mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-14 17:58:59 +00:00
a1b12e2f0f
42174: ALF-14721: Merged PATCHES/V4.0.2 to V4.1-BUG-FIX
41782: ALF-15751: Merged DEV to V4.0.2 (4.0.2.14)
41704: ALF-15751: CLONE - Version History presents versions in wrong order
'VersionHistoryImpl' now sorts versions by node DB id because version with greater version number can't have id which is lesser than id of version with lesser version number.
Additionally, this approach should be quicker than sorting by 'Modification date' and 'Version number' label.
<< Did not merge unit test, which was doing things with version branches that we don't normally support >>
42179: ALF-16149: Merged PATCHES/V4.0.1 to V4.1-BUG-FIX
41995: 41911: ALF-14127 User search retrieves all users from the DB regardless of search criteria
- PeopleServiceImpl.getPeople(...) now calls a new method nonCannedGetPeopleQuery(...) rather than using the canned query which is slow with large numbers of users.
42011: 41911: ALF-14127 User search retrieves all users from the DB regardless of search criteria
- Avoid NPE on params
42059: 41911: ALF-14127 User search retrieves all users from the DB regardless of search criteria
- Ignore case broke one of the unit tests (now excluded from nonCanned version)
42188: French installer corrections from Gloria
42192: ALF-15906 - Share UI does not show the 'edit online' button for Visio documents
42195: Refactor of imapSpacesTemplates.acp into imapSpacesTemplates.xml and exploded content.
This work is a necessary precursor to the fix for ALF-15803, which will add new localisations.
42220: Fix for ALF-16138. AbstractLinksWebScript doesn't cope with Links from deleted users.
42233: Fix for ALF-16164 Cloud monitoring of SOLR is CPU intensive due to its repeated use of the SOLR stats page
and related CLOUD-760 Cloud monitoring of SOLR is CPU intensive due to its repeated use of the SOLR stats page
42259: Fix to issue where multiple concurrent writes to same user preferences would cause exception to appear in Share when changing between old document library views and new views provided by a module.
42266: ALF-16154 - IE9: script error when click on workflow from document details page
42268: Fix for ALF-11152 - License Usage information always shows 0 users
42269: Fix for ALF-15211 - TinyMCE corrupting hyperlinks
42275: ALF-15993: alfresco log not removed if uninstalled on a different day
- Fix from Bitrock
- Also fixed for awe and share logs
42289: Merged DEV to V4.1-BUG-FIX
42276: ALF-1907: Check out rule is active for spaces
- Unit test for checkout via action executer
Fixed line endings and split asserts
42292: ALF-15937: updated the Javadoc of the checkin method to be in sync with what's in doc.alfresco.com
42307: Fix handling of syncmodeconfig=OFF when running 4.1.X locally without doing full enterprise build.
42308: Fix ALF-13968: Share DocLib sorting mixes files and folders
- implicitly sort folders before files (~ pre 4.x) then selected sort option, such as name
- also allow Alf-specific option with CMIS getChildren (eg. "orderBy=cmis:baseTypeId DESC,cmis:name ASC")
42310: Merged BRANCHES/DEV/BELARUS/V4.1-BUG-FIX-2012_09_24 to BRANCHES/DEV/V4.1-BUG-FIX:
42309: ALF-15707 (ALF-14691) - Any custom aspect or type (including ootb workflow) is not available for API calls like api/classes/<type or aspect>
42338: Merged BRANCHES/DEV/V3.4-BUG-FIX to BRANCHES/DEV/V4.1-BUG-FIX
42337: Fix for ALF-14764 - Moving a folder removes non-site Group permissions set, resets 'Inherit permissions flag'
42339: Fix for ALF-15151 - Selected group is illegible(black) in Admin console if High contrast theme is selected
42342: ALF-10362: Activities fail to log "name" changes with more than 1024 chars (eg. via Share "Create Content" form)
- part I - fix Share config so that default "Create Content" form restricts to 255 chars as per other form config (eg. Edit Properties, inline rename, ...)
42353: Merged V3.4-BUG-FIX to V4.1-BUG-FIX (RECORD ONLY)
42281: Fix for ALF-9946 Need a supported solution for switching off content indexing (FTS) -> merge only to 4.1-BUG-FIX
- remove references to isIndexed property which was removed in the back port
42360: ALF-16146: Fixed QName of the data list item type.
42361: ALF-10362: Activities fail to log "name" changes with more than 1024 chars (eg. via Share "Create Content" form)
- part II - belts-and-braces (with unit test)
42362: Merged DEV to V4.1-BUG-FIX
42336: ALF-16160: office 2010 doesn't notify users of files being locked when using sharepoint protocol
MS Office (if we enabled notification about document unlocking) periodically sends PROPFIND requests to get info about active locks. This code makes PROPFIND be able to send an info about locks for the MS Office 2010 client if a document was locked for edit offline.
42363: ALF-16213: renaming versioned file results in file being deleted.
42368: Record only merge V3.4-BUG-FIX (3.4.12) to V4.1-BUG-FIX (4.1.2)
42367: Merge V3.4 (3.4.11) to V3.4-BUG-FIX (3.4.12)
42366: ALF-16137: Merge V4.1 (4.1.1) to V3.4 (3.4.11)
42048: ALF-16005 Could not transform file size of 0 kb
- Turns out that it was only doc ppt and xls zero byte files that had the problem.
- Reverting part of revision 6473 (release 2.1 2007) AR-1251 (Version error when saving new content via CIFS)
Dave W tells me that this is no longer an issue due to other changes
42381: Fixed ALF-16218: Solr GetNodes return status is 500 for Postgresql
- Read-only webscript was calling through to "qnameDAO.getOrCreateQName",
which could fail if the QName does not exist. Issue is not critical because
it will start working once the QName gets created.
42384: ALF-15868 RepoTransferReceiverImplTest failing on MySQL
Checked in a refactor of the transaction handling in the test to remove the suspicion that the current failure iis somehow a test error. (Still fails on MySQL)
42395: ALF-14353: Deploy pom files with dependencies to the Maven repo
42405: ALF-15986: Upgrade to Bitrock 8.5.0 in order to improve font scaling and adaptive layout with Gtk
- Helps I18N
42407: Fixed 'state leak' from ActivityServiceImplTest
42408: Merged BRANCHES/DEV/FEATURES/CLOUD1_CLOUDSYNC to BRANCHES/DEV/V4.1-BUG-FIX:
42389: CLOUD-796: handle unknown custom content/folder type
42396: CLOUD-796: handle unknown custom content/folder type
42397: Merged BRANCHES/DEV/V4.1-BUG-FIX to BRANCHES/DEV/FEATURES/CLOUD1_CLOUDSYNC:
41858: ALF-14444 - CloudSync: Ensure unknown properties when synced to Cloud are ignored properly
42406: CLOUD-796: handle unknown custom content/folder type
42409: CloudSync: CLOUD-796 / ALF-16226 - hide sync props in forms (eg. edit props) for sync'ed custom content type
42419: Fixes: ALF-11096 - Ensures event edit button is disabled if the event came from Outlook (this is because VTI connector is one directional & changes can't be pushed back).
42420: Fix for ALF-16003 - Sync mode is incorrectly cached as off if repo hasn't started when the check is made.
42430: More refactoring of RepoTransferReceiverImplTest.
42441: Merged V4.1-BUG-FIX to HEAD
42440: ALF-16247: Thumbnails not rendering for PDFs with standard fonts
- Because GS_LIB wasn't set on Linux and OSX
42452: Fix for ALF-15450 Share Lucene tool in admin console works incorrectly
42457: ALF-14347: Document workspace is incorrectly deleted
- Check returned status code from delete method before continuing to delete components.
42458: ALF-15700: 'Imap Attachments' folder is not localized.
- Added spaces.imap_attachments.childname property that allows the attachments folder to be localized
42459: ALF-16103: No easy way to specify a timeout for LDAP connections
- Added ldap-authentication/ldap-ad-authentication property (ldap.authentication.java.naming.read.timeout) to configure the com.sun.jndi.ldap.read.timeout for the initialDirContextEnvironment.
