inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

ALF-11664 site.public.group (via SysAdminParams.SitePublicGroup) should be used when updating site visibilities, as it is for creating sites

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@32251 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Nick Burch
2011-11-23 17:21:43 +00:00
parent 3e8c74f317
commit fc1d367dc2
2 changed files with 59 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
source/java/org/alfresco/repo/site/SiteServiceImpl.java
View File

@@ -498,6 +498,9 @@ public class SiteServiceImpl extends AbstractLifecycleBean implements SiteServic
* Setup the Site permissions. * Setup the Site permissions.
* <p> * <p>
* Creates the top-level site group, plus all the Role groups required for users of the site. * Creates the top-level site group, plus all the Role groups required for users of the site.
* <p>
* Note - Changes here likely need to be replicated to the {@link #updateSite(SiteInfo)}
* method too, as that also has to deal with Site Permissions.
* *
* @param siteNodeRef * @param siteNodeRef
* @param shortName * @param shortName
@@ -574,9 +577,11 @@ public class SiteServiceImpl extends AbstractLifecycleBean implements SiteServic
else if (SiteVisibility.MODERATED.equals(visibility) == true && else if (SiteVisibility.MODERATED.equals(visibility) == true &&
permissions.contains(SITE_CONSUMER)) permissions.contains(SITE_CONSUMER))
{ {
// for moderated sites, the Public Group has consumer access to the // For moderated sites, the Public Group has consumer access to the
// site root, but not to site components. // site root, but not to site components.
permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true); permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
// Permissions will be set on the site components as they get created
} }
// No matter what, everyone must be able to read permissions on // No matter what, everyone must be able to read permissions on
@@ -1282,7 +1287,7 @@ public class SiteServiceImpl extends AbstractLifecycleBean implements SiteServic
properties.put(ContentModel.PROP_TITLE, siteInfo.getTitle()); properties.put(ContentModel.PROP_TITLE, siteInfo.getTitle());
properties.put(ContentModel.PROP_DESCRIPTION, siteInfo.getDescription()); properties.put(ContentModel.PROP_DESCRIPTION, siteInfo.getDescription());
// Update the isPublic flag // Update the permissions based on the visibility
SiteVisibility currentVisibility = getSiteVisibility(siteNodeRef); SiteVisibility currentVisibility = getSiteVisibility(siteNodeRef);
SiteVisibility updatedVisibility = siteInfo.getVisibility(); SiteVisibility updatedVisibility = siteInfo.getVisibility();
if (currentVisibility.equals(updatedVisibility) == false) if (currentVisibility.equals(updatedVisibility) == false)
@@ -1290,19 +1295,34 @@ public class SiteServiceImpl extends AbstractLifecycleBean implements SiteServic
// visibility has changed // visibility has changed
logger.debug("site:" + shortName + " visibility has changed from: " + currentVisibility + "to: " + updatedVisibility); logger.debug("site:" + shortName + " visibility has changed from: " + currentVisibility + "to: " + updatedVisibility);
// visibility has changed. // Grab the Public Site Group and validate
// Remove current visibility permissions final String sitePublicGroup = sysAdminParams.getSitePublicGroup();
if (SiteVisibility.PUBLIC.equals(currentVisibility) == true) boolean publicGroupExists = authorityService.authorityExists(sitePublicGroup);
if (!PermissionService.ALL_AUTHORITIES.equals(sitePublicGroup) && !publicGroupExists)
{ {
this.permissionService.deletePermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, SITE_CONSUMER); // If the group specified in the settings does not exist, we cannot update the site.
throw new SiteServiceException(MSG_VISIBILITY_GROUP_MISSING, new Object[]{sitePublicGroup});
} }
else if (SiteVisibility.MODERATED.equals(currentVisibility) == true)
// The site Visibility has changed.
// Remove current visibility permissions
if (SiteVisibility.PUBLIC.equals(currentVisibility) == true ||
SiteVisibility.MODERATED.equals(currentVisibility) == true)
{
// Remove the old Consumer permissions
// (Always remove both EVERYONE and the Publci Site Group, just to be safe)
this.permissionService.deletePermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER);
if (sitePublicGroup.equals(PermissionService.ALL_AUTHORITIES))
{
this.permissionService.deletePermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, SITE_CONSUMER);
}
}
// If the site was moderated before, undo the work of #setModeratedPermissions
// by restoring inherited permissions on the containers
// (Leaving the old extra permissions on containers is fine)
if (SiteVisibility.MODERATED.equals(currentVisibility) == true)
{ {
this.permissionService.deletePermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, SITE_CONSUMER);
/**
* update the containers
*/
List<FileInfo> folders = fileFolderService.listFolders(siteNodeRef); List<FileInfo> folders = fileFolderService.listFolders(siteNodeRef);
for(FileInfo folder : folders) for(FileInfo folder : folders)
{ {
@@ -1312,16 +1332,16 @@ public class SiteServiceImpl extends AbstractLifecycleBean implements SiteServic
} }
// Add new visibility permissions // Add new visibility permissions
// Note - these need to be kept in sync manually with those in #setupSitePermissions
if (SiteVisibility.PUBLIC.equals(updatedVisibility) == true) if (SiteVisibility.PUBLIC.equals(updatedVisibility) == true)
{ {
this.permissionService.setPermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, SITE_CONSUMER, true); this.permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
} }
else if (SiteVisibility.MODERATED.equals(updatedVisibility) == true) else if (SiteVisibility.MODERATED.equals(updatedVisibility) == true)
{ {
this.permissionService.setPermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, SITE_CONSUMER, true); this.permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
/**
* update the containers // Set the moderated permissions on all the containers the site already has
*/
List<FileInfo> folders = fileFolderService.listFolders(siteNodeRef); List<FileInfo> folders = fileFolderService.listFolders(siteNodeRef);
for(FileInfo folder : folders) for(FileInfo folder : folders)
{ {
@@ -1329,6 +1349,10 @@ public class SiteServiceImpl extends AbstractLifecycleBean implements SiteServic
setModeratedPermissions(shortName, containerNodeRef); setModeratedPermissions(shortName, containerNodeRef);
} }
} }
else if (SiteVisibility.PRIVATE.equals(updatedVisibility))
{
// No additional permissions need to be granted for a site become private
}
// Update the site node reference with the updated visibility value // Update the site node reference with the updated visibility value
properties.put(SiteModel.PROP_SITE_VISIBILITY, siteInfo.getVisibility().toString()); properties.put(SiteModel.PROP_SITE_VISIBILITY, siteInfo.getVisibility().toString());

