ACE-4924: Added a patch to ensure 'cm: extensions' and 'cm: module-deployments' folders within the surf-config folder exists, then adds the ALFRESCO_MODEL_ADMINISTRATORS Group to their Permission list.

- Also, added ALFRESCO_MODEL_ADMINISTRATORS to the permission list for surf-config folders (i.e. cm:extensions and cm: module-deployments) created on bootstrap of a new install. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@120912 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-10-08 14:51:49 +00:00 · 2016-01-15 06:27:33 +00:00
parent 2e50187a57
commit ef6c759375
5 changed files with 297 additions and 1 deletions
--- a/config/alfresco/bootstrap/sitesSpace.xml
+++ b/config/alfresco/bootstrap/sitesSpace.xml
@@ -22,6 +22,40 @@
               <view:aspects>
                  <sys:hidden/>
               </view:aspects>
+               <cm:contains>
+                  <cm:folder view:childName="cm:extensions">
+                     <view:acl>
+                        <view:ace view:access="ALLOWED">
+                           <view:authority>GROUP_ALFRESCO_MODEL_ADMINISTRATORS</view:authority>
+                           <view:permission>Collaborator</view:permission>
+                        </view:ace>
+                     </view:acl>
+                     <view:properties>
+                        <cm:description></cm:description>
+                        <cm:name>extensions</cm:name>
+                     </view:properties>
+                     <view:aspects>
+                        <sys:hidden/>
+                    </view:aspects>
+                  </cm:folder>
+               </cm:contains>
+               <cm:contains>
+                  <cm:folder view:childName="cm:module-deployments">
+                     <view:acl>
+                        <view:ace view:access="ALLOWED">
+                           <view:authority>GROUP_ALFRESCO_MODEL_ADMINISTRATORS</view:authority>
+                           <view:permission>Collaborator</view:permission>
+                        </view:ace>
+                     </view:acl>
+                     <view:properties>
+                        <cm:description></cm:description>
+                        <cm:name>module-deployments</cm:name>
+                     </view:properties>
+                     <view:aspects>
+                        <sys:hidden/>
+                    </view:aspects>
+                  </cm:folder>
+               </cm:contains>
            </cm:folder>
         </cm:contains>
      </view:associations>
--- a/config/alfresco/messages/patch-service.properties
+++ b/config/alfresco/messages/patch-service.properties
@@ -377,3 +377,9 @@ patch.db-V5.1-metadata-query-indexes.description=Add additional indexes to suppo
 patch.alfrescoModelAdministrators.description=Adds the 'GROUP_ALFRESCO_MODEL_ADMINISTRATORS' group

 patch.addInviteAddDirectEmailTemplates.description=Adds the email templates for the add-direct invite flow
+
+patch.addSurfConfigFolders.start=Adding surf-config children.
+patch.addSurfConfigFolders.missingSurfConfig=\n\cm:surf-config folder is not present in '/app:company_home/st:sites'.
+patch.addSurfConfigFolders.result=\n\Successfully added ''{0}'' folders and set the required permissions for ''{1}'' folders. 
+patch.addSurfConfigFolders.exist=\n\Skipped ''{0}'' folders as they already exist, but set the required permissions for ''{1}'' folders.
+patch.addSurfConfigFolders.description=Adds 'cm:extensions' and 'cm:module-deployments' folders into surf-config folder.
