From fb63c64b0a2795ace784a6d2eb660d88d5b53a08 Mon Sep 17 00:00:00 2001
From: David Caruana <david.caruana@alfresco.com>
Date: Wed, 15 Feb 2006 16:35:40 +0000
Subject: [PATCH] Fix AWC-367.  Deleting a user from the system does not remove
 that user from any groups they may be in.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2391 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../authentication-services-context.xml       | 10 ++---
 .../AuthenticationServiceImpl.java            |  9 ----
 .../security/person/PersonServiceImpl.java    | 41 ++++++++++++++-----
 3 files changed, 35 insertions(+), 25 deletions(-)

diff --git a/config/alfresco/authentication-services-context.xml b/config/alfresco/authentication-services-context.xml
index 94d289be04..087d737d53 100644
--- a/config/alfresco/authentication-services-context.xml
+++ b/config/alfresco/authentication-services-context.xml
@@ -172,9 +172,6 @@
         <property name="authenticationComponent">
             <ref bean="authenticationComponentImpl" />
         </property>
-        <property name="permissionServiceSPI">
-            <ref bean="permissionServiceImpl" />
-        </property>
     </bean>
 
     <!-- A transactional wrapper that should be removed.                    -->
@@ -240,8 +237,11 @@
               <property name="searchService">
                  <ref bean="searchService" />
               </property>
-              <property name="dictionaryService">
-                 <ref bean="dictionaryService" />
+			  <property name="permissionServiceSPI">
+	            <ref bean="permissionServiceImpl" />
+	          </property>
+              <property name="authorityService">
+                 <ref bean="authorityService" />
               </property>
               <property name="namespacePrefixResolver">
                  <ref bean="namespaceService" />
diff --git a/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java b/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java
index c85e1f3aac..ebf289b554 100644
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java
@@ -16,7 +16,6 @@
  */
 package org.alfresco.repo.security.authentication;
 
-import org.alfresco.repo.security.permissions.PermissionServiceSPI;
 import org.alfresco.service.cmr.security.AuthenticationService;
 
 public class AuthenticationServiceImpl implements AuthenticationService
@@ -27,8 +26,6 @@ public class AuthenticationServiceImpl implements AuthenticationService
     
     TicketComponent ticketComponent;
     
-    PermissionServiceSPI permissionServiceSPI;
-
     public AuthenticationServiceImpl()
     {
         super();
@@ -49,11 +46,6 @@ public class AuthenticationServiceImpl implements AuthenticationService
         this.authenticationComponent = authenticationComponent;
     }
 
-    public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)
-    {
-        this.permissionServiceSPI = permissionServiceSPI;
-    }
-    
     public void createAuthentication(String userName, char[] password) throws AuthenticationException
     {
         authenticationDao.createUser(userName, password);
@@ -73,7 +65,6 @@ public class AuthenticationServiceImpl implements AuthenticationService
     public void deleteAuthentication(String userName) throws AuthenticationException
     {
         authenticationDao.deleteUser(userName);
-        permissionServiceSPI.deletePermissions(authenticationDao.getUserNamesAreCaseSensitive() ? userName: userName.toLowerCase());
     }
 
     public boolean getAuthenticationEnabled(String userName) throws AuthenticationException
diff --git a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
index a5559e29b6..84e57ed845 100644
--- a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
@@ -26,19 +26,17 @@ import java.util.Map;
 import java.util.Set;
 
 import org.alfresco.model.ContentModel;
-import org.alfresco.repo.search.QueryParameterDefImpl;
-import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
-import org.alfresco.service.cmr.dictionary.DictionaryService;
+import org.alfresco.repo.security.permissions.PermissionServiceSPI;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
-import org.alfresco.service.cmr.search.QueryParameterDefinition;
 import org.alfresco.service.cmr.search.ResultSet;
 import org.alfresco.service.cmr.search.ResultSetRow;
 import org.alfresco.service.cmr.search.SearchParameters;
 import org.alfresco.service.cmr.search.SearchService;
+import org.alfresco.service.cmr.security.AuthorityService;
 import org.alfresco.service.cmr.security.PersonService;
 import org.alfresco.service.namespace.NamespacePrefixResolver;
 import org.alfresco.service.namespace.QName;
@@ -56,10 +54,12 @@ public class PersonServiceImpl implements PersonService
 
     private NodeService nodeService;
 
-    private DictionaryService dictionaryService;
-
     private SearchService searchService;
+    
+    private AuthorityService authorityService;
 
+    private PermissionServiceSPI permissionServiceSPI;
+    
     private NamespacePrefixResolver namespacePrefixResolver;
 
     private boolean createMissingPeople;
@@ -285,11 +285,25 @@ public class PersonServiceImpl implements PersonService
     public void deletePerson(String userName)
     {
         NodeRef personNodeRef = getPersonOrNull(userName);
+        
+        // delete the person
         if (personNodeRef != null)
         {
             nodeService.deleteNode(personNodeRef);
         }
 
+        // translate username based on user name case sensitivity
+        String authorityName = userNamesAreCaseSensitive ? userName : userName.toLowerCase();
+        
+        // remove user from any containing authorities
+        Set<String> containerAuthorities = authorityService.getContainingAuthorities(null, userName, true);
+        for (String containerAuthority : containerAuthorities)
+        {
+            authorityService.removeAuthority(containerAuthority, authorityName);
+        }
+        
+        // remove any user permissions
+        permissionServiceSPI.deletePermissions(authorityName);
     }
 
     public Set<NodeRef> getAllPeople()
@@ -333,16 +347,21 @@ public class PersonServiceImpl implements PersonService
         this.createMissingPeople = createMissingPeople;
     }
 
-    public void setDictionaryService(DictionaryService dictionaryService)
-    {
-        this.dictionaryService = dictionaryService;
-    }
-
     public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver)
     {
         this.namespacePrefixResolver = namespacePrefixResolver;
     }
 
+    public void setAuthorityService(AuthorityService authorityService)
+    {
+        this.authorityService = authorityService;
+    }
+
+    public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)
+    {
+        this.permissionServiceSPI = permissionServiceSPI;
+    }
+    
     public void setNodeService(NodeService nodeService)
     {
         this.nodeService = nodeService;