mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
MNT-16852: First pass at extracting permission mapping to properties file.
This commit is contained in:
David Webster
@@ -47,3 +47,9 @@ rm.autocompletesuggestion.nodeParameterSuggester.aspectsAndTypes=rma:record,cm:c
|
|||||||
# Global RM disposition lifecycle trigger cron job expression
|
# Global RM disposition lifecycle trigger cron job expression
|
||||||
#
|
#
|
||||||
rm.dispositionlifecycletrigger.cronexpression=0 0/5 * * * ?
|
rm.dispositionlifecycletrigger.cronexpression=0 0/5 * * * ?
|
||||||
|
|
||||||
|
# Permission mapping
|
||||||
|
# these take a comma separated string of permissions from org.alfresco.service.cmr.security.PermissionService
|
||||||
|
# read maps to ReadRecords and write to FileRecords
|
||||||
|
rm.haspermissionmap.read=ReadProperties,ReadChildren
|
||||||
|
rm.haspermissionmap.write=WriteProperties,AddChildren
|
||||||
|
|||||||
@@ -134,6 +134,12 @@
|
|||||||
<ref bean="extendedReaderDynamicAuthority" />
|
<ref bean="extendedReaderDynamicAuthority" />
|
||||||
</list>
|
</list>
|
||||||
</property>
|
</property>
|
||||||
|
<property name="readMapping">
|
||||||
|
<value>{rm.haspermissionmap.read}</value>
|
||||||
|
</property>
|
||||||
|
<property name="fileMapping">
|
||||||
|
<value>{rm.haspermissionmap.write}</value>
|
||||||
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="extendedReaderDynamicAuthority" class="org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority" />
|
<bean id="extendedReaderDynamicAuthority" class="org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority" />
|
||||||
|
|||||||
@@ -19,21 +19,28 @@
|
|||||||
package org.alfresco.repo.security.permissions.impl;
|
package org.alfresco.repo.security.permissions.impl;
|
||||||
|
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
|
||||||
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
|
||||||
import org.alfresco.repo.cache.SimpleCache;
|
import org.alfresco.repo.cache.SimpleCache;
|
||||||
|
|
||||||
import org.alfresco.repo.security.permissions.AccessControlEntry;
|
import org.alfresco.repo.security.permissions.AccessControlEntry;
|
||||||
import org.alfresco.repo.security.permissions.AccessControlList;
|
import org.alfresco.repo.security.permissions.AccessControlList;
|
||||||
import org.alfresco.service.cmr.repository.NodeRef;
|
import org.alfresco.service.cmr.repository.NodeRef;
|
||||||
import org.alfresco.service.cmr.security.AccessStatus;
|
import org.alfresco.service.cmr.security.AccessStatus;
|
||||||
import org.alfresco.service.cmr.security.PermissionService;
|
import org.alfresco.service.cmr.security.PermissionService;
|
||||||
import org.alfresco.util.PropertyCheck;
|
import org.alfresco.util.PropertyCheck;
|
||||||
|
import org.apache.commons.collections.ArrayStack;
|
||||||
|
import org.apache.commons.lang.StringUtils;
|
||||||
import org.springframework.context.ApplicationEvent;
|
import org.springframework.context.ApplicationEvent;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Extends the core permission service implementation allowing the consideration of the read records
|
* Extends the core permission service implementation allowing the consideration of the read records
|
||||||
* permission.
|
* permission.
|
||||||
@@ -48,6 +55,10 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
|
|||||||
/** Writers simple cache */
|
/** Writers simple cache */
|
||||||
protected SimpleCache<Serializable, Set<String>> writersCache;
|
protected SimpleCache<Serializable, Set<String>> writersCache;
|
||||||
|
|
||||||
|
/** Permission maps*/
|
||||||
|
protected String readMapping;
|
||||||
|
protected String fileMapping;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
|
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
|
||||||
*/
|
*/
|
||||||
@@ -66,6 +77,22 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
|
|||||||
this.writersCache = writersCache;
|
this.writersCache = writersCache;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param readMapping the mapping of permissions to ReadRecord
|
||||||
|
*/
|
||||||
|
public void setReadMapping(String readMapping)
|
||||||
|
{
|
||||||
|
this.readMapping = readMapping;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param fileMapping the mapping of permissions to ReadRecord
|
||||||
|
*/
|
||||||
|
public void setFileMapping(String fileMapping)
|
||||||
|
{
|
||||||
|
this.fileMapping = fileMapping;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#onBootstrap(org.springframework.context.ApplicationEvent)
|
* @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#onBootstrap(org.springframework.context.ApplicationEvent)
|
||||||
*/
|
*/
|
||||||
@@ -91,13 +118,15 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
|
|||||||
if (AccessStatus.DENIED.equals(acs) &&
|
if (AccessStatus.DENIED.equals(acs) &&
|
||||||
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
|
nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
|
||||||
{
|
{
|
||||||
if (PermissionService.READ.equals(perm) || PermissionService.READ_PROPERTIES.equals(perm))
|
|
||||||
|
List<String> configuredReadPermissions = Arrays.asList(this.readMapping.split(","));
|
||||||
|
List<String> configuredFilePermissions = Arrays.asList(this.fileMapping.split(","));
|
||||||
|
|
||||||
|
if (PermissionService.READ.equals(perm) || configuredReadPermissions.contains(perm))
|
||||||
{
|
{
|
||||||
return super.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS);
|
return super.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS);
|
||||||
}
|
}
|
||||||
else if (PermissionService.WRITE.equals(perm) ||
|
else if (PermissionService.WRITE.equals(perm) || configuredFilePermissions.contains(perm))
|
||||||
PermissionService.ADD_CHILDREN.equals(perm) ||
|
|
||||||
PermissionService.WRITE_PROPERTIES.equals(perm))
|
|
||||||
{
|
{
|
||||||
return super.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS);
|
return super.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user