inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)

Browse Source 
71600: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud)
      70349: Merged DEV to V4.2-BUG-FIX (4.2.3)
         70294 : MNT-10946 : Admin is no longer able to unlock files
            - Check if node is locked before unlock for non-admin or System users. Fix related test 


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@74694 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Will Abson
2014-06-25 15:30:54 +00:00
parent 6ab8f45601
commit f7534027fb
5 changed files with 104 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
source/java/org/alfresco/repo/lock/LockServiceImpl.java
View File

@@ -66,6 +66,8 @@ import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.Pair;
import org.alfresco.util.PropertyCheck;
@@ -94,6 +96,7 @@ public class LockServiceImpl implements LockService,
private TenantService tenantService;
private AuthenticationService authenticationService;
private SearchService searchService;
private AuthorityService authorityService;
private BehaviourFilter behaviourFilter;
private LockStore lockStore;
private PolicyComponent policyComponent;
@@ -139,6 +142,11 @@ public class LockServiceImpl implements LockService,
this.searchService = searchService;
}
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
/**
* Initialise methods called by Spring framework
*/
@@ -150,6 +158,7 @@ public class LockServiceImpl implements LockService,
PropertyCheck.mandatory(this, "searchService", searchService);
PropertyCheck.mandatory(this, "behaviourFilter", behaviourFilter);
PropertyCheck.mandatory(this, "policyComponent", policyComponent);
PropertyCheck.mandatory(this, "authorityService", authorityService);
// Register the policies
beforeLock = policyComponent.registerClassPolicy(LockServicePolicies.BeforeLock.class);
@@ -478,6 +487,8 @@ public class LockServiceImpl implements LockService,
{
throw new UnableToReleaseLockException(nodeRef, CAUSE.CHECKED_OUT);
}
// check if the user able to unlock the node
checkNodeBeforeUnlock(nodeRef);
// Remove the lock from persistent storage.
Lifetime lifetime = lockState.getLifetime();
@@ -503,8 +514,8 @@ public class LockServiceImpl implements LockService,
}
else if (lifetime == Lifetime.EPHEMERAL)
{
// Remove the ephemeral lock.
lockStore.set(nodeRef, LockState.createUnlocked(nodeRef));
// force unlock the ephemeral lock.
lockStore.forceUnlock(nodeRef);
nodeIndexer.indexUpdateNode(nodeRef);
}
else
@@ -656,6 +667,39 @@ public class LockServiceImpl implements LockService,
}
}
}
private void checkNodeBeforeUnlock(NodeRef nodeRef)
{
String userName = getUserName();
Set<String> userAuthorities = authorityService.getAuthoritiesForUser(userName);
// ignore check for admins and system
if (userAuthorities.contains(PermissionService.ADMINISTRATOR_AUTHORITY) ||
tenantService.getBaseNameUser(userName).equals(AuthenticationUtil.getSystemUserName()))
{
return;
}
nodeRef = tenantService.getName(nodeRef);
// Ensure we have found a node reference
if (nodeRef != null && userName != null)
{
try
{
// Get the current lock status on the node ref
LockStatus currentLockStatus = getLockStatus(nodeRef, userName);
if (LockStatus.LOCKED.equals(currentLockStatus) == true)
{
throw new UnableToReleaseLockException(nodeRef);
}
}
catch (AspectMissingException exception)
{
// Ignore since this indicates that the node does not have the lock aspect applied
}
}
}
/**
* Ensures that the parent is not locked.