- ldap.authentication.java.naming.read.timeout property is configured in milliseconds. Defaults to zero (infinite) which is the current behavior.
42467: Fix for ALF-16275 SOLR include configuration to avoid indexing content
- done and fixed all configuration to be treated as Java properties
42472: ALF-16175: Merged PATCHES/V4.0.1 to V4.1-BUG-FIX (Record Only)
42448: ALF-16096: Repo corruption in MT - clean-up assistance requested
- Changed RepositoryAuthenticationDAO.getUserFolderLocation() to use getCurrentUserDomain() for its cache key.
42473: ALF-14838 ALF-14839 Deploy Maven artifacts containing the config and the test-resources, using these as classifiers
42475: ALF-14180 - CIFS - Cluster - doc and docx files are opened in read-only mode via MS Office 2003 and 2010 appropriately
missed from check in 34544
42477: ALF-5051: Define ThumbnailDefinition Beans Outside of ThumbnailRegistry Bean
- Reverted imgpreview to enterprise 4.1 size of 480
42504: Reverse Merge 42458 ALF-15700: 'Imap Attachments' folder is not localized. Causes unit test failures.
42517: ALF-15700: Restoring duff revision 42458 so that we can finish the job and fix it
42518: ALF-15700: Corrected internationalization of IMAP Attachments folder
- RepositoryFolderConfigBean must look up paths by QName to be immune to localization and backward compatible
- Must throw an error rather than using the store root if the path contains unresolved placeholders!
- QName of attachments folder must remain "cm:Imap Attachments" because that's what it always was!
42528: ALF-16282: Hybrid Sync: folder unsync - sub-children still have sync indicators
- fix typo fallout from ALF-15420 (r40782) + add unit/regress test
42529: ALF-16231: Corrected Imap Attachments English string
42530: ALF-14838 ALF-14839 Fix enterprise artifacts + deploy jars instead of zips
42531: ALF-14770 Cut / Paste triggers folder rules
- Needed to disable rules on nodes being MOVED.
- Added extra check to RuleTypeImpl when working out if a rule was disabled so that debug would not be misleading.
No impact on logic, as RuleService does the same check later and discards the rules.
42546: ALF-15737 Audit trail does not show user login events
- Also does not show any failed login events
42568: ALF-16077 CLONE: Incorrect activities if you try to add/edit/remove comment for document (if this document contains any title)
The original activity feed comment code would include the title of a document, folder or blog rather than its name if it was available.
- name is a mandatory field for a document and folder.
- title is a mandatory field for a blog entry and its name may not be set via Share.
Changing activity feed comment code so that the:
- name is always used for documents and folders
- title is always used for blogs
42571: ALF-14838 ALF-14839 Deploy config and test-resoruces artifacts in the same batch as the main artifact, otherwise they get different snapshot versions
42582: ALF-16255: CopiedFromAspectPatch fails on rules copied with a folder
- Checked to make sure that cm:copiedfrom target is a cm:object before attempting a cm:original association.
- Remove cm:copiedfrom aspect from source if cm:copiedfrom target is not a cm:object.
42593: ALF-16255: CopiedFromAspectPatch fails on rules copied with a folder
- Corrections to log message and formatting.
42605: ALF-16231: Fixed broken IMAP unit tests
42612: Further fix for ALF-16164 Cloud monitoring of SOLR is CPU intensive due to its repeated use of the SOLR stats page
- protect from dodgey JSON output
42624: ALF-14353: switch groupId to org.alfresco.enterprise, to be in sync with actual Maven deployment
42657: Fix for ALF-16359 Fix SOLR logging in production and other environments
- configure in log4j-solr.properties anywhere on the solr web app classpath ...
42671: ALF-14353: fix facebook api dependency
42679: Merged V3.4-BUG-FIX to V4.1-BUG-FIX
42172: ALF-15262: Correct handling of linked rule deletion
- When the last rule is removed from a folder and the ASPECT_RULES aspect is removed from its parent, we must cascade this removal to its secondary parents
42173: ALF-14400: Only site members can Edit Online (sharepoint) although the site is public and permissions allow editing for everybody
- Rationalized the fix provided by Alex Malinovsky
- Don't bother checking site memberships - let ACLs handle that and just check for permission to read the document
42182: Incremented version revision for 3.4.12
42243: ALF-15262: Further correction by Dmitry: use beforeRemoveAspect because beforeDeleteChildAssociation is not invoked on deletion of primary child associations
42278: ALF-12999: Correction by Alex M
42586: BDE-101: make .MD5 files suitable for easy check with md5sum -c
42627: Merged DEV to V3.4-BUG-FIX
42537: ALF-16139: Impossible to connect to CMIS via AtomPub and Web Services
Activation libraries (including all Geronimo versions) have been removed because of a conflict with libraries in JBoss CXF WS installation. Also, 'javax.activation' is part of the JDK 1.6 (http://docs.oracle.com/javase/6/docs/api/javax/activation/DataHandler.html)
42677: Merged V3.4 to V3.4-BUG-FIX
42380: ALF-16220: Merged V4.1-BUG-FIX to V3.4
40590: ALF-15318: It was possible for a user with a disabled / expired account to log in via NTLM/SSO
40663: Merged DEV to V4.1-BUG-FIX
40661: ALF-15318 (part 2): It's possible to log in by disabled user (NTLM with SSO in a clustered env)
The onValidateFailed() methods were moved to BaseSSOAuthenticationFilter to response with a 401 for a disabled user.
42556: ALF-15077: Site creation in Share is very very slow with over 15000 sites
- Probably knock-on impact from us versioning secondary associations properly
- Found old way of locating a leaf document to be ineffective as it would blow the caches (find all documents with the correct ID, then filter out the containers)
- Effect was magnified when admin user was previously accessed via the explorer client and thus had an app:configurations child node, thus making admin a container and requiring its paths (e.g. zillions of nested group memberships) to be indexed
- Instead, we have a new LEAFID field on leaves that we can use to efficiently locate a node to delete without hitting zillions of containers
- Left backward compatible code to avoid requiring a full reindex
42557: ALF-16202: Merged V4.1-BUG-FIX to V3.4
40937: ALF-15702, ALF-15669: mmt-dependencies was messing up the SDK classpath
42566: ALF-15077: Correction to category-handling logic in container generation to fix failing unit tests
42608: Merged DEV to V3.4
42543: ALF-16248 : IE specific: It's impossible to create any event due to script error
Correction for the fix for ALF-13623 to support IE8, also added clearing of 'allday' checkbox.
42622: ALF-16339: Group names incorrect in (non-site) "Manage Permissions" page
- Site name was being used as the display name of all site groups!
42632: ALF-16354: Merged PATCHES/V3.4.6 to V3.4-BUG-FIX
42521: ALF-16231: Corrected LockUtils.isLockedOrReadOnly to properly handle the LOCK_EXPIRED status
- Also fixed CheckOutCheckInService.checkout() to respect LOCK_EXPIRED but still disallow overwrite of unexpired WRITE_LOCKS
42522: ALF-16231: Further improvements
- Renamed to isLockedAndReadOnly because that's what it means!
42644: ALF-16298: Cannot install RM amps on 4.1.1
- Passed command line arguments from shell script to mmt utility
42656: ALF-16298: Correction to DOS argument concatenation to allow multiple parameters separated by space
42664: ALF-16358: NPE detected during benchmark test.
