Merged BRANCHES/V2.2 to HEAD:

76115: Update version to 2.1.1
   83912: Updated the Alfresco dependency from 4.2.2 to 4.2.3.1 for RM 2.2
   89173: Merged BRANCHES/v2.1.0.x to BRANCHES/v2.2:
        68559: (RECORD ONLY) Change base Alfresco version from 4.2.0-RC4 to 4.2.0
        68568: (RECORD ONLY) Merge from HEAD to BRANCHES/V2.1.0.x
        68569: (RECORD ONLY) Update module version to 2.1.0.1
        76475: (RECORD ONLY) Merge HEAD to BRANCHES/V2.1.0.x:
        76597: (RECORD ONLY) Merge HEAD to BRANCHES/V2.1.0.x:
            74932: RM-1461: CLONE - RM slower then standard repo/sites when rendering document details when folder contains 15k documents
        76598: (RECORD ONLY) Merged HEAD to BRANCHES/V2.1.0.x:
             75102: RM Performance testing
        76599: (RECORD ONLY) Update module version to 2.1.0.2
        76601: (RECORD ONLY) Merged HEAD to BRANCHES/V2.1.0.x:
             75186: RM Performance Improvements
   89251: Merge BRANCHES/V2.1.0.x to BRANCHES/V2.2:
        68559: Change base Alfresco version from 4.2.0-RC4 to 4.2.0
        68568: Merge from HEAD to BRANCHES/V2.1.0.x
        68569: Update module version to 2.1.0.1
        76475: Merge HEAD to BRANCHES/V2.1.0.x:
        76597: Merge HEAD to BRANCHES/V2.1.0.x:
            74932: RM-1461: CLONE - RM slower then standard repo/sites when rendering document details when folder contains 15k documents
        76598: Merged HEAD to BRANCHES/V2.1.0.x:
             75102: RM Performance testing
        76599: Update module version to 2.1.0.2
        76601: Merged HEAD to BRANCHES/V2.1.0.x:
             75186: RM Performance Improvements
        76673: Root container cache to improve unfiled record browse performance
            * relates to RM-1594 and RM-1595
        76850: RM performance enhancements
            * serach improvements
            * in-place record browse improvements
            * saved search via file plan browse improvements
        76851: Additional unit test to check extended security with cache is working as expected.
        76852: Rollback checked in config
        77709: RM-1630: Error on manage references page
            * regression caused by performance improvements
        84337: Update version to 2.1.0.3
        84421: Transaction level cahcing of declarative capability evaluation
        84676: Fix build
        84677: Prevent unnessary repeated creation of QName
        84678: Improvements to extended dynamic authorities
            * requiredFor set
            * direct access to extended permission information, not via service
        84679: Correct requiredFor value
        88087: RM-1661 (Performance on setting permissions at a high category level)
        88092: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
        88144: RM-1661 (Performance on setting permissions at a high category level)
        88182: RM-1724 (Inheritance is not off for root categories, unfiled records, holds and transfers)
        88192: RM-1661 (Performance on setting permissions at a high category level)
             * Added unit tests
        88193: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
        88358: RM-1661 (Performance on setting permissions at a high category level)
             * Added unit tests
        88685: RM-1742 (Locally Set Permissions for moved Record duplicate parent folder Locally Set Permissions)
        88686: RM-1741 (Moved root category doesn't inherit permissions)
        88687: RM-1741 (Moved root category doesn't inherit permissions)
             * Unit test added
        88688: RM-1742 (Locally Set Permissions for moved Record duplicate parent folder Locally Set Permissions)
             * Unit test added
        88691: RM-1745 (RM Admin role can only be added with read permission on the manage permission page)
        88772: RM-1741 (Moved root category doesn't inherit permissions)
        88860: RM-1661 (Performance on setting permissions at a high category level)
        88864: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
        88959: RM-1746 (Moved record/category always have the inheritance on)
        88960: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
        88961: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
        88962: RM-1661 (Performance on setting permissions at a high category level)
             * Fixed failing unit tests
   89252: Added missing test
   89253: Removed warnings
   89348: RM-1751 (Merge performance improvements made for RM 2.1.0.3 onto RM 2.2.1)
   89455: RM-1751 (Merge performance improvements made for RM 2.1.0.3 onto RM 2.2.1)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@89458 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

rm-server/source/java/org/alfresco/repo/security/permissions/impl/RMPermissionServiceImpl.java

@@ -18,18 +18,26 @@
  */
 package org.alfresco.repo.security.permissions.impl;
 
