inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert to original code structure pre-mavenization

Browse Source 
* merges from previous branches are now possible without tree conflicts
  * added back missing commits when structure was changed (r59445, r59446) .. see RM-765
  * updated Maven POM's to use existing code structure
  * NOTE: r59454 and r59473 may have been missed in this update .. will go back and re-add



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@59491 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2014-01-08 06:38:59 +00:00
parent 098833f8d5
commit ebe454f13e
885 changed files with 535 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
rm-server/source/java/org/alfresco/repo/security/authority/RMAuthority.java Normal file
View File

@@ -0,0 +1,43 @@
/*
* Copyright (C) 2005-2013 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.authority;
/**
* Interface for defining constants
*
* @author Tuna Aksoy
* @since 2.1
*/
public interface RMAuthority
{
/**
* The default rm zone.
*/
public static String ZONE_APP_RM = "APP.RM";
/**
* The constant for all roles display name
*/
public static String ALL_ROLES_DISPLAY_NAME = "All Roles";
/**
* The constant for all roles prefix
*/
public static String ALL_ROLES_PREFIX = "AllRoles";
}

81
rm-server/source/java/org/alfresco/repo/security/authority/RMAuthorityDAOImpl.java Normal file
View File

@@ -0,0 +1,81 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.authority;
import java.util.Set;
import java.util.regex.Pattern;
import org.alfresco.service.cmr.security.AuthorityType;
/**
* This class extends {@link AuthorityDAOImpl}</br>
* and overrides two methods from the original class</br>
* </br>
* addAuthorityNameIfMatches(Set<String> authorities, String authorityName, AuthorityType type)</br>
* </br>
* and</br>
* </br>
* addAuthorityNameIfMatches(Set<String> authorities, String authorityName, AuthorityType type, Pattern pattern)</br>
*/
public class RMAuthorityDAOImpl extends AuthorityDAOImpl
{
protected void addAuthorityNameIfMatches(Set<String> authorities, String authorityName, AuthorityType type)
{
if (isAuthorityNameMatching(authorities, authorityName, type))
{
authorities.add(authorityName);
}
}
protected void addAuthorityNameIfMatches(Set<String> authorities, String authorityName, AuthorityType type, Pattern pattern)
{
if (isAuthorityNameMatching(authorities, authorityName, type))
{
if (pattern == null)
{
authorities.add(authorityName);
}
else
{
if (pattern.matcher(getShortName(authorityName)).matches())
{
authorities.add(authorityName);
}
else
{
String displayName = getAuthorityDisplayName(authorityName);
if (displayName != null && pattern.matcher(displayName).matches())
{
authorities.add(authorityName);
}
}
}
}
}
private boolean isAuthorityNameMatching(Set<String> authorities, String authorityName, AuthorityType type)
{
boolean isMatching = false;
if (type == null || AuthorityType.getAuthorityType(authorityName).equals(type) && !getAuthorityZones(authorityName).contains("APP.RM"))
{
isMatching = true;
}
return isMatching;
}
}

34
rm-server/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionService.java Normal file
View File

@@ -0,0 +1,34 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.permissions.impl;
import java.util.Set;
import org.alfresco.service.cmr.security.PermissionService;
/**
* Extended Permission Service Interface used in RM.
*
* @author Roy Wetherall
* @since 2.1
*/
public interface ExtendedPermissionService extends PermissionService
{
public Set<String> getWriters(Long aclId);
}

266
rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java Normal file
View File