- Guarding against this in LeafScorer
42665: ALF-16360: Merged HEAD to V3.4
42440: ALF-16247: Thumbnails not rendering for PDFs with standard fonts
- Because GS_LIB wasn't set on Linux and OSX
42447: ALF-16247: Thumbnails not rendering for PDFs with standard fonts
- Fixes by Bitrock
42678: Merged V3.4 to V3.4-BUG-FIX (RECORD ONLY)
42244: Merged V3.4-BUG-FIX to V3.4
42172: ALF-15262: Correct handling of linked rule deletion
- When the last rule is removed from a folder and the ASPECT_RULES aspect is removed from its parent, we must cascade this removal to its secondary parents
42243: ALF-15262: Further correction by Dmitry: use beforeRemoveAspect because beforeDeleteChildAssociation is not invoked on deletion of primary child associations
42279: Merged V3.4-BUG-FIX to V3.4
42278: ALF-12999: Correction by Alex M
42282: Merged V3.4-BUG-FIX to V3.4
42281: Fix for ALF-9946 Need a supported solution for switching off content indexing (FTS) -> merge only to 4.1-BUG-FIX
- remove references to isIndexed property which was removed in the back port
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@42683 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2000 lines
73 KiB
Java
2000 lines
73 KiB
Java
/*
|
|
* Copyright (C) 2005-2012 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.security.person;
|
|
|
|
import java.io.Serializable;
|
|
import java.util.ArrayList;
|
|
import java.util.Arrays;
|
|
import java.util.Collections;
|
|
import java.util.Comparator;
|
|
import java.util.HashMap;
|
|
import java.util.HashSet;
|
|
import java.util.LinkedHashSet;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
import java.util.StringTokenizer;
|
|
import java.util.concurrent.ConcurrentHashMap;
|
|
|
|
import org.alfresco.error.AlfrescoRuntimeException;
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.query.CannedQuery;
|
|
import org.alfresco.query.CannedQueryFactory;
|
|
import org.alfresco.query.CannedQueryResults;
|
|
import org.alfresco.query.PagingRequest;
|
|
import org.alfresco.query.PagingResults;
|
|
import org.alfresco.repo.action.executer.MailActionExecuter;
|
|
import org.alfresco.repo.cache.SimpleCache;
|
|
import org.alfresco.repo.domain.permissions.AclDAO;
|
|
import org.alfresco.repo.node.NodeServicePolicies;
|
|
import org.alfresco.repo.node.NodeServicePolicies.BeforeCreateNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.OnCreateNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy;
|
|
import org.alfresco.repo.node.getchildren.FilterProp;
|
|
import org.alfresco.repo.node.getchildren.FilterPropString;
|
|
import org.alfresco.repo.node.getchildren.FilterPropString.FilterTypeString;
|
|
import org.alfresco.repo.node.getchildren.GetChildrenCannedQuery;
|
|
import org.alfresco.repo.node.getchildren.GetChildrenCannedQueryFactory;
|
|
import org.alfresco.repo.policy.JavaBehaviour;
|
|
import org.alfresco.repo.policy.PolicyComponent;
|
|
import org.alfresco.repo.search.SearcherException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
|
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
|
|
import org.alfresco.repo.tenant.TenantDomainMismatchException;
|
|
import org.alfresco.repo.tenant.TenantService;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
|
|
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
|
import org.alfresco.repo.transaction.TransactionListenerAdapter;
|
|
import org.alfresco.repo.transaction.TransactionalResourceHelper;
|
|
import org.alfresco.service.ServiceRegistry;
|
|
import org.alfresco.service.cmr.action.Action;
|
|
import org.alfresco.service.cmr.action.ActionService;
|
|
import org.alfresco.service.cmr.admin.RepoAdminService;
|
|
import org.alfresco.service.cmr.admin.RepoUsage.UsageType;
|
|
import org.alfresco.service.cmr.admin.RepoUsageStatus;
|
|
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
|
import org.alfresco.service.cmr.invitation.InvitationException;
|
|
import org.alfresco.service.cmr.model.FileFolderService;
|
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.repository.TemplateService;
|
|
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
|
|
import org.alfresco.service.cmr.search.LimitBy;
|
|
import org.alfresco.service.cmr.search.ResultSet;
|
|
import org.alfresco.service.cmr.search.SearchParameters;
|
|
import org.alfresco.service.cmr.search.SearchService;
|
|
import org.alfresco.service.cmr.security.AuthorityService;
|
|
import org.alfresco.service.cmr.security.AuthorityType;
|
|
import org.alfresco.service.cmr.security.MutableAuthenticationService;
|
|
import org.alfresco.service.cmr.security.NoSuchPersonException;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.service.namespace.NamespacePrefixResolver;
|
|
import org.alfresco.service.namespace.NamespaceService;
|
|
import org.alfresco.service.namespace.QName;
|
|
import org.alfresco.service.namespace.RegexQNamePattern;
|
|
import org.alfresco.service.transaction.TransactionService;
|
|
import org.alfresco.util.EqualsHelper;
|
|
import org.alfresco.util.GUID;
|
|
import org.alfresco.util.ModelUtil;
|
|
import org.alfresco.util.Pair;
|
|
import org.alfresco.util.ParameterCheck;
|
|
import org.alfresco.util.PropertyCheck;
|
|
import org.alfresco.util.registry.NamedObjectRegistry;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.springframework.extensions.surf.util.I18NUtil;
|
|
|
|
public class PersonServiceImpl extends TransactionListenerAdapter implements PersonService,
|
|
NodeServicePolicies.BeforeCreateNodePolicy,
|
|
NodeServicePolicies.OnCreateNodePolicy,
|
|
NodeServicePolicies.BeforeDeleteNodePolicy,
|
|
NodeServicePolicies.OnUpdatePropertiesPolicy
|
|
|
|
{
|
|
private static Log logger = LogFactory.getLog(PersonServiceImpl.class);
|
|
|
|
private static final String CANNED_QUERY_PEOPLE_LIST = "peopleGetChildrenCannedQueryFactory";
|
|
|
|
private static final String DELETE = "DELETE";
|
|
private static final String SPLIT = "SPLIT";
|
|
private static final String LEAVE = "LEAVE";
|
|
public static final String SYSTEM_FOLDER_SHORT_QNAME = "sys:system";
|
|
public static final String PEOPLE_FOLDER_SHORT_QNAME = "sys:people";
|
|
private static final String SYSTEM_USAGE_WARN_LIMIT_USERS_EXCEEDED_VERBOSE = "system.usage.err.limit_users_exceeded_verbose";
|
|
|
|
private static final String KEY_POST_TXN_DUPLICATES = "PersonServiceImpl.KEY_POST_TXN_DUPLICATES";
|
|
public static final String KEY_ALLOW_UID_UPDATE = "PersonServiceImpl.KEY_ALLOW_UID_UPDATE";
|
|
private static final String KEY_USERS_CREATED = "PersonServiceImpl.KEY_USERS_CREATED";
|
|
|
|
private StoreRef storeRef;
|
|
private TransactionService transactionService;
|
|
private NodeService nodeService;
|
|
private TenantService tenantService;
|
|
private SearchService searchService;
|
|
private AuthorityService authorityService;
|
|
private MutableAuthenticationService authenticationService;
|
|
private DictionaryService dictionaryService;
|
|
private PermissionServiceSPI permissionServiceSPI;
|
|
private NamespacePrefixResolver namespacePrefixResolver;
|
|
private HomeFolderManager homeFolderManager;
|
|
private PolicyComponent policyComponent;
|
|
private AclDAO aclDao;
|
|
