inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-7064 check permissions for delete node

Browse Source
This commit is contained in:
Sara Aspery
2019-11-28 01:09:21 +00:00
parent 486cffb939
commit fe502aadec
2 changed files with 38 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/hold/HoldServiceImpl.java
View File

@@ -43,7 +43,6 @@ import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
import org.alfresco.module.org_alfresco_module_rm.audit.event.AuditEvent;
import org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
@@ -241,6 +240,8 @@ public class HoldServiceImpl extends ServiceBaseImpl
{
if (nodeService.exists(hold) && isHold(hold))
{
checkPermissionsForDeleteHold(hold);
RunAsWork<Void> work = new RunAsWork<Void>()
{
@Override
@@ -531,6 +532,26 @@ public class HoldServiceImpl extends ServiceBaseImpl
throw new AlfrescoRuntimeException("Can't delete hold, because passed node is not a hold. (hold=" + hold.toString() + ")");
}
checkPermissionsForDeleteHold(hold);
invokeBeforeDeleteHold(hold);
String holdName = (String) nodeService.getProperty(hold, PROP_NAME);
Set<QName> classQNames = getTypeAndApsects(hold);
// delete the hold node
nodeService.deleteNode(hold);
invokeOnDeleteHold(holdName, classQNames);
}
/**
* Helper method to check if user has correct permissions to delete hold
*
* @param hold hold to be deleted
*/
private void checkPermissionsForDeleteHold(NodeRef hold)
{
List<NodeRef> held = AuthenticationUtil.runAsSystem(new RunAsWork<List<NodeRef>>()
{
@Override
@@ -579,16 +600,6 @@ public class HoldServiceImpl extends ServiceBaseImpl
}
throw new AccessDeniedException(I18NUtil.getMessage(MSG_ERR_HOLD_PERMISSION_DETAILED_ERROR) + sb.toString());
}
invokeBeforeDeleteHold(hold);
String holdName = (String) nodeService.getProperty(hold, PROP_NAME);
Set<QName> classQNames = getTypeAndApsects(hold);
// delete the hold node
nodeService.deleteNode(hold);
invokeOnDeleteHold(holdName, classQNames);
}
/**