Permission checks for Pair<Long, NodeRef> and nascent NodeService search API (not implemented).

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@23185 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/node/AbstractNodeServiceImpl.java

@@ -812,4 +812,10 @@ public abstract class AbstractNodeServiceImpl implements NodeService
         }
         return properties;
     }
+
+    @Override
+    public List<NodeRef> findNodes(FindNodeParameters params)
+    {
+        throw new UnsupportedOperationException();
+    }
 }

source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java

@@ -54,6 +54,7 @@ import org.alfresco.service.cmr.security.AuthenticationService;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.NamespacePrefixResolver;
 import org.alfresco.service.namespace.QName;
+import org.alfresco.util.Pair;
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -222,6 +223,7 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
         }
     }
 
+    @SuppressWarnings("rawtypes")
     public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject) throws AccessDeniedException
     {
         if (log.isDebugEnabled())
@@ -267,6 +269,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
             {
                 return decide(authentication, object, config, (FileInfo) returnedObject);
             }
+            else if (Pair.class.isAssignableFrom(returnedObject.getClass()))
+            {
+                return decide(authentication, object, config, (Pair) returnedObject);
+            }
             else if (ChildAssociationRef.class.isAssignableFrom(returnedObject.getClass()))
             {
                 if (log.isDebugEnabled())
@@ -418,7 +424,6 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
     }
 
     private FileInfo decide(Authentication authentication, Object object, ConfigAttributeDefinition config, FileInfo returnedObject) throws AccessDeniedException
-
     {
         // Filter check done later
         NodeRef nodeRef = returnedObject.getNodeRef();
@@ -428,6 +433,15 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
         return returnedObject;
     }
 
+    @SuppressWarnings("rawtypes")
+    private Pair decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Pair returnedObject) throws AccessDeniedException
+    {
+        NodeRef nodeRef = (NodeRef) returnedObject.getSecond();
+        decide(authentication, object, config, nodeRef);
+        // the noderef was allowed
+        return returnedObject;
+    }
+
     private List<ConfigAttributeDefintion> extractSupportedDefinitions(ConfigAttributeDefinition config)
     {
         List<ConfigAttributeDefintion> definitions = new ArrayList<ConfigAttributeDefintion>();
@@ -845,9 +859,15 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
                     {
                         testNodeRef = ((FileInfo) nextObject).getNodeRef();
                     }
+                    else if (Pair.class.isAssignableFrom(nextObject.getClass()))
+                    {
+                        testNodeRef = (NodeRef) ((Pair)nextObject).getSecond();
+                    }
                     else
                     {
-                        throw new ACLEntryVoterException("The specified parameter is not a collection of NodeRefs, ChildAssociationRefs or FileInfos");
+                        throw new ACLEntryVoterException(
+                                "The specified parameter is not a collection of " +
+                                "NodeRefs, ChildAssociationRefs, FileInfos or Pair<Long, NodeRef>");
                     }
                 }
                 else if (cad.typeString.equals(AFTER_ACL_PARENT))
@@ -869,9 +889,15 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
                     {
                         testNodeRef = ((FileInfo) nextObject).getNodeRef();
                     }
+                    else if (Pair.class.isAssignableFrom(nextObject.getClass()))
+                    {
+                        testNodeRef = (NodeRef) ((Pair)nextObject).getSecond();
+                    }
                     else
                     {
-                        throw new ACLEntryVoterException("The specified parameter is not a collection of NodeRefs or ChildAssociationRefs");
+                        throw new ACLEntryVoterException(
+                                "The specified parameter is not a collection of " +
+                                "NodeRefs, FileInfos, ChildAssociationRefs or Pair<Long, NodeRef>");
                     }
                 }
 
@@ -903,6 +929,7 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
         return returnedObject;
     }
 
+    @SuppressWarnings("rawtypes")
     private Object[] decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object[] returnedObject) throws AccessDeniedException
 
