mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
Workflow:
- Ensure group support is available to all users (i.e. fix up all permission errors) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@4927 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
David Caruana
@@ -66,6 +66,10 @@
|
||||
<prop key="path">/${alfresco_user_store.system_container.childname}</prop>
|
||||
<prop key="location">alfresco/bootstrap/alfrescoAuthorityStore.xml</prop>
|
||||
</props>
|
||||
<props>
|
||||
<prop key="path">/${alfresco_user_store.system_container.childname}</prop>
|
||||
<prop key="location">alfresco/bootstrap/alfrescoAuthorityStorePermission.xml</prop>
|
||||
</props>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
<view:view xmlns:view="http://www.alfresco.org/view/repository/1.0"
|
||||
xmlns:cm="http://www.alfresco.org/model/content/1.0"
|
||||
xmlns:sys="http://www.alfresco.org/model/system/1.0"
|
||||
xmlns:usr="http://www.alfresco.org/model/user/1.0"
|
||||
xmlns:app="http://www.alfresco.org/model/application/1.0">
|
||||
|
||||
<view:reference view:pathref="${alfresco_user_store.authorities_container.childname}">
|
||||
<view:acl>
|
||||
<view:ace view:access="ALLOWED">
|
||||
<view:authority>GROUP_EVERYONE</view:authority>
|
||||
<view:permission>Read</view:permission>
|
||||
</view:ace>
|
||||
</view:acl>
|
||||
</view:reference>
|
||||
|
||||
</view:view>
|
||||
@@ -32,6 +32,8 @@ patch.updatePermissionData.result=Changed {0} 'folder' access control entries to
|
||||
|
||||
patch.authoritiesFolder.description=Ensures the existence of the user authorities folder [JIRA: AR-497].
|
||||
|
||||
patch.authoritiesFolderPermission.description=Ensures group authorities are visible to everyone.
|
||||
|
||||
patch.guestUser.description=Add the guest user, guest home space; and fix permissions on company home, guest home and guest person.
|
||||
patch.guestUser.result=Added guest user and fixed permissions.
|
||||
|
||||
|
||||
@@ -568,4 +568,22 @@
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="patch.authoritiesFolderPermission" class="org.alfresco.repo.admin.patch.impl.GenericBootstrapPatch" parent="basePatch" >
|
||||
<property name="id"><value>patch.authoritiesFolderPermission</value></property>
|
||||
<property name="description"><value>patch.authoritiesFolderPermission.description</value></property>
|
||||
<property name="fixesFromSchema"><value>0</value></property>
|
||||
<property name="fixesToSchema"><value>32</value></property>
|
||||
<property name="targetSchema"><value>33</value></property>
|
||||
<!-- bootstrap view -->
|
||||
<property name="importerBootstrap">
|
||||
<ref bean="userBootstrap" />
|
||||
</property>
|
||||
<property name="bootstrapView">
|
||||
<props>
|
||||
<prop key="path">/${alfresco_user_store.system_container.childname}</prop>
|
||||
<prop key="location">alfresco/bootstrap/alfrescoAuthorityStorePermission.xml</prop>
|
||||
</props>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
|
||||
@@ -19,4 +19,4 @@ version.build=@build-number@
|
||||
|
||||
# Schema number
|
||||
|
||||
version.schema=32
|
||||
version.schema=33
|
||||
|
||||
@@ -80,7 +80,6 @@ public class GenericBootstrapPatch extends AbstractPatch
|
||||
protected void checkProperties()
|
||||
{
|
||||
checkPropertyNotNull(importerBootstrap, "importerBootstrap");
|
||||
checkPropertyNotNull(checkPath, "checkPath");
|
||||
checkPropertyNotNull(bootstrapView, "bootstrapView");
|
||||
// fulfil contract of override
|
||||
super.checkProperties();
|
||||
@@ -91,6 +90,8 @@ public class GenericBootstrapPatch extends AbstractPatch
|
||||
{
|
||||
StoreRef storeRef = importerBootstrap.getStoreRef();
|
||||
NodeRef rootNodeRef = nodeService.getRootNode(storeRef);
|
||||
if (checkPath != null)
|
||||
{
|
||||
List<NodeRef> results = searchService.selectNodes(
|
||||
rootNodeRef,
|
||||
checkPath,
|
||||
@@ -107,6 +108,7 @@ public class GenericBootstrapPatch extends AbstractPatch
|
||||
