diff --git a/config/alfresco/web-client-config-wcm-actions.xml b/config/alfresco/web-client-config-wcm-actions.xml index 87b20fd9f2..562374f979 100644 --- a/config/alfresco/web-client-config-wcm-actions.xml +++ b/config/alfresco/web-client-config-wcm-actions.xml @@ -80,7 +80,7 @@ - Read + Write org.alfresco.web.action.evaluator.WCMWorkflowEvaluator submit @@ -95,7 +95,7 @@ - Read + Write org.alfresco.web.action.evaluator.WCMWorkflowEvaluator revert diff --git a/source/java/org/alfresco/web/bean/wcm/AVMConstants.java b/source/java/org/alfresco/web/bean/wcm/AVMConstants.java index 93e05f48b2..9da1dedf54 100644 --- a/source/java/org/alfresco/web/bean/wcm/AVMConstants.java +++ b/source/java/org/alfresco/web/bean/wcm/AVMConstants.java @@ -751,6 +751,10 @@ public final class AVMConstants public final static String SPACE_ICON_WEBSITE = "space-icon-website"; + // web user role permissions + public final static String ROLE_CONTENT_MANAGER = "ContentManager"; + public final static String ROLE_CONTENT_PUBLISHER = "ContentPublisher"; + // virtualisation server MBean registry private static final String BEAN_VIRT_SERVER_REGISTRY = "VirtServerRegistry"; diff --git a/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java b/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java index 305529764e..bb39d55833 100644 --- a/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java +++ b/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java @@ -182,14 +182,13 @@ public class CreateWebsiteWizard extends BaseWizardBean if (outcome != null) { // create the AVM staging store to represent the newly created location website - SandboxFactory.createStagingSandbox(avmStore, nodeRef, wiz.getManagers()); + SandboxFactory.createStagingSandbox(avmStore, nodeRef); // create the default webapp folder under the hidden system folders final String stagingStore = AVMConstants.buildStagingStoreName(avmStore); final String stagingStoreRoot = AVMConstants.buildSandboxRootPath(stagingStore); this.avmService.createDirectory(stagingStoreRoot, webapp); - this.avmService.addAspect(AVMNodeConverter.ExtendAVMPath(stagingStoreRoot, - webapp), + this.avmService.addAspect(AVMNodeConverter.ExtendAVMPath(stagingStoreRoot, webapp), WCMAppModel.ASPECT_WEBAPP); // set the property on the node to reference the root AVM store @@ -453,7 +452,7 @@ public class CreateWebsiteWizard extends BaseWizardBean if (foundCurrentUser == false) { buf.append(getInviteUsersWizard().buildLabelForUserAuthorityRole( - currentUser, SandboxFactory.ROLE_CONTENT_MANAGER)); + currentUser, AVMConstants.ROLE_CONTENT_MANAGER)); } return buildSummary( diff --git a/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java b/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java index dfe387f7df..a7090568f4 100644 --- a/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java +++ b/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java @@ -114,7 +114,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard { foundCurrentUser = true; } - if (SandboxFactory.ROLE_CONTENT_MANAGER.equals(userRole.getRole())) + if (AVMConstants.ROLE_CONTENT_MANAGER.equals(userRole.getRole())) { this.managers.add(userAuth); } @@ -123,7 +123,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard if (foundCurrentUser == false) { - this.userGroupRoles.add(new UserGroupRole(currentUser, SandboxFactory.ROLE_CONTENT_MANAGER, null)); + this.userGroupRoles.add(new UserGroupRole(currentUser, AVMConstants.ROLE_CONTENT_MANAGER, null)); this.managers.add(currentUser); } } @@ -135,7 +135,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard { for (String userAuth : findNestedUserAuthorities(userRole.getAuthority())) { - if (SandboxFactory.ROLE_CONTENT_MANAGER.equals(userRole.getRole())) + if (AVMConstants.ROLE_CONTENT_MANAGER.equals(userRole.getRole())) { this.managers.add(userAuth); } @@ -150,7 +150,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME); String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE); - if (SandboxFactory.ROLE_CONTENT_MANAGER.equals(userrole) && + if (AVMConstants.ROLE_CONTENT_MANAGER.equals(userrole) && this.managers.contains(username) == false) { this.managers.add(username); @@ -266,7 +266,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard if (foundCurrentUser == false) { buf.append(buildLabelForUserAuthorityRole( - currentUser, SandboxFactory.ROLE_CONTENT_MANAGER)); + currentUser, AVMConstants.ROLE_CONTENT_MANAGER)); } return buildSummary( diff --git a/source/java/org/alfresco/web/bean/wcm/SandboxFactory.java b/source/java/org/alfresco/web/bean/wcm/SandboxFactory.java index 165ade73db..7e6ed69dee 100644 --- a/source/java/org/alfresco/web/bean/wcm/SandboxFactory.java +++ b/source/java/org/alfresco/web/bean/wcm/SandboxFactory.java @@ -20,15 +20,16 @@ import java.util.List; import java.util.Map; import javax.faces.context.FacesContext; + import org.alfresco.config.JNDIConstants; import org.alfresco.repo.avm.AVMNodeConverter; import org.alfresco.repo.domain.PropertyValue; +import org.alfresco.service.ServiceRegistry; import org.alfresco.service.cmr.avm.AVMService; import org.alfresco.service.cmr.dictionary.DataTypeDefinition; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.QName; -import org.alfresco.service.ServiceRegistry; import org.alfresco.util.GUID; import org.alfresco.web.bean.repository.Repository; import org.apache.commons.logging.Log; @@ -43,8 +44,6 @@ public final class SandboxFactory { private static Log logger = LogFactory.getLog(SandboxFactory.class); - public static final String ROLE_CONTENT_MANAGER = "ContentManager"; - /** * Private constructor */ @@ -64,13 +63,11 @@ public final class SandboxFactory * DNS: .dns. = * Website Name: .website.name = website name * - * @param storeId The store name to create the sandbox for - * @param webProjectNodeRef The noderef for the webproject. - * @param managers The list of authorities who have ContentManager role in the website + * @param storeId The store name to create the sandbox for + * @param webProjectNodeRef The noderef for the webproject. */ public static SandboxInfo createStagingSandbox(final String storeId, - final NodeRef webProjectNodeRef, - final List managers) + final NodeRef webProjectNodeRef) { final ServiceRegistry services = Repository.getServiceRegistry(FacesContext.getCurrentInstance()); final AVMService avmService = services.getAVMService(); @@ -84,11 +81,10 @@ public final class SandboxFactory // create the system directories 'www' and 'avm_webapps' avmService.createDirectory(stagingStoreName + ":/", JNDIConstants.DIR_DEFAULT_WWW); + // apply READ permissions for all users NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(stagingStoreName)); - for (String manager : managers) - { - permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true); - } + permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); + avmService.createDirectory(AVMConstants.buildStoreRootPath(stagingStoreName), JNDIConstants.DIR_DEFAULT_APPBASE); @@ -115,15 +111,12 @@ public final class SandboxFactory " above " + stagingStoreName); // create a layered directory pointing to 'www' in the staging area - avmService.createLayeredDirectory(AVMConstants.buildStoreRootPath(stagingStoreName), previewStoreName + ":/", JNDIConstants.DIR_DEFAULT_WWW); + // apply READ permissions for all users dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(previewStoreName)); - for (String manager : managers) - { - permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true); - } + permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); // tag the store with the store type avmService.setStoreProperty(previewStoreName, @@ -186,7 +179,7 @@ public final class SandboxFactory // create the user 'main' store final String userStoreName = AVMConstants.buildUserMainStoreName(storeId, username); final String previewStoreName = AVMConstants.buildUserPreviewStoreName(storeId, username); - + if (avmService.getStore(userStoreName) != null) { if (logger.isDebugEnabled()) @@ -195,7 +188,7 @@ public final class SandboxFactory } return new SandboxInfo( new String[] { userStoreName, previewStoreName } ); } - + avmService.createStore(userStoreName); final String stagingStoreName = AVMConstants.buildStagingStoreName(storeId); if (logger.isDebugEnabled()) @@ -207,23 +200,26 @@ public final class SandboxFactory userStoreName + ":/", JNDIConstants.DIR_DEFAULT_WWW); NodeRef dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(userStoreName)); + // apply the user role permissions to the sandbox permissionService.setPermission(dirRef, username, role, true); + permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); + // apply the manager role permission for each manager in the web project for (String manager : managers) { - permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true); + permissionService.setPermission(dirRef, manager, AVMConstants.ROLE_CONTENT_MANAGER, true); } // tag the store with the store type avmService.setStoreProperty(userStoreName, AVMConstants.PROP_SANDBOX_AUTHOR_MAIN, new PropertyValue(DataTypeDefinition.TEXT, null)); - + // tag the store with the base name of the website so that corresponding // staging areas can be found. avmService.setStoreProperty(userStoreName, AVMConstants.PROP_WEBSITE_NAME, new PropertyValue(DataTypeDefinition.TEXT, storeId)); - + // tag the store, oddly enough, with its own store name for querying. // when will the madness end. avmService.setStoreProperty(userStoreName, @@ -232,33 +228,36 @@ public final class SandboxFactory // tag the store with the DNS name property tagStoreDNSPath(avmService, userStoreName, storeId, username); - + // snapshot the store avmService.createSnapshot(userStoreName, null, null); - + // create the user 'preview' store avmService.createStore(previewStoreName); if (logger.isDebugEnabled()) logger.debug("Created user preview sandbox store: " + previewStoreName + " above " + userStoreName); - + // create a layered directory pointing to 'www' in the user 'main' store avmService.createLayeredDirectory(AVMConstants.buildStoreRootPath(userStoreName), previewStoreName + ":/", JNDIConstants.DIR_DEFAULT_WWW); dirRef = AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildStoreRootPath(previewStoreName)); + // apply the user role permissions to the sandbox permissionService.setPermission(dirRef, username, role, true); + permissionService.setPermission(dirRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true); + // apply the manager role permission for each manager in the web project for (String manager : managers) { - permissionService.setPermission(dirRef, manager, ROLE_CONTENT_MANAGER, true); + permissionService.setPermission(dirRef, manager, AVMConstants.ROLE_CONTENT_MANAGER, true); } - + // tag the store with the store type avmService.setStoreProperty(previewStoreName, AVMConstants.PROP_SANDBOX_AUTHOR_PREVIEW, new PropertyValue(DataTypeDefinition.TEXT, null)); - + // tag the store with its own store name for querying. avmService.setStoreProperty(previewStoreName, QName.createQName(null, AVMConstants.PROP_SANDBOX_STORE_PREFIX + previewStoreName), @@ -266,7 +265,7 @@ public final class SandboxFactory // tag the store with the DNS name property tagStoreDNSPath(avmService, previewStoreName, storeId, username, "preview"); - + // snapshot the store avmService.createSnapshot(previewStoreName, null, null); @@ -289,11 +288,7 @@ public final class SandboxFactory } /** - * Create a user sandbox for the named store. - * - * A user sandbox is comprised of two stores, the first - * named 'storename--username' layered over the staging store with a preview store - * named 'storename--username--preview' layered over the main store. + * Create a workflow sandbox for the named store. * * Various store meta-data properties