inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM: Capabilities and entry checks are now enforced for action execution

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15451 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
2009-07-28 14:31:40 +00:00
parent 0d6a176f8d
commit f0226fe5d1
2 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
config/alfresco/public-services-security-context.xml
View File

@@ -345,7 +345,7 @@
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
<property name="objectDefinitionSource">
<value>
org.alfresco.service.cmr.repository.NodeService.getStores=AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.repository.NodeService.getStores=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.repository.NodeService.createStore=ACL_METHOD.ROLE_ADMINISTRATOR
org.alfresco.service.cmr.repository.NodeService.exists=ACL_ALLOW
org.alfresco.service.cmr.repository.NodeService.getNodeStatus=ACL_NODE.0.sys:base.ReadProperties
@@ -403,14 +403,14 @@
org.alfresco.service.cmr.model.FileFolderService.listFolders=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.model.FileFolderService.search=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
org.alfresco.service.cmr.model.FileFolderService.searchSimple=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
org.alfresco.service.cmr.model.FileFolderService.rename=AFTER_ACL_NODE.sys:base.WriteProperties
org.alfresco.service.cmr.model.FileFolderService.rename=ACL_ALLOW,AFTER_ACL_NODE.sys:base.WriteProperties
org.alfresco.service.cmr.model.FileFolderService.move=ACL_NODE.0.sys:base.DeleteNode,ACL_NODE.1.sys:base.CreateChildren
org.alfresco.service.cmr.model.FileFolderService.copy=ACL_NODE.0.sys:base.ReadProperties,ACL_NODE.1.sys:base.CreateChildren
org.alfresco.service.cmr.model.FileFolderService.create=ACL_NODE.0.sys:base.CreateChildren
org.alfresco.service.cmr.model.FileFolderService.delete=ACL_NODE.0.sys:base.DeleteNode
org.alfresco.service.cmr.model.FileFolderService.makeFolders=ACL_METHOD.ROLE_ADMINISTRATOR
org.alfresco.service.cmr.model.FileFolderService.getNamePath=ACL_NODE.1.sys:base.ReadProperties
org.alfresco.service.cmr.model.FileFolderService.resolveNamePath=AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.model.FileFolderService.resolveNamePath=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.model.FileFolderService.getFileInfo=ACL_NODE.0.sys:base.ReadProperties
org.alfresco.service.cmr.model.FileFolderService.getReader=ACL_NODE.0.sys:base.ReadContent
org.alfresco.service.cmr.model.FileFolderService.getWriter=ACL_NODE.0.sys:base.WriteContent
@@ -468,8 +468,8 @@
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
<property name="objectDefinitionSource">
<value>
org.alfresco.service.cmr.search.SearchService.query=AFTER_ACL_NODE.sys:base.Read
org.alfresco.service.cmr.search.SearchService.selectNodes=AFTER_ACL_NODE.sys:base.Read
org.alfresco.service.cmr.search.SearchService.query=ACL_ALLOW,AFTER_ACL_NODE.sys:base.Read
org.alfresco.service.cmr.search.SearchService.selectNodes=ACL_ALLOW,AFTER_ACL_NODE.sys:base.Read
org.alfresco.service.cmr.search.SearchService.selectProperties=ACL_NODE.0.sys:base.Read
org.alfresco.service.cmr.search.SearchService.contains=ACL_NODE.0.sys:base.Read
org.alfresco.service.cmr.search.SearchService.like=ACL_NODE.0.sys:base.Read
@@ -493,10 +493,10 @@
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
<property name="objectDefinitionSource">
<value>
org.alfresco.service.cmr.search.CategoryService.getChildren=AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.search.CategoryService.getCategories=AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.search.CategoryService.getClassifications=AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.search.CategoryService.getRootCategories=AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.search.CategoryService.getChildren=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.search.CategoryService.getCategories=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.search.CategoryService.getClassifications=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.search.CategoryService.getRootCategories=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.search.CategoryService.getClassificationAspects=ACL_ALLOW
org.alfresco.service.cmr.search.CategoryService.createClassifiction=ACL_ALLOW
org.alfresco.service.cmr.search.CategoryService.createRootCategory=ACL_ALLOW
@@ -799,7 +799,7 @@
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
<property name="objectDefinitionSource">
<value>
org.alfresco.service.cmr.security.PersonService.getPerson=AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.security.PersonService.getPerson=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties
org.alfresco.service.cmr.security.PersonService.personExists=ACL_ALLOW
org.alfresco.service.cmr.security.PersonService.createMissingPeople=ACL_ALLOW
org.alfresco.service.cmr.security.PersonService.setCreateMissingPeople=ACL_METHOD.ROLE_ADMINISTRATOR

2
source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryVoter.java
View File

@@ -256,7 +256,7 @@ public class ACLEntryVoter implements AccessDecisionVoter, InitializingBean
if (supportedDefinitions.size() == 0)
{
return AccessDecisionVoter.ACCESS_GRANTED;
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
MethodInvocation invocation = (MethodInvocation) object;