private PermissionsManager permissionsManager;
|
|
private RepoAdminService repoAdminService;
|
|
private ServiceRegistry serviceRegistry;
|
|
|
|
private boolean createMissingPeople;
|
|
private static Set<QName> mutableProperties;
|
|
private String defaultHomeFolderProvider;
|
|
private boolean processDuplicates = true;
|
|
private String duplicateMode = LEAVE;
|
|
private boolean lastIsBest = true;
|
|
private boolean includeAutoCreated = false;
|
|
|
|
private NamedObjectRegistry<CannedQueryFactory<NodeRef>> cannedQueryRegistry;
|
|
|
|
/** a transactionally-safe cache to be injected */
|
|
private SimpleCache<String, Set<NodeRef>> personCache;
|
|
|
|
/** People Container ref cache (Tennant aware) */
|
|
private Map<String, NodeRef> peopleContainerRefs = new ConcurrentHashMap<String, NodeRef>(4);
|
|
|
|
private UserNameMatcher userNameMatcher;
|
|
|
|
private JavaBehaviour beforeCreateNodeValidationBehaviour;
|
|
private JavaBehaviour beforeDeleteNodeValidationBehaviour;
|
|
|
|
private boolean homeFolderCreationEager;
|
|
|
|
static
|
|
{
|
|
Set<QName> props = new HashSet<QName>();
|
|
props.add(ContentModel.PROP_HOMEFOLDER);
|
|
props.add(ContentModel.PROP_FIRSTNAME);
|
|
// Middle Name
|
|
props.add(ContentModel.PROP_LASTNAME);
|
|
props.add(ContentModel.PROP_EMAIL);
|
|
props.add(ContentModel.PROP_ORGID);
|
|
mutableProperties = Collections.unmodifiableSet(props);
|
|
}
|
|
|
|
@Override
|
|
public boolean equals(Object obj)
|
|
{
|
|
return this == obj;
|
|
}
|
|
|
|
@Override
|
|
public int hashCode()
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
/**
|
|
* Spring bean init method
|
|
*/
|
|
public void init()
|
|
{
|
|
PropertyCheck.mandatory(this, "storeUrl", storeRef);
|
|
PropertyCheck.mandatory(this, "transactionService", transactionService);
|
|
PropertyCheck.mandatory(this, "nodeService", nodeService);
|
|
PropertyCheck.mandatory(this, "permissionServiceSPI", permissionServiceSPI);
|
|
PropertyCheck.mandatory(this, "authorityService", authorityService);
|
|
PropertyCheck.mandatory(this, "authenticationService", authenticationService);
|
|
PropertyCheck.mandatory(this, "namespacePrefixResolver", namespacePrefixResolver);
|
|
PropertyCheck.mandatory(this, "policyComponent", policyComponent);
|
|
PropertyCheck.mandatory(this, "personCache", personCache);
|
|
PropertyCheck.mandatory(this, "aclDao", aclDao);
|
|
PropertyCheck.mandatory(this, "homeFolderManager", homeFolderManager);
|
|
PropertyCheck.mandatory(this, "repoAdminService", repoAdminService);
|
|
|
|
beforeCreateNodeValidationBehaviour = new JavaBehaviour(this, "beforeCreateNodeValidation");
|
|
this.policyComponent.bindClassBehaviour(
|
|
BeforeCreateNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
beforeCreateNodeValidationBehaviour);
|
|
|
|
beforeDeleteNodeValidationBehaviour = new JavaBehaviour(this, "beforeDeleteNodeValidation");
|
|
this.policyComponent.bindClassBehaviour(
|
|
BeforeDeleteNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
beforeDeleteNodeValidationBehaviour);
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnCreateNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "onCreateNode"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
BeforeDeleteNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "beforeDeleteNode"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnUpdatePropertiesPolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "onUpdateProperties"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnUpdatePropertiesPolicy.QNAME,
|
|
ContentModel.TYPE_USER,
|
|
new JavaBehaviour(this, "onUpdatePropertiesUser"));
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void setCreateMissingPeople(boolean createMissingPeople)
|
|
{
|
|
this.createMissingPeople = createMissingPeople;
|
|
}
|
|
|
|
public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver)
|
|
{
|
|
this.namespacePrefixResolver = namespacePrefixResolver;
|
|
}
|
|
|
|
public void setAuthorityService(AuthorityService authorityService)
|
|
{
|
|
this.authorityService = authorityService;
|
|
}
|
|
|
|
public void setAuthenticationService(MutableAuthenticationService authenticationService)
|
|
{
|
|
this.authenticationService = authenticationService;
|
|
}
|
|
|
|
public void setDictionaryService(DictionaryService dictionaryService)
|
|
{
|
|
this.dictionaryService = dictionaryService;
|
|
}
|
|
|
|
public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)
|
|
{
|
|
this.permissionServiceSPI = permissionServiceSPI;
|
|
}
|
|
|
|
public void setTransactionService(TransactionService transactionService)
|
|
{
|
|
this.transactionService = transactionService;
|
|
}
|
|
|
|
public void setServiceRegistry(ServiceRegistry serviceRegistry)
|
|
{
|
|
this.serviceRegistry = serviceRegistry;
|
|
}
|
|
|
|
public void setNodeService(NodeService nodeService)
|
|
{
|
|
this.nodeService = nodeService;
|
|
}
|
|
|
|
public void setTenantService(TenantService tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
public void setSearchService(SearchService searchService)
|
|
{
|
|
this.searchService = searchService;
|
|
}
|
|
|
|
public void setRepoAdminService(RepoAdminService repoAdminService)
|
|
{
|
|
this.repoAdminService = repoAdminService;
|
|
}
|
|
|
|
public void setPolicyComponent(PolicyComponent policyComponent)
|
|
{
|
|
this.policyComponent = policyComponent;
|
|
}
|
|
|
|
public void setStoreUrl(String storeUrl)
|
|
{
|
|
this.storeRef = new StoreRef(storeUrl);
|
|
}
|
|
|
|
public void setUserNameMatcher(UserNameMatcher userNameMatcher)
|
|
{
|
|
this.userNameMatcher = userNameMatcher;
|
|
}
|
|
|
|
void setDefaultHomeFolderProvider(String defaultHomeFolderProvider)
|
|
{
|
|
this.defaultHomeFolderProvider = defaultHomeFolderProvider;
|
|
}
|
|
|
|
public void setDuplicateMode(String duplicateMode)
|
|
{
|
|
this.duplicateMode = duplicateMode;
|
|
}
|
|
|
|
public void setIncludeAutoCreated(boolean includeAutoCreated)
|
|
{
|
|
this.includeAutoCreated = includeAutoCreated;
|
|
}
|
|
|
|
public void setLastIsBest(boolean lastIsBest)
|
|
{
|
|
this.lastIsBest = lastIsBest;
|
|
}
|
|
|
|
public void setProcessDuplicates(boolean processDuplicates)
|
|
{
|
|
this.processDuplicates = processDuplicates;
|
|
}
|
|
|
|
public void setHomeFolderManager(HomeFolderManager homeFolderManager)
|
|
{
|
|
this.homeFolderManager = homeFolderManager;
|
|
}
|
|
|
|
/**
|
|
* Indicates if home folders should be created when the person
|
|
* is created or delayed until first accessed.
|
|
*/
|
|
public void setHomeFolderCreationEager(boolean homeFolderCreationEager)
|
|
{
|
|
this.homeFolderCreationEager = homeFolderCreationEager;
|
|
}
|
|
|
|
public void setAclDAO(AclDAO aclDao)
|
|
{
|
|
this.aclDao = aclDao;
|
|
}
|
|
|
|
public void setPermissionsManager(PermissionsManager permissionsManager)
|
|
{
|
|
this.permissionsManager = permissionsManager;
|
|
}
|
|
|
|
/**
|
|
* Set the registry of {@link CannedQueryFactory canned queries}
|
|
*/
|
|
public void setCannedQueryRegistry(NamedObjectRegistry<CannedQueryFactory<NodeRef>> cannedQueryRegistry)
|
|
{
|
|
this.cannedQueryRegistry = cannedQueryRegistry;
|
|
}
|
|
|
|
/**
|
|
* Set the username to person cache.