--- a/config/alfresco/patch/patch-services-context.xml
+++ b/config/alfresco/patch/patch-services-context.xml
@@ -1304,4 +1304,54 @@
            <value>classpath:alfresco/dbscripts/upgrade/5.1/${db.script.dialect}/activiti-upgrade-5-19-0.sql</value>
        </property>
    </bean>
+
+    <bean id="patch.addSurfConfigFolders" class="org.alfresco.repo.admin.patch.impl.AddSurfConfigFoldersPatch" parent="basePatch" >
+        <property name="id"><value>patch.addSurfConfigFolders</value></property>
+        <property name="description"><value>patch.addSurfConfigFolders.description</value></property>
+        <property name="fixesFromSchema"><value>0</value></property>
+        <property name="fixesToSchema"><value>9014</value></property>
+        <property name="targetSchema"><value>9015</value></property>
+        <property name="dependsOn" >
+            <list>
+               <ref bean="patch.alfrescoModelAdministrators" />
+            </list>
+        </property>
+        <property name="siteService" ref="siteService" />
+        <property name="permissionService" ref="PermissionService" />
+        <property name="authorityService" ref="AuthorityService" />
+        <property name="fileFolderService" ref="FileFolderService" />
+        <property name="hiddenAspect" ref="hiddenAspect" />
+        <property name="folderDetailsList" >
+          <list>
+            <bean class="org.alfresco.repo.admin.patch.impl.AddSurfConfigFoldersPatch$FolderDetails">
+                <property name="folderName">
+                    <value>extensions</value>
+                </property>
+                <property name="authority">
+                    <value>GROUP_ALFRESCO_MODEL_ADMINISTRATORS</value>
+                </property>
+                <property name="permission">
+                    <value>Collaborator</value>
+                </property>
+                <property name="applyPermissionIfFolderExist">
+                    <value>true</value>
+                </property>
+            </bean>
+            <bean class="org.alfresco.repo.admin.patch.impl.AddSurfConfigFoldersPatch$FolderDetails">
+                <property name="folderName">
+                    <value>module-deployments</value>
+                </property>
+                <property name="authority">
+                    <value>GROUP_ALFRESCO_MODEL_ADMINISTRATORS</value>
+                </property>
+                <property name="permission">
+                    <value>Collaborator</value>
+                </property>
+                <property name="applyPermissionIfFolderExist">
+                    <value>true</value>
+                </property>
+            </bean>
+          </list>
+        </property>
+    </bean>
 </beans>
--- a/config/alfresco/version.properties
+++ b/config/alfresco/version.properties
@@ -23,4 +23,4 @@ version.build=r@scm-revision@-b@build-number@

 # Schema number

-version.schema=9014
+version.schema=9015
--- a/source/java/org/alfresco/repo/admin/patch/impl/AddSurfConfigFoldersPatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/AddSurfConfigFoldersPatch.java
@@ -0,0 +1,206 @@
+/*
+ * Copyright (C) 2005-2016 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.alfresco.repo.admin.patch.impl;
+
+import org.alfresco.model.ContentModel;
+import org.alfresco.repo.admin.patch.AbstractPatch;
+import org.alfresco.repo.model.filefolder.HiddenAspect;
+import org.alfresco.service.cmr.admin.PatchException;
+import org.alfresco.service.cmr.model.FileFolderService;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AuthorityService;
+import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.service.cmr.site.SiteService;
+import org.springframework.extensions.surf.util.I18NUtil;
+
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+/**
+ * A patch to add folders into
+ * {@literal /app:company_home/st:sites/cm:surf-config} folder and optionally
+ * sets their permission.
+ * 
+ * @author Jamal Kaabi-Mofrad
+ */
+public class AddSurfConfigFoldersPatch extends AbstractPatch
+{
+
+    private static final String MSG_START = "patch.addSurfConfigFolders.start";
+    private static final String MSG_RESULT = "patch.addSurfConfigFolders.result";
+    private static final String MSG_EXIST = "patch.addSurfConfigFolders.exist";
+    private static final String MSG_MISSING_SURFCONFIG = "patch.addSurfConfigFolders.missingSurfConfig";
+
+    private SiteService siteService;
+    private FileFolderService fileFolderService;
+    private PermissionService permissionService;
+    private AuthorityService authorityService;
+    private HiddenAspect hiddenAspect;
+
+    private List<FolderDetails> folderDetailsList;
+
+    public void setSiteService(SiteService siteService)
+    {
+        this.siteService = siteService;
+    }
+
+    public void setFileFolderService(FileFolderService fileFolderService)