     {
@@ -945,12 +972,15 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
                     {
                         testNodeRef = ((FileInfo) current).getNodeRef();
                     }
+                    else if (Pair.class.isAssignableFrom(current.getClass()))
+                    {
+                        testNodeRef = (NodeRef) ((Pair)current).getSecond();
+                    }
                     else
                     {
                         throw new ACLEntryVoterException("The specified array is not of NodeRef or ChildAssociationRef");
                     }
                 }
-
                 else if (cad.typeString.equals(AFTER_ACL_PARENT))
                 {
                     if (StoreRef.class.isAssignableFrom(current.getClass()))
@@ -969,6 +999,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
                     {
                         testNodeRef = ((FileInfo) current).getNodeRef();
                     }
+                    else if (Pair.class.isAssignableFrom(current.getClass()))
+                    {
+                        testNodeRef = (NodeRef) ((Pair)current).getSecond();
+                    }
                     else
                     {
                         throw new ACLEntryVoterException("The specified array is not of NodeRef or ChildAssociationRef");

source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationTest.java

@@ -41,6 +41,7 @@ import org.alfresco.service.cmr.search.ResultSet;
 import org.alfresco.service.cmr.security.AccessStatus;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.QName;
+import org.alfresco.util.Pair;
 import org.aopalliance.intercept.MethodInterceptor;
 import org.aopalliance.intercept.MethodInvocation;
 import org.springframework.aop.framework.ProxyFactory;
@@ -183,6 +184,27 @@ public class ACLEntryAfterInvocationTest extends AbstractPermissionTest
 
     }
     
+    public void testBasicAllowNodePair() throws Exception
+    {
+        runAs("andy");
+
+        Object o = new ClassWithMethods();
+        Method method = o.getClass().getMethod("echoNodePair", new Class[] { NodeRef.class });
+
+        AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
+
+        ProxyFactory proxyFactory = new ProxyFactory();
+        proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("AFTER_ACL_NODE.sys:base.Read")));
+        proxyFactory.setTargetSource(new SingletonTargetSource(o));
+        Object proxy = proxyFactory.getProxy();
+
+        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
+
+        Pair<Long, NodeRef> rootNodePair = new Pair<Long, NodeRef>(Long.valueOf(1), rootNodeRef);
+        Object answer = method.invoke(proxy, new Object[] { rootNodeRef });
+        assertEquals(rootNodePair, answer);
+    }
+    
     public void testBasicAllowStore() throws Exception
     {
         runAs("andy");
@@ -828,6 +850,11 @@ public class ACLEntryAfterInvocationTest extends AbstractPermissionTest
             return nodeRef;
         }
 
+        public Pair<Long, NodeRef> echoNodePair(NodeRef nodeRef)
+        {
+            return new Pair<Long, NodeRef>(Long.valueOf(1), nodeRef);
+        }
+
         public ChildAssociationRef echoChildAssocRef(ChildAssociationRef car)
         {
             return car;

source/java/org/alfresco/repo/version/NodeServiceImpl.java

@@ -42,16 +42,15 @@ import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.InvalidChildAssociationRefException;
 import org.alfresco.service.cmr.repository.InvalidNodeRefException;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.NodeRef.Status;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.Path;
 import org.alfresco.service.cmr.repository.StoreRef;
-import org.alfresco.service.cmr.repository.NodeRef.Status;
 import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
 import org.alfresco.service.cmr.search.SearchService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.service.namespace.QNamePattern;
 import org.alfresco.service.namespace.RegexQNamePattern;
-import org.alfresco.util.Pair;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -285,6 +284,7 @@ public class NodeServiceImpl implements NodeService, VersionModel
     /**
      * Type translation for version store
      */
+    @SuppressWarnings("deprecation")
     public QName getType(NodeRef nodeRef) throws InvalidNodeRefException
     {
         return (QName)this.dbNodeService.getProperty(VersionUtil.convertNodeRef(nodeRef), PROP_QNAME_FROZEN_NODE_TYPE);
@@ -328,7 +328,7 @@ public class NodeServiceImpl implements NodeService, VersionModel
     /**
      * Translation for version store
      */
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({ "unchecked", "deprecation" })
     public Set<QName> getAspects(NodeRef nodeRef) throws InvalidNodeRefException
     {
         return new HashSet<QName>(
@@ -709,4 +709,11 @@ public class NodeServiceImpl implements NodeService, VersionModel
         // This operation is not supported for a version store
         throw new UnsupportedOperationException(MSG_UNSUPPORTED);
     }
+
+    @Override
+    public List<NodeRef> findNodes(FindNodeParameters params)
+    {
+        // This operation is not supported for a version store
+        throw new UnsupportedOperationException(MSG_UNSUPPORTED);
+    }
 }