|
|
*/
|
|
public void setPersonCache(SimpleCache<String, Set<NodeRef>> personCache)
|
|
{
|
|
this.personCache = personCache;
|
|
}
|
|
|
|
/**
|
|
* Avoid injection issues: Look it up from the Service Registry as required
|
|
*/
|
|
private FileFolderService getFileFolderService()
|
|
{
|
|
return serviceRegistry.getFileFolderService();
|
|
}
|
|
|
|
/**
|
|
* Avoid injection issues: Look it up from the Service Registry as required
|
|
*/
|
|
private NamespaceService getNamespaceService()
|
|
{
|
|
return serviceRegistry.getNamespaceService();
|
|
}
|
|
|
|
/**
|
|
* Avoid injection issues: Look it up from the Service Registry as required
|
|
*/
|
|
private ActionService getActionService()
|
|
{
|
|
return serviceRegistry.getActionService();
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getPerson(String userName)
|
|
{
|
|
return getPerson(userName, true);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getPerson(final String userName, final boolean autoCreateHomeFolderAndMissingPersonIfAllowed)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantUser(userName))
|
|
{
|
|
final String tenantDomain = tenantService.getUserDomain(userName);
|
|
|
|
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
return getPersonImpl(userName, autoCreateHomeFolderAndMissingPersonIfAllowed);
|
|
}
|
|
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
return getPersonImpl(userName, autoCreateHomeFolderAndMissingPersonIfAllowed);
|
|
}
|
|
}
|
|
|
|
private NodeRef getPersonImpl(String userName, boolean autoCreateHomeFolderAndMissingPersonIfAllowed)
|
|
{
|
|
if(userName == null)
|
|
{
|
|
return null;
|
|
}
|
|
if(userName.length() == 0)
|
|
{
|
|
return null;
|
|
}
|
|
NodeRef personNode = getPersonOrNull(userName);
|
|
if (personNode == null)
|
|
{
|
|
TxnReadState txnReadState = AlfrescoTransactionSupport.getTransactionReadState();
|
|
if (autoCreateHomeFolderAndMissingPersonIfAllowed && createMissingPeople() &&
|
|
txnReadState == TxnReadState.TXN_READ_WRITE)
|
|
{
|
|
// We create missing people AND are in a read-write txn
|
|
return createMissingPerson(userName, true);
|
|
}
|
|
else
|
|
{
|
|
throw new NoSuchPersonException(userName);
|
|
}
|
|
}
|
|
else if (autoCreateHomeFolderAndMissingPersonIfAllowed)
|
|
{
|
|
makeHomeFolderIfRequired(personNode);
|
|
}
|
|
return personNode;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean personExists(String caseSensitiveUserName)
|
|
{
|
|
return getPersonOrNull(caseSensitiveUserName) != null;
|
|
}
|
|
|
|
private NodeRef getPersonOrNull(String searchUserName)
|
|
{
|
|
Set<NodeRef> allRefs = getFromCache(searchUserName);
|
|
boolean addToCache = false;
|
|
if (allRefs == null)
|
|
{
|
|
List<ChildAssociationRef> childRefs = nodeService.getChildAssocs(
|
|
getPeopleContainer(),
|
|
ContentModel.ASSOC_CHILDREN,
|
|
getChildNameLower(searchUserName),
|
|
false);
|
|
allRefs = new LinkedHashSet<NodeRef>(childRefs.size() * 2);
|
|
|
|
for (ChildAssociationRef childRef : childRefs)
|
|
{
|
|
NodeRef nodeRef = childRef.getChildRef();
|
|
allRefs.add(nodeRef);
|
|
}
|
|
addToCache = true;
|
|
}
|
|
|
|
List<NodeRef> refs = new ArrayList<NodeRef>(allRefs.size());
|
|
Set<NodeRef> nodesToRemoveFromCache = new HashSet<NodeRef>();
|
|
for (NodeRef nodeRef : allRefs)
|
|
{
|
|
if (nodeService.exists(nodeRef))
|
|
{
|
|
Serializable value = nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, value);
|
|
if (userNameMatcher.matches(searchUserName, realUserName))
|
|
{
|
|
refs.add(nodeRef);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
nodesToRemoveFromCache.add(nodeRef);
|
|
}
|
|
}
|
|
|
|
if (!nodesToRemoveFromCache.isEmpty())
|
|
{
|
|
allRefs.removeAll(nodesToRemoveFromCache);
|
|
}
|
|
|
|
NodeRef returnRef = null;
|
|
if (refs.size() > 1)
|
|
{
|
|
returnRef = handleDuplicates(refs, searchUserName);
|
|
}
|
|
else if (refs.size() == 1)
|
|
{
|
|
returnRef = refs.get(0);
|
|
|
|
if (addToCache)
|
|
{
|
|
// Don't bother caching unless we get a result that doesn't need duplicate processing
|
|
putToCache(searchUserName, allRefs);
|
|
}
|
|
}
|
|
return returnRef;
|
|
}
|
|
|
|
private NodeRef handleDuplicates(List<NodeRef> refs, String searchUserName)
|
|
{
|
|
if (processDuplicates)
|
|
{
|
|
NodeRef best = findBest(refs);
|
|
HashSet<NodeRef> toHandle = new HashSet<NodeRef>();
|
|
toHandle.addAll(refs);
|
|
toHandle.remove(best);
|
|
addDuplicateNodeRefsToHandle(toHandle);
|
|
return best;
|
|
}
|
|
else
|
|
{
|
|
String userNameSensitivity = " (user name is case-" + (userNameMatcher.getUserNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
|
|
String domainNameSensitivity = "";
|
|
if (!userNameMatcher.getDomainSeparator().equals(""))
|
|
{
|
|
domainNameSensitivity = " (domain name is case-" + (userNameMatcher.getDomainNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
|
|
}
|
|
|
|
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName + userNameSensitivity + domainNameSensitivity);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get the txn-bound usernames that need cleaning up
|
|
*/
|
|
private Set<NodeRef> getPostTxnDuplicates()
|
|
{
|
|
@SuppressWarnings("unchecked")
|
|
Set<NodeRef> postTxnDuplicates = (Set<NodeRef>) AlfrescoTransactionSupport.getResource(KEY_POST_TXN_DUPLICATES);
|
|
if (postTxnDuplicates == null)
|
|
{
|
|
postTxnDuplicates = new HashSet<NodeRef>();
|
|
AlfrescoTransactionSupport.bindResource(KEY_POST_TXN_DUPLICATES, postTxnDuplicates);
|
|
}
|
|
return postTxnDuplicates;
|
|
}
|
|
|
|
/**
|
|
* Flag a username for cleanup after the transaction.
|
|
*/
|
|
private void addDuplicateNodeRefsToHandle(Set<NodeRef> refs)
|
|
{
|
|
// Firstly, bind this service to the transaction
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
// Now get the post txn duplicate list
|
|
Set<NodeRef> postTxnDuplicates = getPostTxnDuplicates();
|
|
postTxnDuplicates.addAll(refs);
|
|
}
|
|
|
|
/**
|
|
* Process clean up any duplicates that were flagged during the transaction.