are set including: * Identifier for store-types: .sandbox.author.main and .sandbox.author.preview diff --git a/source/java/org/alfresco/web/bean/wcm/WebProject.java b/source/java/org/alfresco/web/bean/wcm/WebProject.java index d4e1251450..659bb0b103 100644 --- a/source/java/org/alfresco/web/bean/wcm/WebProject.java +++ b/source/java/org/alfresco/web/bean/wcm/WebProject.java @@ -163,9 +163,6 @@ public class WebProject ///////////////////////////////////////////////////////////////////////////// - /** Content Manager role name */ - private static final String ROLE_CONTENT_MANAGER = "ContentManager"; - private final NodeRef nodeRef; public WebProject(final NodeRef nodeRef) @@ -268,7 +265,7 @@ public class WebProject final NodeRef userInfoRef = ref.getChildRef(); final String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME); final String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE); - if (currentUser.equals(username) && ROLE_CONTENT_MANAGER.equals(userrole)) + if (currentUser.equals(username) && AVMConstants.ROLE_CONTENT_MANAGER.equals(userrole)) { return true; } diff --git a/source/java/org/alfresco/web/ui/wcm/component/UIUserSandboxes.java b/source/java/org/alfresco/web/ui/wcm/component/UIUserSandboxes.java index 67b84cc354..9807ac1031 100644 --- a/source/java/org/alfresco/web/ui/wcm/component/UIUserSandboxes.java +++ b/source/java/org/alfresco/web/ui/wcm/component/UIUserSandboxes.java @@ -34,7 +34,6 @@ import javax.faces.context.ResponseWriter; import javax.faces.el.ValueBinding; import javax.transaction.UserTransaction; -import org.alfresco.model.ContentModel; import org.alfresco.model.WCMAppModel; import org.alfresco.repo.avm.AVMNodeConverter; import org.alfresco.service.cmr.avm.AVMNodeDescriptor; @@ -52,7 +51,6 @@ import org.alfresco.web.app.Application; import org.alfresco.web.app.servlet.DownloadContentServlet; import org.alfresco.web.bean.BrowseBean; import org.alfresco.web.bean.repository.Repository; -import org.alfresco.web.bean.repository.User; import org.alfresco.web.bean.wcm.AVMConstants; import org.alfresco.web.bean.wcm.AVMNode; import org.alfresco.web.bean.wcm.WebProject; @@ -111,9 +109,6 @@ public class UIUserSandboxes extends SelfRenderingComponent private static final String MSG_NO_MODIFIED_ITEMS = "sandbox_no_modified_items"; private static final String MSG_NO_WEB_FORMS = "sandbox_no_web_forms"; - /** Content Manager role name */ - private static final String ROLE_CONTENT_MANAGER = "ContentManager"; - private static final String REQUEST_FORM_REF = "formref"; private static final String REQUEST_PREVIEW_REF = "prevhref"; @@ -266,7 +261,6 @@ public class UIUserSandboxes extends SelfRenderingComponent ResourceBundle bundle = Application.getBundle(context); AVMService avmService = getAVMService(context); NodeService nodeService = getNodeService(context); - PermissionService permissionService = getPermissionService(context); UserTransaction tx = null; try { @@ -280,8 +274,9 @@ public class UIUserSandboxes extends SelfRenderingComponent } String storeRoot = (String)nodeService.getProperty(websiteRef, WCMAppModel.PROP_AVMSTORE); - // find out if this user is a Content Manager - boolean isManager = isManagerRole(context, nodeService, websiteRef); + // find out the current user role in the web project + String currentUserName = Application.getCurrentUser(context).getUserName(); + String currentUserRole = getWebProjectUserRole(currentUserName, nodeService, websiteRef); // get the list of users who have a sandbox in the website int index = 0; @@ -305,10 +300,10 @@ public class UIUserSandboxes extends SelfRenderingComponent { // check the permissions on this store for the current user if (logger.isDebugEnabled()) - logger.debug("Checking user permissions for store: " + mainStore); - if (permissionService.hasPermission( - AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildSandboxRootPath(mainStore)), - PermissionService.READ) == AccessStatus.ALLOWED) + logger.debug("Checking