface AuthorityDAO
      * @return
      */
     NodeRef getAuthorityNodeRefOrNull(String name);
+
+    /**
+     * Gets the name for the given authority node
+     * 
+     * @param authorityRef  authority node
+     * @return  name
+     */
+    public String getAuthorityName(NodeRef authorityRef);
+
 }
diff --git a/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java b/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
index 2d4c4e618d..e846a5ec99 100644
--- a/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
+++ b/source/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
@@ -495,4 +495,22 @@ public class AuthorityDAOImpl implements AuthorityDAO
         return getAuthorityOrNull(name);
     }
 
+    public String getAuthorityName(NodeRef authorityRef)
+    {
+        String name = null;
+        if (nodeService.exists(authorityRef))
+        {
+            QName type = nodeService.getType(authorityRef);
+            if (type.equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
+            {
+                name = (String)nodeService.getProperty(authorityRef, ContentModel.PROP_AUTHORITY_NAME);
+            }
+            else if (type.equals(ContentModel.TYPE_AUTHORITY))
+            {
+                name = (String)nodeService.getProperty(authorityRef, ContentModel.PROP_USER_USERNAME);
+            }
+        }
+        return name;
+    }
+    
 }
diff --git a/source/java/org/alfresco/repo/workflow/jbpm/AlfrescoAssignment.java b/source/java/org/alfresco/repo/workflow/jbpm/AlfrescoAssignment.java
index d1876da8f0..27b0493f07 100644
--- a/source/java/org/alfresco/repo/workflow/jbpm/AlfrescoAssignment.java
+++ b/source/java/org/alfresco/repo/workflow/jbpm/AlfrescoAssignment.java
@@ -18,8 +18,10 @@ package org.alfresco.repo.workflow.jbpm;
 
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.jscript.Node;
+import org.alfresco.repo.security.authority.AuthorityDAO;
 import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.workflow.WorkflowException;
+import org.alfresco.service.namespace.QName;
 import org.dom4j.Element;
 import org.jbpm.graph.exe.ExecutionContext;
 import org.jbpm.taskmgmt.exe.Assignable;
@@ -36,6 +38,7 @@ public class AlfrescoAssignment extends JBPMSpringAssignmentHandler
 {
     private static final long serialVersionUID = 1025667849552265719L;
     private ServiceRegistry services;
+    private AuthorityDAO authorityDAO;
 
     private Element actor;
     private Element pooledactors;
@@ -48,6 +51,7 @@ public class AlfrescoAssignment extends JBPMSpringAssignmentHandler
     protected void initialiseHandler(BeanFactory factory)
     {
         services = (ServiceRegistry)factory.getBean(ServiceRegistry.SERVICE_REGISTRY);
+        authorityDAO = (AuthorityDAO)factory.getBean("authorityDAO");
     }
 
     
@@ -79,24 +83,21 @@ public class AlfrescoAssignment extends JBPMSpringAssignmentHandler
                     {
                         throw new WorkflowException("actor expression '" + actorValStr + "' evaluates to null");
                     }
-    
+
+                    String actor = null;
                     if (eval instanceof String)
                     {
-                        assignedActor = (String)eval;
+                        actor = (String)eval;
                     }
                     else if (eval instanceof Node)
                     {
-                        Node node = (Node)eval;
-                        if (!node.getType().equals(ContentModel.TYPE_PERSON))
-                        {
-                            throw new WorkflowException("actor expression does not evaluate to a person");
-                        }
-                        assignedActor = (String)node.getProperties().get(ContentModel.PROP_USERNAME);
+                        actor = mapAuthorityToName((Node)eval, false);
                     }
-                    else
+                    if (actor == null)
                     {
-                        throw new WorkflowException("actor expression does not evaluate to a person");
+                        throw new WorkflowException("actor expression must evaluate to a person");
                     }
+                    assignedActor = actor;
                 }
                 else
                 {
@@ -132,36 +133,23 @@ public class AlfrescoAssignment extends JBPMSpringAssignmentHandler
                         int i = 0;
                         for (Node node : (Node[])nodes)
                         {
-                            if (node.getType().equals(ContentModel.TYPE_PERSON))
-                            {
-                                assignedPooledActors[i++] = (String)node.getProperties().get(ContentModel.PROP_USERNAME);
-                            }
-                            else if (node.getType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
-                            {
-                                assignedPooledActors[i++] = (String)node.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
-                            }
-                            else
+                            String actor = mapAuthorityToName(node, true);
+                            if (actor == null)
                             {
                                 throw new WorkflowException("pooledactors expression does not evaluate to a collection of authorities");
                             }
+                            assignedPooledActors[i++] = actor;
                         }
                     }
                     else if (eval instanceof Node)
                     {
-                        assignedPooledActors = new String[1];
                         Node node = (Node)eval;
-                        if (node.getType().equals(ContentModel.TYPE_PERSON))
-                        {
-                            assignedPooledActors[0] = (String)node.getProperties().get(ContentModel.PROP_USERNAME);
-                        }
-                        else if (node.getType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
-                        {
-                            assignedPooledActors[0] = (String)node.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
-                        }
-                        else
+                        String actor = mapAuthorityToName(node, true);
+                        if (actor == null)
                         {
                             throw new WorkflowException("pooledactors expression does not evaluate to a collection of authorities");
                         }
+                        assignedPooledActors = new String[] {actor};
                     }
                 }
                 else
@@ -184,4 +172,30 @@ public class AlfrescoAssignment extends JBPMSpringAssignmentHandler
         }
     }
 