|
|
*/
|
|
@Override
|
|
public void afterCommit()
|
|
{
|
|
// Get the duplicates in a form that can be read by the transaction work anonymous instance
|
|
final Set<NodeRef> postTxnDuplicates = getPostTxnDuplicates();
|
|
if (postTxnDuplicates.size() == 0)
|
|
{
|
|
// Nothing to do
|
|
return;
|
|
}
|
|
|
|
RetryingTransactionCallback<Object> processDuplicateWork = new RetryingTransactionCallback<Object>()
|
|
{
|
|
public Object execute() throws Throwable
|
|
{
|
|
if (duplicateMode.equalsIgnoreCase(SPLIT))
|
|
{
|
|
logger.info("Splitting " + postTxnDuplicates.size() + " duplicate person objects.");
|
|
// Allow UIDs to be updated in this transaction
|
|
AlfrescoTransactionSupport.bindResource(KEY_ALLOW_UID_UPDATE, Boolean.TRUE);
|
|
split(postTxnDuplicates);
|
|
logger.info("Split " + postTxnDuplicates.size() + " duplicate person objects.");
|
|
}
|
|
else if (duplicateMode.equalsIgnoreCase(DELETE))
|
|
{
|
|
delete(postTxnDuplicates);
|
|
logger.info("Deleted duplicate person objects");
|
|
}
|
|
else
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Duplicate person objects exist");
|
|
}
|
|
}
|
|
|
|
// Done
|
|
return null;
|
|
}
|
|
};
|
|
transactionService.getRetryingTransactionHelper().doInTransaction(processDuplicateWork, false, true);
|
|
}
|
|
|
|
private void delete(Set<NodeRef> toDelete)
|
|
{
|
|
for (NodeRef nodeRef : toDelete)
|
|
{
|
|
deletePerson(nodeRef);
|
|
}
|
|
}
|
|
|
|
private void split(Set<NodeRef> toSplit)
|
|
{
|
|
for (NodeRef nodeRef : toSplit)
|
|
{
|
|
String userName = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
String newUserName = userName + GUID.generate();
|
|
nodeService.setProperty(nodeRef, ContentModel.PROP_USERNAME, userName + GUID.generate());
|
|
logger.info(" New person object: " + newUserName);
|
|
}
|
|
}
|
|
|
|
private NodeRef findBest(List<NodeRef> refs)
|
|
{
|
|
// Given that we might not have audit attributes, use the assumption that the node ID increases to sort the
|
|
// nodes
|
|
if (lastIsBest)
|
|
{
|
|
Collections.sort(refs, new NodeIdComparator(nodeService, false));
|
|
}
|
|
else
|
|
{
|
|
Collections.sort(refs, new NodeIdComparator(nodeService, true));
|
|
}
|
|
|
|
NodeRef fallBack = null;
|
|
|
|
for (NodeRef nodeRef : refs)
|
|
{
|
|
if (fallBack == null)
|
|
{
|
|
fallBack = nodeRef;
|
|
}
|
|
|
|
if (includeAutoCreated || !wasAutoCreated(nodeRef))
|
|
{
|
|
return nodeRef;
|
|
}
|
|
}
|
|
|
|
return fallBack;
|
|
}
|
|
|
|
private boolean wasAutoCreated(NodeRef nodeRef)
|
|
{
|
|
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME));
|
|
|
|
String testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_FIRSTNAME));
|
|
if ((testString == null) || !testString.equals(userName))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_LASTNAME));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_EMAIL));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_ORGID));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_HOME_FOLDER_PROVIDER));
|
|
if ((testString == null) || !testString.equals(defaultHomeFolderProvider))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean createMissingPeople()
|
|
{
|
|
return createMissingPeople;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public Set<QName> getMutableProperties()
|
|
{
|
|
return mutableProperties;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void setPersonProperties(String userName, Map<QName, Serializable> properties)
|
|
{
|
|
setPersonProperties(userName, properties, true);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void setPersonProperties(String userName, Map<QName, Serializable> properties, boolean autoCreateHomeFolder)
|
|
{
|
|
NodeRef personNode = getPersonOrNull(userName);
|
|
if (personNode == null)
|
|
{
|
|
if (createMissingPeople())
|
|
{
|
|
personNode = createMissingPerson(userName, autoCreateHomeFolder);
|
|
}
|
|
else
|
|
{
|
|
throw new PersonException("No person found for user name " + userName);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Must create the home folder first as a property holds its location.
|
|
if (autoCreateHomeFolder)
|
|
{
|
|
makeHomeFolderIfRequired(personNode);
|
|
}
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode, ContentModel.PROP_USERNAME));
|
|
String suggestedUserName;
|
|
|
|
// LDAP sync: allow change of case if we have case insensitive user names and the same name in a different case
|
|
if (getUserNamesAreCaseSensitive()
|
|
|| (suggestedUserName = (String) properties.get(ContentModel.PROP_USERNAME)) == null
|
|
|| !suggestedUserName.equalsIgnoreCase(realUserName))
|
|
{
|
|
properties.put(ContentModel.PROP_USERNAME, realUserName);
|
|
}
|
|
}
|
|
Map<QName, Serializable> update = nodeService.getProperties(personNode);
|
|
update.putAll(properties);
|
|
|
|
nodeService.setProperties(personNode, update);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean isMutable()
|
|
{
|
|
return true;
|
|
}
|
|
|
|
private NodeRef createMissingPerson(String userName, boolean autoCreateHomeFolder)
|
|
{
|
|
HashMap<QName, Serializable> properties = getDefaultProperties(userName);
|
|
NodeRef person = createPerson(properties);
|
|
|
|
// The home folder will ONLY exist after the the person is created if
|
|
// homeFolderCreationEager == true
|
|
if (autoCreateHomeFolder && homeFolderCreationEager == false)
|
|
{
|
|
makeHomeFolderIfRequired(person);
|
|
}
|
|
|
|
return person;
|
|
}
|
|
|
|
private void makeHomeFolderIfRequired(NodeRef person)
|
|
{
|
|
if (person != null)
|
|
{
|
|
NodeRef homeFolder = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER));
|
|
if (homeFolder == null)
|
|
{
|
|
final ChildAssociationRef ref = nodeService.getPrimaryParent(person);
|
|
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Object>()
|
|
{
|
|
public Object execute() throws Throwable
|
|
{
|
|
makeHomeFolderAsSystem(ref);
|
|
return null;
|
|
}
|
|
}, transactionService.isReadOnly(), transactionService.isReadOnly() ? false : AlfrescoTransactionSupport.getTransactionReadState() == TxnReadState.TXN_READ_ONLY);
|
|
}
|
|
}
|
|
}
|
|
|
|
private void makeHomeFolderAsSystem(final ChildAssociationRef childAssocRef)
|
|
{
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
@Override
|
|
public Object doWork() throws Exception
|
|
{
|
|
homeFolderManager.makeHomeFolder(childAssocRef);
|
|
return null;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
}
|
|
|
|
private HashMap<QName, Serializable> getDefaultProperties(String userName)
|
|
{
|
|
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
properties.put(ContentModel.PROP_FIRSTNAME, tenantService.getBaseNameUser(userName));
|
|
properties.put(ContentModel.PROP_LASTNAME, "");
|
|
properties.put(ContentModel.PROP_EMAIL, "");
|
|
properties.put(ContentModel.PROP_ORGID, "");
|
|
properties.put(ContentModel.PROP_HOME_FOLDER_PROVIDER, defaultHomeFolderProvider);
|
|
|
|
properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
|
|
properties.put(ContentModel.PROP_SIZE_QUOTA, -1L); // no quota
|
|
|
|
return properties;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef createPerson(Map<QName, Serializable> properties)
|
|
{
|
|
return createPerson(properties, authorityService.getDefaultZones());
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef createPerson(Map<QName, Serializable> properties, Set<String> zones)
|
|
{
|
|
ParameterCheck.mandatory("properties", properties);
|
|
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_USERNAME));
|
|
if (userName == null)
|
|
{
|
|
throw new IllegalArgumentException("No username specified when creating the person.");
|
|
}
|
|
|
|
/*
|
|
* Check restrictions on the number of users
|
|
*/
|
|
Long maxUsers = repoAdminService.getRestrictions().getUsers();
|
|
if (maxUsers != null)
|
|
{
|
|
// Get the set of users created in this transaction
|
|
Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
|
|
usersCreated.add(userName);
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
}
|
|
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(userName);
|
|
if (authorityType != AuthorityType.USER)
|
|
{
|
|
throw new AlfrescoRuntimeException("Attempt to create person for an authority which is not a user");
|
|
}
|
|
|
|
tenantService.checkDomainUser(userName);
|
|
|
|
if (personExists(userName))
|
|
{
|
|
throw new AlfrescoRuntimeException("Person '" + userName + "' already exists.");
|
|
}
|
|
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
|
|
|
|
NodeRef personRef = null;
|
|
try
|
|
{
|
|
beforeCreateNodeValidationBehaviour.disable();
|
|
|
|
personRef = nodeService.createNode(
|
|
getPeopleContainer(),
|
|
ContentModel.ASSOC_CHILDREN,
|
|
getChildNameLower(userName), // Lowercase:
|
|
ContentModel.TYPE_PERSON, properties).getChildRef();
|
|
}
|
|
finally
|
|
{
|
|
beforeCreateNodeValidationBehaviour.enable();
|
|
}
|
|
|
|
if (zones != null)
|
|
{
|
|
for (String zone : zones)
|
|
{
|
|
// Add the person to an authentication zone (corresponding to an external user registry)
|
|
// Let's preserve case on this child association
|
|
nodeService.addChild(authorityService.getOrCreateZone(zone), personRef, ContentModel.ASSOC_IN_ZONE, QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, userName, namespacePrefixResolver));
|
|
}
|
|
}
|
|
|
|
removeFromCache(userName);
|
|
|
|
return personRef;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void notifyPerson(final String userName, final String password)
|
|
{
|
|
// Get the details of our user, or fail trying
|
|
NodeRef noderef = getPerson(userName, false);
|
|
Map<QName,Serializable> userProps = nodeService.getProperties(noderef);
|
|
|
|
// Do they have an email set? We can't email them if not...