user role to view store: " + mainStore); + if (currentUserName.equals(username) || + AVMConstants.ROLE_CONTENT_MANAGER.equals(currentUserRole) || + AVMConstants.ROLE_CONTENT_PUBLISHER.equals(currentUserRole)) { if (logger.isDebugEnabled()) logger.debug("Building sandbox view for user store: " + mainStore); @@ -365,7 +360,7 @@ public class UIUserSandboxes extends SelfRenderingComponent "#{AVMBrowseBean.setupAllItemsAction}", "dialog:revertAllItems")); out.write("  "); - if (isManager) + if (AVMConstants.ROLE_CONTENT_MANAGER.equals(currentUserRole)) { Utils.encodeRecursive(context, aquireAction( context, mainStore, username, ACT_REMOVE_SANDBOX, "/images/icons/delete_sandbox.gif", @@ -440,30 +435,27 @@ public class UIUserSandboxes extends SelfRenderingComponent } /** - * @return true if the current user is a Content Manager, false otherwise + * @return the role of this user in the current Web Project, or null for no assigned role */ - private static boolean isManagerRole(FacesContext context, NodeService nodeService, NodeRef websiteRef) + private static String getWebProjectUserRole(String currentUser, NodeService nodeService, NodeRef websiteRef) { - User user = Application.getCurrentUser(context); - boolean isManager = user.isAdmin(); - if (isManager == false) + String userrole = null; + + List userInfoRefs = nodeService.getChildAssocs( + websiteRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL); + for (ChildAssociationRef ref : userInfoRefs) { - String currentUser = user.getUserName(); - List userInfoRefs = nodeService.getChildAssocs( - websiteRef, WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL); - for (ChildAssociationRef ref : userInfoRefs) + NodeRef userInfoRef = ref.getChildRef(); + String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME); + String role = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE); + if (currentUser.equals(username)) { - NodeRef userInfoRef = ref.getChildRef(); - String username = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERNAME); - String userrole = (String)nodeService.getProperty(userInfoRef, WCMAppModel.PROP_WEBUSERROLE); - if (currentUser.equals(username) && ROLE_CONTENT_MANAGER.equals(userrole)) - { - isManager = true; - break; - } + userrole = role; + break; } } - return isManager; + + return userrole; } /** @@ -483,6 +475,7 @@ public class UIUserSandboxes extends SelfRenderingComponent { AVMSyncService avmSyncService = getAVMSyncService(fc); AVMService avmService = getAVMService(fc); + PermissionService permissionService = getPermissionService(fc); DateFormat df = Utils.getDateTimeFormat(fc); ResourceBundle bundle = Application.getBundle(fc); @@ -680,13 +673,18 @@ public class UIUserSandboxes extends SelfRenderingComponent out.write(""); out.write(bundle.getString(MSG_SELECTED)); out.write(":  "); - Utils.encodeRecursive(fc, aquireAction( - fc, userStore, username, ACT_SANDBOX_SUBMITSELECTED, "/images/icons/submit_all.gif", - "#{AVMBrowseBean.setupSandboxAction}", "dialog:submitSandboxItems")); - out.write("  "); - Utils.encodeRecursive(fc, aquireAction( - fc, userStore, username, ACT_SANDBOX_REVERTSELECTED, "/images/icons/revert_all.gif", - "#{AVMBrowseBean.setupSandboxAction}", "dialog:revertSelectedItems")); + if (permissionService.hasPermission( + AVMNodeConverter.ToNodeRef(-1, AVMConstants.buildSandboxRootPath(userStore)), + PermissionService.WRITE) == AccessStatus.ALLOWED) + { + Utils.encodeRecursive(fc, aquireAction( + fc, userStore, username, ACT_SANDBOX_SUBMITSELECTED, "/images/icons/submit_all.gif", + "#{AVMBrowseBean.setupSandboxAction}", "dialog:submitSandboxItems")); + out.write("  "); + Utils.encodeRecursive(fc, aquireAction( + fc, userStore, username, ACT_SANDBOX_REVERTSELECTED, "/images/icons/revert_all.gif", + "#{AVMBrowseBean.setupSandboxAction}", "dialog:revertSelectedItems")); + } out.write(""); // end table