Merged DEV/SWIFT to HEAD

27125: Subtasks of ALF-7072: RSOLR 013: Remote API to get ACLs and readers
          - ALF-8334: RSOLR 013: Modify ACL schema to record change times
          - ALF-8336: RSOLR 013: DB upgrade scripts for ACL changes
          - TODO: Query APIs
   27128: Added TooManyResultsException as a concurrency detection trigger
          - Usually too many results indicates that the DB table key is not as specific as it should be,
            but it's AVM that showed this up.
   27132: Clean up: javadocs; non-javadocs; uncommented fields; @since tags; etc.
   27134: Removed empty directory
   27135: Fix for ALF-8333: CMIS query: JOIN on an aspect results in CmisInvalidArgumentException
          - incorrect scope used when building orderings
   27139: Fixed SORL transaction tracking queries
          - Queries were using incompatible boolean comparisons
          - Added SOLRDAO to test suite
          - Cleaned up code and reformatted code
   27141: Minor additions to CannedQuery interface
          - get parameter bean
          - construct sort details from a list
          - ALF-7167: Canned queries
   27146: RINF 09 / RINF 10: DB-based paged query for get children (DocLib & CMIS) 
          - milestone check-in for sprint demo & review (WIP)
          - added new FileFolderService (paged) list query (public API is subject to change)
          - moved temp JavaScript sorting to Java
          - example usage by DocLib (via ScriptNode) and CMIS (via AlfrescoCmisService)
          - implemented as demo "canned query" including embedded use of "list" permission interceptor
          - ALF-7402 / ALF-7168
   27150: RINF 09 / RINF 10: DB-based paged query for get children (DocLib & CMIS) 
          - missed file (follow-on to r27146)
   27158: ALF-7070, ALF-7072: SOLR tracking (node and changeset)
          - Pulled non-DAO code into SOLRTrackingComponent
          - DAO code and related tests just test basic CRUD
          - SOLRTrackingComponent does complex cross-schema manipulation
   27159: Fixed line ending and removed svn:eol-style
   27160: ALF-8334: RSOLR 013: Fixed SQL Server syntax
   27165: RINF 09 / RINF 10: DB-based paged query for get children (DocLib & CMIS) 
          - fix listDeepFolders (causing Imap*Test to fail) 
          - all private methods now order files followed by folders
		    (consistent with existing public APIs such as FileFolderService.search & ScriptNode.childFileFolders*)
          - follow-on to r27146
   28271: Consolidate diagnostic logging for max perm checks (ALF-8388 + ALF-8419)
          - note: this should be a trivial merge to HEAD

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@28292 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java

@@ -1,6 +1,5 @@
 /*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
- *
+ * Copyright (C) 2005-2011 Alfresco Software Limited.
  * This file is part of Alfresco
  *
  * Alfresco is free software: you can redistribute it and/or modify
@@ -42,6 +41,7 @@ import org.alfresco.repo.search.impl.querymodel.QueryEngineResults;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
 import org.alfresco.service.cmr.model.FileInfo;
+import org.alfresco.service.cmr.model.PagingFileInfoResults;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
@@ -269,6 +269,14 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
             {
                 return decide(authentication, object, config, (FileInfo) returnedObject);
             }
+            else if (PagingFileInfoResults.class.isAssignableFrom(returnedObject.getClass()))
+            {
+                if (log.isDebugEnabled())
+                {
+                    log.debug("Controlled object (paged permissions already applied) - access allowed for " + object.getClass().getName());
+                }
+                return returnedObject;
+            }
             else if (Pair.class.isAssignableFrom(returnedObject.getClass()))
             {
                 return decide(authentication, object, config, (Pair) returnedObject);
@@ -617,13 +625,21 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
            for (int i = 0; i < returnedObject.length(); i++)
            {
                long currentTimeMillis = System.currentTimeMillis();
-               if (i >= maxChecks || (currentTimeMillis - startTimeMillis) > maxCheckTime)
+               if (i >= maxChecks)
                {
+                   log.warn("maxChecks exceeded (" + maxChecks + ")", new Exception("Back Trace"));
                    filteringResultSet.setResultSetMetaData(new SimpleResultSetMetaData(LimitBy.NUMBER_OF_PERMISSION_EVALUATIONS, PermissionEvaluationMode.EAGER, returnedObject
                            .getResultSetMetaData().getSearchParameters()));
                    break;
                }
-   
+               else if ((currentTimeMillis - startTimeMillis) > maxCheckTime)
+               {
+                   log.warn("maxCheckTime exceeded (" + (currentTimeMillis - startTimeMillis) + " milliseconds)", new Exception("Back Trace"));
+                   filteringResultSet.setResultSetMetaData(new SimpleResultSetMetaData(LimitBy.NUMBER_OF_PERMISSION_EVALUATIONS, PermissionEvaluationMode.EAGER, returnedObject
+                           .getResultSetMetaData().getSearchParameters()));
+                   break;
+               }
+               
                // All permission checks must pass
                filteringResultSet.setIncluded(i, true);