return I18NUtil.getMessage(MSG_EXISTS, checkPath);
|
||||
|
||||
}
|
||||
}
|
||||
String path = bootstrapView.getProperty("path");
|
||||
List<Properties> bootstrapViews = Collections.singletonList(bootstrapView);
|
||||
// modify the bootstrapper
|
||||
|
||||
@@ -105,4 +105,13 @@ public interface AuthorityDAO
|
||||
* @return
|
||||
*/
|
||||
NodeRef getAuthorityNodeRefOrNull(String name);
|
||||
|
||||
/**
|
||||
* Gets the name for the given authority node
|
||||
*
|
||||
* @param authorityRef authority node
|
||||
* @return name
|
||||
*/
|
||||
public String getAuthorityName(NodeRef authorityRef);
|
||||
|
||||
}
|
||||
|
||||
@@ -495,4 +495,22 @@ public class AuthorityDAOImpl implements AuthorityDAO
|
||||
return getAuthorityOrNull(name);
|
||||
}
|
||||
|
||||
public String getAuthorityName(NodeRef authorityRef)
|
||||
{
|
||||
String name = null;
|
||||
if (nodeService.exists(authorityRef))
|
||||
{
|
||||
QName type = nodeService.getType(authorityRef);
|
||||
if (type.equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
||||
{
|
||||
name = (String)nodeService.getProperty(authorityRef, ContentModel.PROP_AUTHORITY_NAME);
|
||||
}
|
||||
else if (type.equals(ContentModel.TYPE_AUTHORITY))
|
||||
{
|
||||
name = (String)nodeService.getProperty(authorityRef, ContentModel.PROP_USER_USERNAME);
|
||||
}
|
||||
}
|
||||
return name;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -18,8 +18,10 @@ package org.alfresco.repo.workflow.jbpm;
|
||||
|
||||
import org.alfresco.model.ContentModel;
|
||||
import org.alfresco.repo.jscript.Node;
|
||||
import org.alfresco.repo.security.authority.AuthorityDAO;
|
||||
import org.alfresco.service.ServiceRegistry;
|
||||
import org.alfresco.service.cmr.workflow.WorkflowException;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
import org.dom4j.Element;
|
||||
import org.jbpm.graph.exe.ExecutionContext;
|
||||
import org.jbpm.taskmgmt.exe.Assignable;
|
||||
@@ -36,6 +38,7 @@ public class AlfrescoAssignment extends JBPMSpringAssignmentHandler
|
||||
{
|
||||
private static final long serialVersionUID = 1025667849552265719L;
|
||||
private ServiceRegistry services;
|
||||
private AuthorityDAO authorityDAO;
|
||||
|
||||
private Element actor;
|
||||
private Element pooledactors;
|
||||
@@ -48,6 +51,7 @@ public class AlfrescoAssignment extends JBPMSpringAssignmentHandler
|
||||
protected void initialiseHandler(BeanFactory factory)
|
||||
{
|
||||
services = (ServiceRegistry)factory.getBean(ServiceRegistry.SERVICE_REGISTRY);
|
||||
authorityDAO = (AuthorityDAO)factory.getBean("authorityDAO");
|
||||
}
|
||||
|
||||
|
||||
@@ -80,23 +84,20 @@ public class AlfrescoAssignment extends JBPMSpringAssignmentHandler
|
||||
throw new WorkflowException("actor expression '" + actorValStr + "' evaluates to null");
|
||||
}
|
||||
|
||||
String actor = null;
|
||||
if (eval instanceof String)
|
||||
{
|
||||
assignedActor = (String)eval;
|
||||
actor = (String)eval;
|
||||
}
|
||||
else if (eval instanceof Node)
|
||||
{
|
||||
Node node = (Node)eval;
|
||||
if (!node.getType().equals(ContentModel.TYPE_PERSON))
|
||||
actor = mapAuthorityToName((Node)eval, false);
|
||||
}
|
||||
if (actor == null)
|
||||
{
|
||||
throw new WorkflowException("actor expression does not evaluate to a person");
|
||||
}
|
||||
assignedActor = (String)node.getProperties().get(ContentModel.PROP_USERNAME);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new WorkflowException("actor expression does not evaluate to a person");
|
||||
throw new WorkflowException("actor expression must evaluate to a person");
|
||||
}
|
||||
assignedActor = actor;
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -132,36 +133,23 @@ public class AlfrescoAssignment extends JBPMSpringAssignmentHandler
|
||||
int i = 0;
|
||||
for (Node node : (Node[])nodes)
|
||||
{
|
||||
if (node.getType().equals(ContentModel.TYPE_PERSON))
|
||||
{
|
||||
assignedPooledActors[i++] = (String)node.getProperties().get(ContentModel.PROP_USERNAME);