|
|
String email = null;
|
|
if (userProps.containsKey(ContentModel.PROP_EMAIL))
|
|
{
|
|
email = (String)userProps.get(ContentModel.PROP_EMAIL);
|
|
}
|
|
|
|
if (email == null || email.length() == 0)
|
|
{
|
|
if (logger.isInfoEnabled())
|
|
{
|
|
logger.info("Not sending new user notification to " + userName + " as no email address found");
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
// We need a freemarker model, so turn the QNames into
|
|
// something a bit more freemarker friendly
|
|
Map<String,Serializable> model = buildEmailTemplateModel(userProps);
|
|
model.put("password", password); // Not stored on the person
|
|
|
|
// Set the details of the person sending the email into the model
|
|
NodeRef creatorNR = getPerson(AuthenticationUtil.getFullyAuthenticatedUser());
|
|
Map<QName,Serializable> creatorProps = nodeService.getProperties(creatorNR);
|
|
Map<String,Serializable> creator = buildEmailTemplateModel(creatorProps);
|
|
model.put("creator", (Serializable)creator);
|
|
|
|
// Set share information into the model
|
|
String productName = ModelUtil.getProductName(repoAdminService);
|
|
model.put(TemplateService.KEY_PRODUCT_NAME, productName);
|
|
|
|
// Set the details for the action
|
|
Map<String,Serializable> actionParams = new HashMap<String, Serializable>();
|
|
actionParams.put(MailActionExecuter.PARAM_TEMPLATE_MODEL, (Serializable)model);
|
|
actionParams.put(MailActionExecuter.PARAM_TO, email);
|
|
actionParams.put(MailActionExecuter.PARAM_FROM, creatorProps.get(ContentModel.PROP_EMAIL));
|
|
actionParams.put(MailActionExecuter.PARAM_SUBJECT,
|
|
I18NUtil.getMessage("invitation.notification.person.email.subject", productName));
|
|
|
|
// Pick the appropriate localised template
|
|
actionParams.put(MailActionExecuter.PARAM_TEMPLATE, getNotifyEmailTemplateNodeRef());
|
|
|
|
// Ask for the email to be sent asynchronously
|
|
Action mailAction = getActionService().createAction(MailActionExecuter.NAME, actionParams);
|
|
getActionService().executeAction(mailAction, noderef, false, true);
|
|
}
|
|
|
|
/**
|
|
* Finds the email template and then attempts to find a localized version
|
|
*/
|
|
private NodeRef getNotifyEmailTemplateNodeRef()
|
|
{
|
|
// Find the new user email template
|
|
String xpath = "app:company_home/app:dictionary/app:email_templates/cm:invite/cm:new-user-email.html.ftl";
|
|
try
|
|
{
|
|
NodeRef rootNodeRef = nodeService.getRootNode(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE);
|
|
List<NodeRef> nodeRefs = searchService.selectNodes(
|
|
rootNodeRef,
|
|
xpath,
|
|
null,
|
|
getNamespaceService(),
|
|
false);
|
|
if (nodeRefs.size() > 1)
|
|
{
|
|
logger.error("Found too many email templates using: " + xpath);
|
|
nodeRefs = Collections.singletonList(nodeRefs.get(0));
|
|
}
|
|
else if (nodeRefs.size() == 0)
|
|
{
|
|
throw new InvitationException("Cannot find the email template using " + xpath);
|
|
}
|
|
// Now localise this
|
|
NodeRef base = nodeRefs.get(0);
|
|
NodeRef local = getFileFolderService().getLocalizedSibling(base);
|
|
return local;
|
|
}
|
|
catch (SearcherException e)
|
|
{
|
|
throw new InvitationException("Cannot find the email template!", e);
|
|
}
|
|
}
|
|
|
|
private Map<String,Serializable> buildEmailTemplateModel(Map<QName,Serializable> props)
|
|
{
|
|
Map<String,Serializable> model = new HashMap<String, Serializable>((int)(props.size()*1.5));
|
|
for (QName qname : props.keySet())
|
|
{
|
|
model.put(qname.getLocalName(), props.get(qname));
|
|
model.put(qname.getLocalName().toLowerCase(), props.get(qname));
|
|
}
|
|
return model;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getPeopleContainer()
|
|
{
|
|
String cacheKey = tenantService.getCurrentUserDomain();
|
|
NodeRef peopleNodeRef = peopleContainerRefs.get(cacheKey);
|
|
if (peopleNodeRef == null)
|
|
{
|
|
NodeRef rootNodeRef = nodeService.getRootNode(tenantService.getName(storeRef));
|
|
List<ChildAssociationRef> children = nodeService.getChildAssocs(rootNodeRef, RegexQNamePattern.MATCH_ALL,
|
|
QName.createQName(SYSTEM_FOLDER_SHORT_QNAME, namespacePrefixResolver), false);
|
|
|
|
if (children.size() == 0)
|
|
{
|
|
throw new AlfrescoRuntimeException("Required people system path not found: "
|
|
+ SYSTEM_FOLDER_SHORT_QNAME);
|
|
}
|
|
|
|
NodeRef systemNodeRef = children.get(0).getChildRef();
|
|
|
|
children = nodeService.getChildAssocs(systemNodeRef, RegexQNamePattern.MATCH_ALL, QName.createQName(
|
|
PEOPLE_FOLDER_SHORT_QNAME, namespacePrefixResolver), false);
|
|
|
|
if (children.size() == 0)
|
|
{
|
|
throw new AlfrescoRuntimeException("Required people system path not found: "
|
|
+ PEOPLE_FOLDER_SHORT_QNAME);
|
|
}
|
|
|
|
peopleNodeRef = children.get(0).getChildRef();
|
|
peopleContainerRefs.put(cacheKey, peopleNodeRef);
|
|
}
|
|
return peopleNodeRef;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void deletePerson(String userName)
|
|
{
|
|
// Normalize the username to avoid case sensitivity issues
|
|
userName = getUserIdentifier(userName);
|
|
if (userName == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
NodeRef personRef = getPersonOrNull(userName);
|
|
|
|
deletePersonImpl(userName, personRef);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void deletePerson(NodeRef personRef)
|
|
{
|
|
QName typeQName = nodeService.getType(personRef);
|
|
if (typeQName.equals(ContentModel.TYPE_PERSON))
|
|
{
|
|
String userName = (String) this.nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
|
|
deletePersonImpl(userName, personRef);
|
|
}
|
|
else
|
|
{
|
|
throw new AlfrescoRuntimeException("deletePerson: invalid type of node "+personRef+" (actual="+typeQName+", expected="+ContentModel.TYPE_PERSON+")");
|
|
}
|
|
}
|
|
|
|
private void deletePersonImpl(String userName, NodeRef personRef)
|
|
{
|
|
if (userName != null)
|
|
{
|
|
// Remove internally-stored password information, if any
|
|
try
|
|
{
|
|
authenticationService.deleteAuthentication(userName);
|
|
}
|
|
catch (AuthenticationException e)
|
|
{
|
|
// Ignore this - externally authenticated user
|
|
}
|
|
|
|
// Invalidate all that user's tickets
|
|
try
|
|
{
|
|
authenticationService.invalidateUserSession(userName);
|
|
}
|
|
catch (AuthenticationException e)
|
|
{
|
|
// Ignore this
|
|
}
|
|
|
|
// remove any user permissions
|
|
permissionServiceSPI.deletePermissions(userName);
|
|
}
|
|
|
|
// delete the person
|
|
if (personRef != null)
|
|
{
|
|
try
|
|
{
|
|
beforeDeleteNodeValidationBehaviour.disable();
|
|
|
|
nodeService.deleteNode(personRef);
|
|
}
|
|
finally
|
|
{
|
|
beforeDeleteNodeValidationBehaviour.enable();
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Kick off the transaction listener for create user. It has the side-effect of
|
|
* recalculating the number of users.