@@ -0,0 +1,266 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.permissions.impl;
import java.io.Serializable;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.util.PropertyCheck;
import org.springframework.context.ApplicationEvent;
/**
* Extends the core permission service implementation allowing the consideration of the read records
* permission.
* <p>
* This is required for SOLR support.
*
* @author Roy Wetherall
*/
public class RMPermissionServiceImpl extends PermissionServiceImpl
implements ExtendedPermissionService
{
/** Writers simple cache */
protected SimpleCache<Serializable, Set<String>> writersCache;
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
*/
@Override
public void setAnyDenyDenies(boolean anyDenyDenies)
{
super.setAnyDenyDenies(anyDenyDenies);
writersCache.clear();
}
/**
* @param writersCache the writersCache to set
*/
public void setWritersCache(SimpleCache<Serializable, Set<String>> writersCache)
{
this.writersCache = writersCache;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#onBootstrap(org.springframework.context.ApplicationEvent)
*/
@Override
protected void onBootstrap(ApplicationEvent event)
{
super.onBootstrap(event);
PropertyCheck.mandatory(this, "writersCache", writersCache);
}
/**
* Override to deal with the possibility of hard coded permission checks in core code.
*
* Note: Eventually we need to merge the RM permission model into the core to make this more rebust.
*
* @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#hasPermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
*/
@Override
public AccessStatus hasPermission(NodeRef nodeRef, String perm)
{
AccessStatus acs = super.hasPermission(nodeRef, perm);
if (AccessStatus.DENIED.equals(acs) == true &&
PermissionService.READ.equals(perm) == true &&
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
{
return super.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS);
}
else if (AccessStatus.DENIED.equals(acs) == true &&
PermissionService.WRITE.equals(perm) == true &&
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
{
return super.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS);
}
return acs;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#canRead(java.lang.Long)
*/
@Override
protected AccessStatus canRead(Long aclId)
{
Set<String> authorities = getAuthorisations();
// test denied
if(anyDenyDenies)
{
Set<String> aclReadersDenied = getReadersDenied(aclId);
for(String auth : aclReadersDenied)
{
if(authorities.contains(auth))
{
return AccessStatus.DENIED;
}
}
}
// test acl readers
Set<String> aclReaders = getReaders(aclId);
for(String auth : aclReaders)
{
if(authorities.contains(auth))
{
return AccessStatus.ALLOWED;
}
}
return AccessStatus.DENIED;
}
/**
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#getReaders(java.lang.Long)
*/
@Override
public Set<String> getReaders(Long aclId)
{
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null)
{
return Collections.emptySet();
}
Set<String> aclReaders = readersCache.get((Serializable)acl.getProperties());
if (aclReaders != null)
{
return aclReaders;
}
HashSet<String> assigned = new HashSet<String>();
HashSet<String> readers = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries())
{
assigned.add(ace.getAuthority());
}
for (String authority : assigned)
{
UnconditionalAclTest test = new UnconditionalAclTest(getPermissionReference(PermissionService.READ));
UnconditionalAclTest rmTest = new UnconditionalAclTest(getPermissionReference(RMPermissionModel.READ_RECORDS));
if (test.evaluate(authority, aclId) || rmTest.evaluate(authority, aclId))
{
readers.add(authority);
}
}
aclReaders = Collections.unmodifiableSet(readers);
readersCache.put((Serializable)acl.getProperties(), aclReaders);
return aclReaders;
}
/**
* Override with check for RM read
*
* @param aclId
* @return
*/
private Set<String> getReadersDenied(Long aclId)
{
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null)
{
return Collections.emptySet();
}
Set<String> denied = readersDeniedCache.get(aclId);
if (denied != null)
{
return denied;
}
denied = new HashSet<String>();
Set<String> assigned = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries())
{
assigned.add(ace.getAuthority());
}
for(String authority : assigned)
{
UnconditionalDeniedAclTest test = new UnconditionalDeniedAclTest(getPermissionReference(PermissionService.READ));
UnconditionalDeniedAclTest rmTest = new UnconditionalDeniedAclTest(getPermissionReference(RMPermissionModel.READ_RECORDS));
if(test.evaluate(authority, aclId) || rmTest.evaluate(authority, aclId))
{
denied.add(authority);
}
}
readersDeniedCache.put((Serializable)acl.getProperties(), denied);
return denied;
}
/**
* @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#getWriters(java.lang.Long)
*/
public Set<String> getWriters(Long aclId)
{
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null)
{
return Collections.emptySet();
}
Set<String> aclWriters = writersCache.get((Serializable)acl.getProperties());
if (aclWriters != null)
{
return aclWriters;
}
HashSet<String> assigned = new HashSet<String>();
HashSet<String> readers = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries())
{
assigned.add(ace.getAuthority());
}
for (String authority : assigned)
{
UnconditionalAclTest test = new UnconditionalAclTest(getPermissionReference(PermissionService.WRITE));
if (test.evaluate(authority, aclId))
{
readers.add(authority);
}
}
aclWriters = Collections.unmodifiableSet(readers);
writersCache.put((Serializable)acl.getProperties(), aclWriters);
return aclWriters;
}
}

51
rm-server/source/java/org/alfresco/repo/security/permissions/impl/acegi/RMACLEntryVoter.java Normal file
View File

@@ -0,0 +1,51 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.permissions.impl.acegi;
import java.lang.reflect.Method;
import org.alfresco.service.cmr.security.OwnableService;
/**
* This is a workaround to make RM 2.1 backwards compatible with the Community version 4.2.d.
* This class will be removed after Community 4.2.e has been released.
*
* @author Tuna Aksoy
* @since 2.1
*/
public class RMACLEntryVoter extends ACLEntryVoter
{
public void setOwnableService(OwnableService ownableService)
{
boolean exists = false;
Method[] declaredMethods = ACLEntryVoter.class.getDeclaredMethods();
for (Method method : declaredMethods)
{
if (method.getName().equals("setOwnableService"))
{
exists = true;
break;
}
}
if (exists)
{
super.setOwnableService(ownableService);
}
}
}