Added a securityClearance aspect to the classifiedContentModel.
This can be applied to a user’s person node to give them clearance.
TODO. Not clear how/if we can use this for groups of users.
Added a SecurityClearanceService which gets users’ security clearances.
Added a getDefaultClassificationLevel method to the ClassificationService.
TODO This needs to be reviewed.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@103042 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
The API can be accessed through the following URI:
http://localhost:8080/alfresco/service/api/classification/reasons
Note that the private classificationService bean is currently being used
as there is an issue with the authentication when using the public bean.
Log error message contains:
Caused by: net.sf.acegisecurity.AccessDeniedException: Access is denied.
RM method security check was performed.
Failed on method: getClassificationReasons()
; nested exception is net.sf.acegisecurity.AccessDeniedException: Access is denied.
at org.alfresco.module.org_alfresco_module_rm.security.RMMethodSecurityInterceptor.beforeInvocation(RMMethodSecurityInterceptor.java:299)
+review RM @taksoy
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@101042 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
Renamed a public service method to getClassificationLevels.
Removed a redundant test method.
Code tidying.
Various internal renames to help readability.
Slight javadoc improvements.
Also some trivial changes like fixing typos and copyright years etc.
Removing warnings from within AuthenticationUtil blocks allows IntelliJ to fold them to Java 8 closure format. (fistpump).
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@100020 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
Although the Alfresco server starts fine on my machine, there is a timing/dependency issue which means that on Bamboo, ClassificationServiceImpl.initConfiguredClassificationLevels attempts to use the Alfresco DB before it is fully ready.
This check-in changes the service startup so that instead of using a spring init-method, it uses a LifecycleBean to run the initialisation after the server has fully started up.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@99962 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This check-in adds the basic ClassificationService API, its initial implementation, ClassificationServiceImpl, along with some basic support types such as ClassificationServiceException (for service-specific exceptions) and Configuration.
It also adds unit tests ClassificationServiceImplUnitTest and ConfigurationUnitTest.
The ClassificationService begins our support for ‘Classified Records’, whereby Alfresco content can be given a ClassificationLevel and thereafter will only be accessible to users with the appropriate security clearance.
The vanilla service includes a default set, rm-classification-levels.json (Top Secret etc) which links through to the i18n’d display data via rm-classification.properties in the usual way.
The service is defined in its own spring context file, rm-classified-records-context.xml, as it is distinct from the file plan and should be applicable to content outside that file plan.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@99932 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
* the unpredicatable behaviour was caused by this incompatibility and the resulting uncertaintity over which level of dispostion would 'win'
* RM-1963: It is not possible to cut off record scheduled for cut off if it's linked to a folder with disposition schedule with cut off step set on folder.
* RM-1962: The disposition schedule steps are not working as expected on a record linked to a folder with disposition schedule on it's own.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.3@97948 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
* invalid policy defintions now throw exception .. previously they just granted!
* invalid capability definitions now throw exception .. previously they abstained with no message
* reference to RM.Write removed and replaced with RM.Create or more appropriate permission check
* adjustments to hold capabilities since they wheren't being exercised as we thought
* ManageAccessRights no longer checks for frozen .. you should be able to manage the permissions of an object if it's frozen and you have the capability
* Unit tests for new code and adjustments
* Tweaks to existing integration tests where required
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.3@97786 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
