mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
RM: Capabilities and entry checks are now enforced for action execution
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15451 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
@@ -345,7 +345,7 @@
|
|||||||
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
|
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
|
||||||
<property name="objectDefinitionSource">
|
<property name="objectDefinitionSource">
|
||||||
<value>
|
<value>
|
||||||
org.alfresco.service.cmr.repository.NodeService.getStores=AFTER_ACL_NODE.sys:base.ReadProperties
|
org.alfresco.service.cmr.repository.NodeService.getStores=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
|
||||||
org.alfresco.service.cmr.repository.NodeService.createStore=ACL_METHOD.ROLE_ADMINISTRATOR
|
org.alfresco.service.cmr.repository.NodeService.createStore=ACL_METHOD.ROLE_ADMINISTRATOR
|
||||||
org.alfresco.service.cmr.repository.NodeService.exists=ACL_ALLOW
|
org.alfresco.service.cmr.repository.NodeService.exists=ACL_ALLOW
|
||||||
org.alfresco.service.cmr.repository.NodeService.getNodeStatus=ACL_NODE.0.sys:base.ReadProperties
|
org.alfresco.service.cmr.repository.NodeService.getNodeStatus=ACL_NODE.0.sys:base.ReadProperties
|
||||||
@@ -403,14 +403,14 @@
|
|||||||
org.alfresco.service.cmr.model.FileFolderService.listFolders=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.ReadProperties
|
org.alfresco.service.cmr.model.FileFolderService.listFolders=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.ReadProperties
|
||||||
org.alfresco.service.cmr.model.FileFolderService.search=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
|
org.alfresco.service.cmr.model.FileFolderService.search=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
|
||||||
org.alfresco.service.cmr.model.FileFolderService.searchSimple=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
|
org.alfresco.service.cmr.model.FileFolderService.searchSimple=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
|
||||||
org.alfresco.service.cmr.model.FileFolderService.rename=AFTER_ACL_NODE.sys:base.WriteProperties
|
org.alfresco.service.cmr.model.FileFolderService.rename=ACL_ALLOW,AFTER_ACL_NODE.sys:base.WriteProperties
|
||||||
org.alfresco.service.cmr.model.FileFolderService.move=ACL_NODE.0.sys:base.DeleteNode,ACL_NODE.1.sys:base.CreateChildren
|
org.alfresco.service.cmr.model.FileFolderService.move=ACL_NODE.0.sys:base.DeleteNode,ACL_NODE.1.sys:base.CreateChildren
|
||||||
org.alfresco.service.cmr.model.FileFolderService.copy=ACL_NODE.0.sys:base.ReadProperties,ACL_NODE.1.sys:base.CreateChildren
|
org.alfresco.service.cmr.model.FileFolderService.copy=ACL_NODE.0.sys:base.ReadProperties,ACL_NODE.1.sys:base.CreateChildren
|
||||||
org.alfresco.service.cmr.model.FileFolderService.create=ACL_NODE.0.sys:base.CreateChildren
|
org.alfresco.service.cmr.model.FileFolderService.create=ACL_NODE.0.sys:base.CreateChildren
|
||||||
org.alfresco.service.cmr.model.FileFolderService.delete=ACL_NODE.0.sys:base.DeleteNode
|
org.alfresco.service.cmr.model.FileFolderService.delete=ACL_NODE.0.sys:base.DeleteNode
|
||||||
org.alfresco.service.cmr.model.FileFolderService.makeFolders=ACL_METHOD.ROLE_ADMINISTRATOR
|
org.alfresco.service.cmr.model.FileFolderService.makeFolders=ACL_METHOD.ROLE_ADMINISTRATOR
|
||||||
org.alfresco.service.cmr.model.FileFolderService.getNamePath=ACL_NODE.1.sys:base.ReadProperties
|
org.alfresco.service.cmr.model.FileFolderService.getNamePath=ACL_NODE.1.sys:base.ReadProperties
|
||||||
org.alfresco.service.cmr.model.FileFolderService.resolveNamePath=AFTER_ACL_NODE.sys:base.ReadProperties
|
org.alfresco.service.cmr.model.FileFolderService.resolveNamePath=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
|
||||||
org.alfresco.service.cmr.model.FileFolderService.getFileInfo=ACL_NODE.0.sys:base.ReadProperties
|
org.alfresco.service.cmr.model.FileFolderService.getFileInfo=ACL_NODE.0.sys:base.ReadProperties
|
||||||
org.alfresco.service.cmr.model.FileFolderService.getReader=ACL_NODE.0.sys:base.ReadContent
|
org.alfresco.service.cmr.model.FileFolderService.getReader=ACL_NODE.0.sys:base.ReadContent
|
||||||
org.alfresco.service.cmr.model.FileFolderService.getWriter=ACL_NODE.0.sys:base.WriteContent
|
org.alfresco.service.cmr.model.FileFolderService.getWriter=ACL_NODE.0.sys:base.WriteContent
|
||||||
@@ -468,8 +468,8 @@
