Merged V3.1 to HEAD

12999: Fixed read-only bootstrap of SiteAVMBootstrap and removed incorrect use of 'assert' 13000: Added log4j to Eclipse classpath (unexported) 13001: Merged V2.1-A to V3.1 9127: Performance improvement to folder copy 9151: *RECORD-ONLY* Fix index back up failing with missing files 13002: Merged V2.1-A to V3.1 9174: Further fixes for ACT-2588 (Lucene backup read-write locks) 9279: Fix ADB-84. PHP module is not restricted by the upper version 10191: Fix for ADB-77: Need to have as the sender's email address the email address of the user triggering the rule 13006: Merged V2.1-A to V3.1 10893: Fixes for ADB-78 & ADB-98 - Fixed service getter/setter pattern as well 10903: Fix for ADB-115 ACT-4355 13010: Made AVMLockingBootstrap resilient to read-only mode 13011: Better message for InvalidStoreRefException 13013: Merged V2.1-A to V3.1 9189: Composite Conditions Support Part 1 of 2 (repo) 9190: Composite Conditions Support Part 1a of 2 ( missed file from repo) 13015: Port of Adobe CIFS/FTP configuration changes 13017: Convert avoids folders given by '--svn-status' option 13018: Merge V2.1A to V3.1 7746: (record-only) Added ability to specify a custom CIFS authenticator class 8533: (record-only) Added the <disableNativeCode/> configuration tag, disable use of JNI code on Windows 8700: (record-only) Update to prevent any native calls via configuration code 8705: (record-only) Filer out the '0.0.0.0' bind address 8864: (record-only) Added the getBean() method for custom authenticators to get access to beans 9054: (record-only) Added the 'AIX' platform type for use in the platforms="..." attribute 8863: (record-only) Fix passthru socket connection timeout, added 'protocolOrder' and 'offlineCheckInterval' config values 12144: (record-only) CIFS virtual circuit fixes 13020: Merged V2.1-A to V3.1 (Composite Actions) 9191: Composite Conditions Support Part 2 of 2 (client) 9243: Composite Conditions Support Part 1 of 2 (client) 9245: Composite Conditions Support Part 2 of 2 (repo) 13021: Merged V3.0 to V3.1 13008: Merged V2.2 to V3.0 12824: (record only) Change admin access to the web project staging store to be read-only in the virtualization view - ETWOTWO-933 13024: Ported CIFS configuration changes from Adobe V2.1A, missed checkin. ___________________________________________________________________ Modified: svn:mergeinfo Merged /alfresco/BRANCHES/V2.1-A:r9127,9151,9174,9189-9191,9243,9245,9279,10191,10893,10903 Merged /alfresco/BRANCHES/V3.1:r12999-13002,13006,13010-13011,13013,13015,13017-13018,13020-13021,13024 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13550 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2009-03-11 03:22:35 +00:00
parent 6eb1963971
commit f1307fba20
37 changed files with 3498 additions and 2292 deletions
--- a/source/java/org/alfresco/filesys/avm/AVMDiskDriver.java
+++ b/source/java/org/alfresco/filesys/avm/AVMDiskDriver.java
@@ -362,6 +362,11 @@ public class AVMDiskDriver extends AlfrescoDiskDriver implements DiskInterface

                    context.enableStateTable(true, getStateReaper());

+                    // Check if the admin user should be allowed to write to the web project staging stores
+                    
+                    if ( cfg.getChild("adminWriteable") != null)
+                    	context.setAllowAdminStaginWrites( true);
+                    
                    // Plug the virtualization view context into the various store/version call back listeners
                    // so that store/version pseudo folders can be kept in sync with AVM

@@ -834,9 +839,12 @@ public class AVMDiskDriver extends AlfrescoDiskDriver implements DiskInterface

        // Check if the filesystem is the virtualization view

-        if (ctx.isVirtualizationView() && storePath.isReadOnlyPseudoPath())
+        if (ctx.isVirtualizationView())
        {
-            throw new AccessDeniedException("Cannot create folder in store/version layer, " + params.getPath());
+        	if (storePath.isReadOnlyPseudoPath())
+        		throw new AccessDeniedException("Cannot create folder in store/version layer, " + params.getPath());
+        	else if ( storePath.isReadOnlyAccess())
+        		throw new AccessDeniedException("Cannot create folder " + params.getPath() + ", read-only path");
        }

        // Create a new file
@@ -910,9 +918,12 @@ public class AVMDiskDriver extends AlfrescoDiskDriver implements DiskInterface