|
||||
}
|
||||
else if (node.getType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
||||
{
|
||||
assignedPooledActors[i++] = (String)node.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
||||
}
|
||||
else
|
||||
String actor = mapAuthorityToName(node, true);
|
||||
if (actor == null)
|
||||
{
|
||||
throw new WorkflowException("pooledactors expression does not evaluate to a collection of authorities");
|
||||
}
|
||||
assignedPooledActors[i++] = actor;
|
||||
}
|
||||
}
|
||||
else if (eval instanceof Node)
|
||||
{
|
||||
assignedPooledActors = new String[1];
|
||||
Node node = (Node)eval;
|
||||
if (node.getType().equals(ContentModel.TYPE_PERSON))
|
||||
{
|
||||
assignedPooledActors[0] = (String)node.getProperties().get(ContentModel.PROP_USERNAME);
|
||||
}
|
||||
else if (node.getType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
||||
{
|
||||
assignedPooledActors[0] = (String)node.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
||||
}
|
||||
else
|
||||
String actor = mapAuthorityToName(node, true);
|
||||
if (actor == null)
|
||||
{
|
||||
throw new WorkflowException("pooledactors expression does not evaluate to a collection of authorities");
|
||||
}
|
||||
assignedPooledActors = new String[] {actor};
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -184,4 +172,30 @@ public class AlfrescoAssignment extends JBPMSpringAssignmentHandler
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Convert Alfresco authority to actor id
|
||||
*
|
||||
* @param authority
|
||||
* @return actor id
|
||||
*/
|
||||
private String mapAuthorityToName(Node authority, boolean allowGroup)
|
||||
{
|
||||
String name = null;
|
||||
QName type = authority.getType();
|
||||
if (type.equals(ContentModel.TYPE_PERSON))
|
||||
{
|
||||
name = (String)authority.getProperties().get(ContentModel.PROP_USERNAME);
|
||||
}
|
||||
else if (type.equals(ContentModel.TYPE_AUTHORITY))
|
||||
{
|
||||
name = authorityDAO.getAuthorityName(authority.getNodeRef());
|
||||
}
|
||||
else if (allowGroup && type.equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
||||
{
|
||||
name = authorityDAO.getAuthorityName(authority.getNodeRef());
|
||||
}
|
||||
return name;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1517,20 +1517,13 @@ public class JBPMEngine extends BPMEngine
|
||||
int i = 0;
|
||||
for (JBPMNode actor : actors)
|
||||
{
|
||||
if (actor.getType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
||||
{
|
||||
pooledActors[i++] = (String)actor.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
||||
}
|
||||
else
|
||||
{
|
||||
pooledActors[i++] = actor.getName();
|
||||
}
|
||||
pooledActors[i++] = mapAuthorityToName(actor.getNodeRef());
|
||||
}
|
||||
}
|
||||
else if (value instanceof JBPMNode)
|
||||
{
|
||||
JBPMNode node = (JBPMNode)value;
|
||||
pooledActors = new String[] {(node.getType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER)) ? (String)node.getProperties().get(ContentModel.PROP_AUTHORITY_NAME) : node.getName()};
|
||||
pooledActors = new String[] {mapAuthorityToName(node.getNodeRef())};
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -1847,6 +1840,27 @@ public class JBPMEngine extends BPMEngine
|
||||
return authority;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert Alfresco authority to actor id
|
||||
*
|
||||
* @param authority
|
||||
* @return actor id
|
||||
*/
|
||||
private String mapAuthorityToName(NodeRef authority)
|
||||
{
|
||||
String name = null;
|
||||
QName type = nodeService.getType(authority);
|
||||
if (type.equals(ContentModel.TYPE_PERSON))
|
||||
{
|
||||
name = (String)nodeService.getProperty(authority, ContentModel.PROP_USERNAME);
|
||||
}
|
||||
else
|
||||
{
|
||||
name = authorityDAO.getAuthorityName(authority);
|
||||
}
|
||||
return name;
|
||||
}
|
||||
|
||||
/**
|
||||
* Map jBPM variable name to QName
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user