From f0226fe5d1b958e093dd1c1653b7d2a9ffb692a9 Mon Sep 17 00:00:00 2001 From: Andrew Hind Date: Tue, 28 Jul 2009 14:31:40 +0000 Subject: [PATCH] RM: Capabilities and entry checks are now enforced for action execution git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15451 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../public-services-security-context.xml | 20 +++++++++---------- .../permissions/impl/acegi/ACLEntryVoter.java | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/config/alfresco/public-services-security-context.xml b/config/alfresco/public-services-security-context.xml index 4852a1b561..7f9a1b8b9d 100644 --- a/config/alfresco/public-services-security-context.xml +++ b/config/alfresco/public-services-security-context.xml @@ -345,7 +345,7 @@ - org.alfresco.service.cmr.repository.NodeService.getStores=AFTER_ACL_NODE.sys:base.ReadProperties + org.alfresco.service.cmr.repository.NodeService.getStores=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.createStore=ACL_METHOD.ROLE_ADMINISTRATOR org.alfresco.service.cmr.repository.NodeService.exists=ACL_ALLOW org.alfresco.service.cmr.repository.NodeService.getNodeStatus=ACL_NODE.0.sys:base.ReadProperties @@ -403,14 +403,14 @@ org.alfresco.service.cmr.model.FileFolderService.listFolders=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.ReadProperties org.alfresco.service.cmr.model.FileFolderService.search=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read org.alfresco.service.cmr.model.FileFolderService.searchSimple=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read - org.alfresco.service.cmr.model.FileFolderService.rename=AFTER_ACL_NODE.sys:base.WriteProperties + org.alfresco.service.cmr.model.FileFolderService.rename=ACL_ALLOW,AFTER_ACL_NODE.sys:base.WriteProperties org.alfresco.service.cmr.model.FileFolderService.move=ACL_NODE.0.sys:base.DeleteNode,ACL_NODE.1.sys:base.CreateChildren org.alfresco.service.cmr.model.FileFolderService.copy=ACL_NODE.0.sys:base.ReadProperties,ACL_NODE.1.sys:base.CreateChildren org.alfresco.service.cmr.model.FileFolderService.create=ACL_NODE.0.sys:base.CreateChildren org.alfresco.service.cmr.model.FileFolderService.delete=ACL_NODE.0.sys:base.DeleteNode org.alfresco.service.cmr.model.FileFolderService.makeFolders=ACL_METHOD.ROLE_ADMINISTRATOR org.alfresco.service.cmr.model.FileFolderService.getNamePath=ACL_NODE.1.sys:base.ReadProperties - org.alfresco.service.cmr.model.FileFolderService.resolveNamePath=AFTER_ACL_NODE.sys:base.ReadProperties + org.alfresco.service.cmr.model.FileFolderService.resolveNamePath=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties org.alfresco.service.cmr.model.FileFolderService.getFileInfo=ACL_NODE.0.sys:base.ReadProperties org.alfresco.service.cmr.model.FileFolderService.getReader=ACL_NODE.0.sys:base.ReadContent org.alfresco.service.cmr.model.FileFolderService.getWriter=ACL_NODE.0.sys:base.WriteContent @@ -468,8 +468,8 @@ - org.alfresco.service.cmr.search.SearchService.query=AFTER_ACL_NODE.sys:base.Read - org.alfresco.service.cmr.search.SearchService.selectNodes=AFTER_ACL_NODE.sys:base.Read + org.alfresco.service.cmr.search.SearchService.query=ACL_ALLOW,AFTER_ACL_NODE.sys:base.Read + org.alfresco.service.cmr.search.SearchService.selectNodes=ACL_ALLOW,AFTER_ACL_NODE.sys:base.Read org.alfresco.service.cmr.search.SearchService.selectProperties=ACL_NODE.0.sys:base.Read org.alfresco.service.cmr.search.SearchService.contains=ACL_NODE.0.sys:base.Read org.alfresco.service.cmr.search.SearchService.like=ACL_NODE.0.sys:base.Read @@ -493,10 +493,10 @@ - org.alfresco.service.cmr.search.CategoryService.getChildren=AFTER_ACL_NODE.sys:base.ReadProperties - org.alfresco.service.cmr.search.CategoryService.getCategories=AFTER_ACL_NODE.sys:base.ReadProperties - org.alfresco.service.cmr.search.CategoryService.getClassifications=AFTER_ACL_NODE.sys:base.ReadProperties - org.alfresco.service.cmr.search.CategoryService.getRootCategories=AFTER_ACL_NODE.sys:base.ReadProperties + org.alfresco.service.cmr.search.CategoryService.getChildren=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties + org.alfresco.service.cmr.search.CategoryService.getCategories=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties + org.alfresco.service.cmr.search.CategoryService.getClassifications=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties + org.alfresco.service.cmr.search.CategoryService.getRootCategories=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties org.alfresco.service.cmr.search.CategoryService.getClassificationAspects=ACL_ALLOW org.alfresco.service.cmr.search.CategoryService.createClassifiction=ACL_ALLOW org.alfresco.service.cmr.search.CategoryService.createRootCategory=ACL_ALLOW @@ -799,7 +799,7 @@ - org.alfresco.service.cmr.security.PersonService.getPerson=AFTER_ACL_NODE.sys:base.ReadProperties + org.alfresco.service.cmr.security.PersonService.getPerson=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties org.alfresco.service.cmr.security.PersonService.personExists=ACL_ALLOW org.alfresco.service.cmr.security.PersonService.createMissingPeople=ACL_ALLOW org.alfresco.service.cmr.security.PersonService.setCreateMissingPeople=ACL_METHOD.ROLE_ADMINISTRATOR diff --git a/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java b/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java index 9698d472ad..a7b356a548 100644 --- a/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java +++ b/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java @@ -256,7 +256,7 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean if (supportedDefinitions.size() == 0) { - return AccessDecisionVoter.ACCESS_GRANTED; + return AccessDecisionVoter.ACCESS_ABSTAIN; } MethodInvocation invocation = (MethodInvocation) object;