+import static org.apache.commons.lang.StringUtils.isNotBlank;
+
 import java.io.Serializable;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 
 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
+import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
+import org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService;
+import org.alfresco.module.org_alfresco_module_rm.security.ExtendedReaderDynamicAuthority;
+import org.alfresco.module.org_alfresco_module_rm.security.ExtendedWriterDynamicAuthority;
 import org.alfresco.repo.cache.SimpleCache;
 import org.alfresco.repo.security.permissions.AccessControlEntry;
 import org.alfresco.repo.security.permissions.AccessControlList;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessPermission;
 import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.AuthorityType;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.util.PropertyCheck;
 import org.springframework.context.ApplicationEvent;
@@ -48,6 +56,29 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
 	/** Writers simple cache */
     protected SimpleCache<Serializable, Set<String>> writersCache;
 
+    /** File plan service */
+    private FilePlanService filePlanService;
+
+    /**
+     * Gets the file plan service
+     *
+     * @return the filePlanService
+     */
+    public FilePlanService getFilePlanService()
+    {
+        return this.filePlanService;
+    }
+
+    /**
+     * Sets the file plan service
+     *
+     * @param filePlanService the filePlanService to set
+     */
+    public void setFilePlanService(FilePlanService filePlanService)
+    {
+        this.filePlanService = filePlanService;
+    }
+
     /**
      * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setAnyDenyDenies(boolean)
      */
@@ -87,15 +118,15 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
     public AccessStatus hasPermission(NodeRef nodeRef, String perm)
     {
         AccessStatus acs = super.hasPermission(nodeRef, perm);
-        if (AccessStatus.DENIED.equals(acs) &&
-            PermissionService.READ.equals(perm) &&
-            nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
+        if (AccessStatus.DENIED.equals(acs) == true &&
+            PermissionService.READ.equals(perm) == true &&
+            nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
         {
             return super.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS);
         }
-        else if (AccessStatus.DENIED.equals(acs) &&
-                 PermissionService.WRITE.equals(perm) &&
-                 nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
+        else if (AccessStatus.DENIED.equals(acs) == true &&
+                 PermissionService.WRITE.equals(perm) == true &&
+                 nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) == true)
         {
             return super.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS);
         }
@@ -263,4 +294,50 @@ public class RMPermissionServiceImpl extends PermissionServiceImpl
         writersCache.put((Serializable)acl.getProperties(), aclWriters);
         return aclWriters;
     }
+
+    /**
+     * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef, boolean)
+     */
+    @Override
+    public void setInheritParentPermissions(final NodeRef nodeRef, boolean inheritParentPermissions)
+    {
+        final String adminRole = getAdminRole(nodeRef);
+        if (nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) && isNotBlank(adminRole))
+        {
+            if (inheritParentPermissions)
+            {
+                Set<AccessPermission> accessPermissions = getAllSetPermissions(nodeRef);
+                for (AccessPermission accessPermission : accessPermissions)
+                {
+                    String authority = accessPermission.getAuthority();
+                    String permission = accessPermission.getPermission();
+                    if (accessPermission.isSetDirectly() &&
+                            (RMPermissionModel.FILING.equals(permission) || RMPermissionModel.READ_RECORDS.equals(permission)) &&
+                            (ExtendedReaderDynamicAuthority.EXTENDED_READER.equals(authority) || ExtendedWriterDynamicAuthority.EXTENDED_WRITER.equals(authority)) || adminRole.equals(authority))
+                    {
+                        // FIXME!!!
+                        //deletePermission(nodeRef, authority, permission);
+                    }
+                }
+            }
+            else
+            {
+                setPermission(nodeRef, ExtendedReaderDynamicAuthority.EXTENDED_READER, RMPermissionModel.READ_RECORDS, true);
+                setPermission(nodeRef, ExtendedWriterDynamicAuthority.EXTENDED_WRITER, RMPermissionModel.FILING, true);
+                setPermission(nodeRef, adminRole, RMPermissionModel.FILING, true);
+            }
+        }
+        super.setInheritParentPermissions(nodeRef, inheritParentPermissions);
+    }
+
+    private String getAdminRole(NodeRef nodeRef)
+    {
+        String adminRole = null;
+        NodeRef filePlan = getFilePlanService().getFilePlan(nodeRef);
+        if (filePlan != null)
+        {
+            adminRole = authorityService.getName(AuthorityType.GROUP, FilePlanRoleService.ROLE_ADMIN + filePlan.getId());
+        }
+        return adminRole;
+    }
 }