+    
+    /**
+     * Convert Alfresco authority to actor id
+     *  
+     * @param authority
+     * @return  actor id
+     */
+    private String mapAuthorityToName(Node authority, boolean allowGroup)
+    {
+        String name = null;
+        QName type = authority.getType();
+        if (type.equals(ContentModel.TYPE_PERSON))
+        {
+            name = (String)authority.getProperties().get(ContentModel.PROP_USERNAME);
+        }
+        else if (type.equals(ContentModel.TYPE_AUTHORITY))
+        {
+            name = authorityDAO.getAuthorityName(authority.getNodeRef());
+        }
+        else if (allowGroup && type.equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
+        {
+            name = authorityDAO.getAuthorityName(authority.getNodeRef());
+        }
+        return name;
+    }
+    
 }
diff --git a/source/java/org/alfresco/repo/workflow/jbpm/JBPMEngine.java b/source/java/org/alfresco/repo/workflow/jbpm/JBPMEngine.java
index e97b7f7467..8b3d9bc19d 100644
--- a/source/java/org/alfresco/repo/workflow/jbpm/JBPMEngine.java
+++ b/source/java/org/alfresco/repo/workflow/jbpm/JBPMEngine.java
@@ -1517,20 +1517,13 @@ public class JBPMEngine extends BPMEngine
                             int i = 0;
                             for (JBPMNode actor : actors)
                             {
-                                if (actor.getType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
-                                {
-                                    pooledActors[i++] = (String)actor.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
-                                }
-                                else
-                                {
-                                    pooledActors[i++] = actor.getName();
-                                }
+                                pooledActors[i++] = mapAuthorityToName(actor.getNodeRef());
                             }
                         }
                         else if (value instanceof JBPMNode)
                         {
                             JBPMNode node = (JBPMNode)value;
-                            pooledActors = new String[] {(node.getType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER)) ? (String)node.getProperties().get(ContentModel.PROP_AUTHORITY_NAME) : node.getName()};
+                            pooledActors = new String[] {mapAuthorityToName(node.getNodeRef())};
                         }
                         else
                         {
@@ -1846,6 +1839,27 @@ public class JBPMEngine extends BPMEngine
         }
         return authority;
     }
+
+    /**
+     * Convert Alfresco authority to actor id
+     *  
+     * @param authority
+     * @return  actor id
+     */
+    private String mapAuthorityToName(NodeRef authority)
+    {
+        String name = null;
+        QName type = nodeService.getType(authority);
+        if (type.equals(ContentModel.TYPE_PERSON))
+        {
+            name = (String)nodeService.getProperty(authority, ContentModel.PROP_USERNAME);
+        }
+        else
+        {
+            name = authorityDAO.getAuthorityName(authority);
+        }
+        return name;
+    }
     
     /**
      * Map jBPM variable name to QName