38
source/java/org/alfresco/repo/site/SiteServiceImplTest.java
View File

@@ -1575,16 +1575,15 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
// Check the permissions now // Check the permissions now
// TODO Fix this // Everyone still has read permissions everywhere, but nothing more
// // Everyone still has read permissions everywhere, but nothing more assertEquals("ReadPermissions", getAllowedPermissionsMap(s1).get(PermissionService.ALL_AUTHORITIES));
// assertEquals("ReadPermissions", getAllowedPermissionsMap(s1).get(PermissionService.ALL_AUTHORITIES)); assertEquals("ReadPermissions", getAllowedPermissionsMap(s2).get(PermissionService.ALL_AUTHORITIES));
// assertEquals("ReadPermissions", getAllowedPermissionsMap(s2).get(PermissionService.ALL_AUTHORITIES)); assertEquals("ReadPermissions", getAllowedPermissionsMap(s3).get(PermissionService.ALL_AUTHORITIES));
// assertEquals("ReadPermissions", getAllowedPermissionsMap(s3).get(PermissionService.ALL_AUTHORITIES));
// // The site public group has consumer permissions on mod+public
// // The site public group has consumer permissions on mod+public assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s1).get(groupFour));
// assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s1).get(groupFour)); assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s2).get(groupFour));
// assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s2).get(groupFour)); assertEquals(null, getAllowedPermissionsMap(s3).get(groupFour));
// assertEquals(null, getAllowedPermissionsMap(s3).get(groupFour));
// Our user is still the manager // Our user is still the manager
assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s1.getShortName(), USER_ONE)); assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s1.getShortName(), USER_ONE));
@@ -1602,16 +1601,15 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
// Check the permissions have restored // Check the permissions have restored
// TODO Fix this // Everyone only has read permissions
// // Everyone only has read permissions assertEquals("ReadPermissions", getAllowedPermissionsMap(s1).get(PermissionService.ALL_AUTHORITIES));
// assertEquals("ReadPermissions", getAllowedPermissionsMap(s1).get(PermissionService.ALL_AUTHORITIES)); assertEquals("ReadPermissions", getAllowedPermissionsMap(s2).get(PermissionService.ALL_AUTHORITIES));
// assertEquals("ReadPermissions", getAllowedPermissionsMap(s2).get(PermissionService.ALL_AUTHORITIES)); assertEquals("ReadPermissions", getAllowedPermissionsMap(s3).get(PermissionService.ALL_AUTHORITIES));
// assertEquals("ReadPermissions", getAllowedPermissionsMap(s3).get(PermissionService.ALL_AUTHORITIES));
// // The site public group has consumer permissions on mod+public
// // The site public group has consumer permissions on mod+public assertEquals(null, getAllowedPermissionsMap(s1).get(groupFour));
// assertEquals(null, getAllowedPermissionsMap(s1).get(groupFour)); assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s2).get(groupFour));
// assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s2).get(groupFour)); assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s3).get(groupFour));
// assertEquals(SiteModel.SITE_CONSUMER, getAllowedPermissionsMap(s3).get(groupFour));
// Our user is still the manager // Our user is still the manager
assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s1.getShortName(), USER_ONE)); assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole(s1.getShortName(), USER_ONE));