MNT-16852: First pass at extracting permission mapping to properties file.

2025-08-07 17:49:17 +00:00 · 2016-10-12 15:08:17 +01:00
parent 0eaa927b38
commit fa2d37f37b
3 changed files with 45 additions and 4 deletions
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/alfresco-global.properties
@@ -47,3 +47,9 @@ rm.autocompletesuggestion.nodeParameterSuggester.aspectsAndTypes=rma:record,cm:c
 # Global RM disposition lifecycle trigger cron job expression
 #
 rm.dispositionlifecycletrigger.cronexpression=0 0/5 * * * ?
+
+# Permission mapping
+# these take a comma separated string of permissions from org.alfresco.service.cmr.security.PermissionService
+# read maps to ReadRecords and write to FileRecords
+rm.haspermissionmap.read=ReadProperties,ReadChildren
+rm.haspermissionmap.write=WriteProperties,AddChildren
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/extended-repository-context.xml
@@ -134,6 +134,12 @@
            <ref bean="extendedReaderDynamicAuthority" />
         </list>
      </property>
+      <property name="readMapping">
+         <value>{rm.haspermissionmap.read}</value>
+      </property>
+      <property name="fileMapping">
+         <value>{rm.haspermissionmap.write}</value>
+      </property>
   </bean>

   <bean id="extendedReaderDynamicAuthority" class="org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority" />
--- a/rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java
@@ -19,21 +19,28 @@
 package org.alfresco.repo.security.permissions.impl;

 import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;

 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
 import org.alfresco.repo.cache.SimpleCache;
+
 import org.alfresco.repo.security.permissions.AccessControlEntry;
 import org.alfresco.repo.security.permissions.AccessControlList;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.AccessStatus;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.util.PropertyCheck;
+import org.apache.commons.collections.ArrayStack;
+import org.apache.commons.lang.StringUtils;
 import org.springframework.context.ApplicationEvent;

+
 /**
 * Extends the core permission service implementation allowing the consideration of the read records
 * permission.
@@ -48,6 +55,10 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
 	/** Writers simple cache */
    protected SimpleCache<Serializable, Set<String>> writersCache;

+    /** Permission maps*/
+    protected String readMapping;
+    protected String fileMapping;
+
    /**
     * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
     */
@@ -66,6 +77,22 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
        this.writersCache = writersCache;
    }

+    /**
+     * @param readMapping the mapping of permissions to ReadRecord
+     */
+    public void setReadMapping(String readMapping)
+    {
+        this.readMapping = readMapping;
+    }
+
+    /**
+     * @param fileMapping the mapping of permissions to ReadRecord
+     */
+    public void setFileMapping(String fileMapping)
+    {
+        this.fileMapping = fileMapping;
+    }
+
    /**
     * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#onBootstrap(org.springframework.context.ApplicationEvent)
     */
@@ -91,13 +118,15 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
        if (AccessStatus.DENIED.equals(acs) &&
            nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
        {
-            if (PermissionService.READ.equals(perm) || PermissionService.READ_PROPERTIES.equals(perm))
+
+            List<String> configuredReadPermissions = Arrays.asList(this.readMapping.split(","));
+            List<String> configuredFilePermissions = Arrays.asList(this.fileMapping.split(","));
+
+            if (PermissionService.READ.equals(perm) || configuredReadPermissions.contains(perm))
            {
                return super.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS);
            }
-            else if (PermissionService.WRITE.equals(perm) ||
-                    PermissionService.ADD_CHILDREN.equals(perm) ||
-                    PermissionService.WRITE_PROPERTIES.equals(perm))
+            else if (PermissionService.WRITE.equals(perm) || configuredFilePermissions.contains(perm))
            {
                return super.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS);
            }