        // Check if the filesystem is the virtualization view

-        if (ctx.isVirtualizationView() && storePath.isReadOnlyPseudoPath())
+        if (ctx.isVirtualizationView())
        {
-            throw new AccessDeniedException("Cannot create file in store/version layer, " + params.getPath());
+        	if (storePath.isReadOnlyPseudoPath())
+        		throw new AccessDeniedException("Cannot create file in store/version layer, " + params.getPath());
+        	else if ( storePath.isReadOnlyAccess())
+        		throw new AccessDeniedException("Cannot create file " + params.getPath() + ", read-only path");
        }
        else if (storePath.getVersion() != AVMContext.VERSION_HEAD)
        {
@@ -1008,9 +1019,12 @@ public class AVMDiskDriver extends AlfrescoDiskDriver implements DiskInterface

        // Check if the filesystem is the virtualization view

-        if (ctx.isVirtualizationView() && storePath.isPseudoPath())
+        if (ctx.isVirtualizationView())
        {
-            throw new AccessDeniedException("Cannot delete pseudo folder, " + dir);
+        	if (storePath.isPseudoPath())
+        		throw new AccessDeniedException("Cannot delete folder in store/version layer, " + dir);
+        	else if ( storePath.isReadOnlyAccess())
+        		throw new AccessDeniedException("Cannot delete folder " + dir + ", read-only path");
        }

        // Make sure the path is to a folder before deleting it
@@ -1080,9 +1094,12 @@ public class AVMDiskDriver extends AlfrescoDiskDriver implements DiskInterface

        // Check if the filesystem is the virtualization view

-        if (ctx.isVirtualizationView() && storePath.isPseudoPath())
+        if (ctx.isVirtualizationView())
        {
-            throw new AccessDeniedException("Cannot delete pseudo file, " + name);
+        	if (storePath.isPseudoPath())
+        		throw new AccessDeniedException("Cannot delete file in store/version layer, " + name);
+        	else if ( storePath.isReadOnlyAccess())
+        		throw new AccessDeniedException("Cannot delete file " + name + ", read-only path");
        }

        // Make sure the path is to a file before deleting it
@@ -1609,9 +1626,14 @@ public class AVMDiskDriver extends AlfrescoDiskDriver implements DiskInterface

        // Check if the filesystem is the virtualization view

-        if (ctx.isVirtualizationView() && oldAVMPath.isReadOnlyPseudoPath())
+        if (ctx.isVirtualizationView())
        {
-            throw new AccessDeniedException("Cannot rename folder in store/version layer, " + oldName);
+        	if ( oldAVMPath.isReadOnlyPseudoPath())
+        		throw new AccessDeniedException("Cannot rename folder in store/version layer, " + oldName);
+        	else if ( newAVMPath.isReadOnlyPseudoPath())
+        		throw new AccessDeniedException("Cannot rename folder to store/version layer, " + newName);
+        	else if ( newAVMPath.isReadOnlyAccess())
+        		throw new AccessDeniedException("Cannot rename folder to read-only folder, " + newName);
        }

        // Start a transaction for the rename
@@ -1701,7 +1723,12 @@ public class AVMDiskDriver extends AlfrescoDiskDriver implements DiskInterface
            // If this is not the head version then it's not writable

            AVMContext avmCtx = (AVMContext) tree.getContext();
-            if (avmCtx.isVersion() != AVMContext.VERSION_HEAD)
+
+            // Parse the path
+        	
+            AVMPath storePath = buildStorePath(avmCtx, name, sess);
+        	
+            if (avmCtx.isVersion() != AVMContext.VERSION_HEAD || storePath.isReadOnlyAccess())
                throw new AccessDeniedException("Store not writable, cannot set delete on close");
        }
    }
@@ -2757,13 +2784,14 @@ public class AVMDiskDriver extends AlfrescoDiskDriver implements DiskInterface

    	// Allow access to the root folder
    	
-    	if ( avmPath.isLevel() == AVMPath.LevelId.Root)
+    	if ( avmPath.isLevel() == AVMPath.LevelId.Root) {
+    		
+    		// Allow read only access to the root
+    		
+    		avmPath.setReadOnlyAccess( true);
    		return;
+    	}
    	
-    	// Admin user has full access
-    	
-    	if ( cInfo.getUserName().equalsIgnoreCase( m_authComponent.getSystemUserName()))
-    		return;
    	
    	// Get root file state, get the store pseudo folder details

@@ -2798,7 +2826,13 @@ public class AVMDiskDriver extends AlfrescoDiskDriver implements DiskInterface
 	    				
 	    				throw new AccessDeniedException("User " + cInfo.getUserName() + " has no access to web project, " + webFolder.getFileName());
    				}
-    				else if ( role == WebProjectStorePseudoFile.RolePublisher)
+    				else if ( avmCtx.allowAdminStagingWrites() && cInfo.isAdministrator())
+    				{
+    					// Allow admin write access
+    					
+    					avmPath.setReadOnlyAccess( false);
+    				}
+    				else
    				{
    					// Only allow read-only access to the staging area