|
|||||||
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
|
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
|
||||||
<property name="objectDefinitionSource">
|
<property name="objectDefinitionSource">
|
||||||
<value>
|
<value>
|
||||||
org.alfresco.service.cmr.search.SearchService.query=AFTER_ACL_NODE.sys:base.Read
|
org.alfresco.service.cmr.search.SearchService.query=ACL_ALLOW,AFTER_ACL_NODE.sys:base.Read
|
||||||
org.alfresco.service.cmr.search.SearchService.selectNodes=AFTER_ACL_NODE.sys:base.Read
|
org.alfresco.service.cmr.search.SearchService.selectNodes=ACL_ALLOW,AFTER_ACL_NODE.sys:base.Read
|
||||||
org.alfresco.service.cmr.search.SearchService.selectProperties=ACL_NODE.0.sys:base.Read
|
org.alfresco.service.cmr.search.SearchService.selectProperties=ACL_NODE.0.sys:base.Read
|
||||||
org.alfresco.service.cmr.search.SearchService.contains=ACL_NODE.0.sys:base.Read
|
org.alfresco.service.cmr.search.SearchService.contains=ACL_NODE.0.sys:base.Read
|
||||||
org.alfresco.service.cmr.search.SearchService.like=ACL_NODE.0.sys:base.Read
|
org.alfresco.service.cmr.search.SearchService.like=ACL_NODE.0.sys:base.Read
|
||||||
@@ -493,10 +493,10 @@
|
|||||||
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
|
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
|
||||||
<property name="objectDefinitionSource">
|
<property name="objectDefinitionSource">
|
||||||
<value>
|
<value>
|
||||||
org.alfresco.service.cmr.search.CategoryService.getChildren=AFTER_ACL_NODE.sys:base.ReadProperties
|
org.alfresco.service.cmr.search.CategoryService.getChildren=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
|
||||||
org.alfresco.service.cmr.search.CategoryService.getCategories=AFTER_ACL_NODE.sys:base.ReadProperties
|
org.alfresco.service.cmr.search.CategoryService.getCategories=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
|
||||||
org.alfresco.service.cmr.search.CategoryService.getClassifications=AFTER_ACL_NODE.sys:base.ReadProperties
|
org.alfresco.service.cmr.search.CategoryService.getClassifications=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
|
||||||
org.alfresco.service.cmr.search.CategoryService.getRootCategories=AFTER_ACL_NODE.sys:base.ReadProperties
|
org.alfresco.service.cmr.search.CategoryService.getRootCategories=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
|
||||||
org.alfresco.service.cmr.search.CategoryService.getClassificationAspects=ACL_ALLOW
|
org.alfresco.service.cmr.search.CategoryService.getClassificationAspects=ACL_ALLOW
|
||||||
org.alfresco.service.cmr.search.CategoryService.createClassifiction=ACL_ALLOW
|
org.alfresco.service.cmr.search.CategoryService.createClassifiction=ACL_ALLOW
|
||||||
org.alfresco.service.cmr.search.CategoryService.createRootCategory=ACL_ALLOW
|
org.alfresco.service.cmr.search.CategoryService.createRootCategory=ACL_ALLOW
|
||||||
@@ -799,7 +799,7 @@
|
|||||||
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
|
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
|
||||||
<property name="objectDefinitionSource">
|
<property name="objectDefinitionSource">
|
||||||
<value>
|
<value>
|
||||||
org.alfresco.service.cmr.security.PersonService.getPerson=AFTER_ACL_NODE.sys:base.ReadProperties
|
org.alfresco.service.cmr.security.PersonService.getPerson=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
|
||||||
org.alfresco.service.cmr.security.PersonService.personExists=ACL_ALLOW
|
org.alfresco.service.cmr.security.PersonService.personExists=ACL_ALLOW
|
||||||
org.alfresco.service.cmr.security.PersonService.createMissingPeople=ACL_ALLOW
|
org.alfresco.service.cmr.security.PersonService.createMissingPeople=ACL_ALLOW
|
||||||
org.alfresco.service.cmr.security.PersonService.setCreateMissingPeople=ACL_METHOD.ROLE_ADMINISTRATOR
|
org.alfresco.service.cmr.security.PersonService.setCreateMissingPeople=ACL_METHOD.ROLE_ADMINISTRATOR
|
||||||
|
|||||||
@@ -256,7 +256,7 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
|
|||||||
|
|
||||||
if (supportedDefinitions.size() == 0)
|
if (supportedDefinitions.size() == 0)
|
||||||
{
|
{
|
||||||
return AccessDecisionVoter.ACCESS_GRANTED;
|
return AccessDecisionVoter.ACCESS_ABSTAIN;
|
||||||
}
|
}
|
||||||
|
|
||||||
MethodInvocation invocation = (MethodInvocation) object;
|
MethodInvocation invocation = (MethodInvocation) object;
|
||||||
|
|||||||
Reference in New Issue
Block a user