+    {
+        this.fileFolderService = fileFolderService;
+    }
+
+    public void setPermissionService(PermissionService permissionService)
+    {
+        this.permissionService = permissionService;
+    }
+
+    public void setAuthorityService(AuthorityService authorityService)
+    {
+        this.authorityService = authorityService;
+    }
+
+    public void setHiddenAspect(HiddenAspect hiddenAspect)
+    {
+        this.hiddenAspect = hiddenAspect;
+    }
+
+    public void setFolderDetailsList(List<FolderDetails> folderDetailsList)
+    {
+        this.folderDetailsList = folderDetailsList;
+    }
+
+    @Override
+    protected String applyInternal() throws Exception
+    {
+        StringBuilder result = new StringBuilder(I18NUtil.getMessage(MSG_START));
+
+        // /app:company_home/st:sites/
+        NodeRef siteRoot = siteService.getSiteRoot();
+        NodeRef surfConfigNodeRef = nodeService.getChildByName(siteRoot, ContentModel.ASSOC_CONTAINS, "surf-config");
+        if (surfConfigNodeRef == null)
+        {
+            result.append(I18NUtil.getMessage(MSG_MISSING_SURFCONFIG));
+            return result.toString();
+        }
+
+        Map<String, Boolean> createdFolders = new LinkedHashMap<>();
+        Map<String, Boolean> skippedFolders = new LinkedHashMap<>();
+        for (FolderDetails fd : folderDetailsList)
+        {
+            boolean appliedPermission = false;
+            NodeRef childFolder = nodeService.getChildByName(surfConfigNodeRef, ContentModel.ASSOC_CONTAINS, fd.folderName);
+            if (childFolder == null)
+            {
+                childFolder = fileFolderService.create(surfConfigNodeRef, fd.folderName, ContentModel.TYPE_FOLDER).getNodeRef();
+                // apply index control aspect as part of the hidden aspect
+                hiddenAspect.hideNode(childFolder, false, false, false);
+
+                appliedPermission = setPermission(childFolder, fd);
+                createdFolders.put(fd.folderName, appliedPermission);
+            }
+            else
+            {
+                if (fd.applyPermissionIfFolderExist)
+                {
+                    appliedPermission = setPermission(childFolder, fd);
+                }
+                skippedFolders.put(fd.folderName, appliedPermission);
+            }
+        }
+        if (createdFolders.size() > 0)
+        {
+            result.append(I18NUtil.getMessage(MSG_RESULT, toString(createdFolders, false), toString(createdFolders, true)));
+        }
+        if (skippedFolders.size() > 0)
+        {
+            result.append(I18NUtil.getMessage(MSG_EXIST, toString(skippedFolders, false), toString(skippedFolders, true)));
+        }
+        return result.toString();
+    }
+
+    private boolean setPermission(NodeRef nodeRef, FolderDetails details)
+    {
+        if (details.authority != null && details.permission != null)
+        {
+            if (authorityService.getAuthorityNodeRef(details.authority) == null)
+            {
+                throw new PatchException("The [" + details.authority + "] is not a valid authority name");
+            }
+            permissionService.setPermission(nodeRef, details.authority, details.permission, true);
+
+            return true;
+        }
+        return false;
+    }
+
+    private String toString(Map<String, Boolean> map, boolean onlyAppliedPermission)
+    {
+        StringBuilder sb = new StringBuilder(map.size() * 2);
+        for (Entry<String, Boolean> entry : map.entrySet())
+        {
+            if (onlyAppliedPermission)
+            {
+                if (entry.getValue())
+                {
+                    sb.append(entry.getKey()).append(", ");
+                }
+            }
+            else
+            {
+                sb.append(entry.getKey()).append(", ");
+            }
+        }
+        return sb.substring(0, sb.length() - 2);
+    }
+
+    /**
+     * @author Jamal Kaabi-Mofrad
+     */
+    public static class FolderDetails
+    {
+        private String folderName;
+        private String authority;
+        private String permission;
+        // Whether to set the given permission even though the folder does exist
+        private boolean applyPermissionIfFolderExist;
+
+        public void setFolderName(String folderName)
+        {
+            this.folderName = folderName;
+        }
+
+        public void setAuthority(String authority)
+        {
+            this.authority = authority;
+        }
+
+        public void setPermission(String permission)
+        {
+            this.permission = permission;
+        }
+
+        public void setApplyPermissionIfFolderExist(boolean applyPermissionIfFolderExist)
+        {
+            this.applyPermissionIfFolderExist = applyPermissionIfFolderExist;
+        }
+    }
+}