|
|
*/
|
|
Long maxUsers = repoAdminService.getRestrictions().getUsers();
|
|
if (maxUsers != null)
|
|
{
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*
|
|
* @deprecated see getPeople
|
|
*/
|
|
public Set<NodeRef> getAllPeople()
|
|
{
|
|
List<PersonInfo> personInfos = getPeople(null, true, null, new PagingRequest(Integer.MAX_VALUE, null)).getPage();
|
|
Set<NodeRef> refs = new HashSet<NodeRef>(personInfos.size());
|
|
for (PersonInfo personInfo : personInfos)
|
|
{
|
|
refs.add(personInfo.getNodeRef());
|
|
}
|
|
return refs;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public PagingResults<PersonInfo> getPeople(List<Pair<QName, String>> stringPropFilters, boolean filterIgnoreCase, List<Pair<QName, Boolean>> sortProps, PagingRequest pagingRequest)
|
|
{
|
|
ParameterCheck.mandatory("pagingRequest", pagingRequest);
|
|
|
|
Long start = (logger.isDebugEnabled() ? System.currentTimeMillis() : null);
|
|
|
|
// TODO Remove this ALF-14127 hot fix code (calling nonCannedGetPeopleQuery(...) once this canned query does not fetch all rows from the database,
|
|
// which is very slow when there are a lot of users. 10,000 user takes about 4 seconds. The customer has 90,000.
|
|
CannedQueryResults<NodeRef> cqResults = null;
|
|
String searchValue = null;
|
|
if (filterIgnoreCase && pagingRequest != null && pagingRequest.getQueryExecutionId() == null && pagingRequest.getSkipCount() == 0)
|
|
{
|
|
searchValue = getSearchOnNameValue(stringPropFilters);
|
|
}
|
|
if (searchValue != null)
|
|
{
|
|
cqResults = nonCannedGetPeopleQuery(searchValue, pagingRequest);
|
|
}
|
|
else
|
|
{
|
|
NodeRef contextNodeRef = getPeopleContainer();
|
|
|
|
Set<QName> childTypeQNames = new HashSet<QName>(1);
|
|
childTypeQNames.add(ContentModel.TYPE_PERSON);
|
|
|
|
// get canned query
|
|
GetChildrenCannedQueryFactory getChildrenCannedQueryFactory = (GetChildrenCannedQueryFactory)cannedQueryRegistry.getNamedObject(CANNED_QUERY_PEOPLE_LIST);
|
|
|
|
List<FilterProp> filterProps = null;
|
|
if (stringPropFilters != null)
|
|
{
|
|
filterProps = new ArrayList<FilterProp>(stringPropFilters.size());
|
|
for (Pair<QName, String> filterProp : stringPropFilters)
|
|
{
|
|
String filterStr = filterProp.getSecond();
|
|
if ((filterStr == null) || (filterStr.equals("")) || (filterStr.equals("*")))
|
|
{
|
|
// The wildcard means no filtering is needed on this property
|
|
continue;
|
|
}
|
|
else if (filterStr.endsWith("*"))
|
|
{
|
|
// The trailing * is implicit
|
|
filterStr = filterStr.substring(0, filterStr.length()-1);
|
|
}
|
|
|
|
// Turn this into a canned query filter
|
|
filterProps.add(new FilterPropString(filterProp.getFirst(), filterStr, (filterIgnoreCase ? FilterTypeString.STARTSWITH_IGNORECASE : FilterTypeString.STARTSWITH)));
|
|
}
|
|
}
|
|
|
|
GetChildrenCannedQuery cq = (GetChildrenCannedQuery)getChildrenCannedQueryFactory.getCannedQuery(contextNodeRef, null, null, childTypeQNames, filterProps, sortProps, pagingRequest);
|
|
|
|
// execute canned query
|
|
cqResults = cq.execute();
|
|
}
|
|
|
|
final CannedQueryResults<NodeRef> results = cqResults;
|
|
final List<NodeRef> nodeRefs;
|
|
if (results.getPageCount() > 0)
|
|
{
|
|
nodeRefs = results.getPages().get(0);
|
|
}
|
|
else
|
|
{
|
|
nodeRefs = Collections.emptyList();
|
|
}
|
|
|
|
// set total count
|
|
final Pair<Integer, Integer> totalCount;
|
|
if (pagingRequest.getRequestTotalCountMax() > 0)
|
|
{
|
|
totalCount = results.getTotalResultCount();
|
|
}
|
|
else
|
|
{
|
|
totalCount = null;
|
|
}
|
|
|
|
if (start != null)
|
|
{
|
|
int cnt = results.getPagedResultCount();
|
|
int skipCount = pagingRequest.getSkipCount();
|
|
int maxItems = pagingRequest.getMaxItems();
|
|
boolean hasMoreItems = results.hasMoreItems();
|
|
int pageNum = (skipCount / maxItems) + 1;
|
|
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug(
|
|
"getPeople: "+cnt+" items in "+(System.currentTimeMillis()-start)+" msecs " +
|
|
"[pageNum="+pageNum+",skip="+skipCount+",max="+maxItems+",hasMorePages="+hasMoreItems+
|
|
",totalCount="+totalCount+",filters="+stringPropFilters+
|
|
",filtersIgnoreCase="+filterIgnoreCase+"]");
|
|
}
|
|
}
|
|
|
|
final List<PersonInfo> personInfos = new ArrayList<PersonInfo>(nodeRefs.size());
|
|
for (NodeRef nodeRef : nodeRefs)
|
|
{
|
|
Map<QName, Serializable> props = nodeService.getProperties(nodeRef);
|
|
personInfos.add(new PersonInfo(nodeRef,
|
|
(String)props.get(ContentModel.PROP_USERNAME),
|
|
(String)props.get(ContentModel.PROP_FIRSTNAME),
|
|
(String)props.get(ContentModel.PROP_LASTNAME)));
|
|
}
|
|
|
|
return new PagingResults<PersonInfo>()
|
|
{
|
|
@Override
|
|
public String getQueryExecutionId()
|
|
{
|
|
return results.getQueryExecutionId();
|
|
}
|
|
@Override
|
|
public List<PersonInfo> getPage()
|
|
{
|
|
return personInfos;
|
|
}
|
|
@Override
|
|
public boolean hasMoreItems()
|
|
{
|
|
return results.hasMoreItems();
|
|
}
|
|
@Override
|
|
public Pair<Integer, Integer> getTotalResultCount()
|
|
{
|
|
return totalCount;
|
|
}
|
|
};
|
|
}
|
|
|
|
/**
|
|
* If the search is on first, last and user name only with the same value, return that value,
|
|
* otherwise return null.
|
|
*/
|
|
// TODO Remove this ALF-14127 hot fix code once this canned query does not fetch all rows from the database.
|
|
private String getSearchOnNameValue(List<Pair<QName, String>> stringPropFilters)
|
|
{
|
|
String filter = null;
|
|
if (stringPropFilters != null && stringPropFilters.size() == 3)
|
|
{
|
|
// Does not check we don't have duplicates.
|
|
for (int i=0; i < 3; i++)
|
|
{
|
|
Pair<QName, String> pair = stringPropFilters.get(i);
|
|
if (i == 0)
|
|
{
|
|
filter = pair.getSecond().trim();
|
|
if (filter == null || filter.length() == 0)
|
|
{
|
|
filter = null;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ((i != 0 && !filter.equals(pair.getSecond().trim()) || !NAME_SEARCH_NAMES.contains(pair.getFirst())))
|
|
{
|
|
filter = null;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
return filter;
|
|
}
|
|
|
|
// TODO Remove this ALF-14127 hot fix code once this canned query does not fetch all rows from the database.
|
|
private static final List<QName> NAME_SEARCH_NAMES = Arrays.asList(new QName[] {
|
|
ContentModel.PROP_FIRSTNAME, ContentModel.PROP_LASTNAME, ContentModel.PROP_USERNAME});
|
|
|
|
/**
|
|
* Use Solr search based on code in org.alfresco.repo.jscript.People.getPeople(String, int)
|
|
*/
|
|
// TODO Remove this ALF-14127 hot fix code once this canned query does not fetch all rows from the database.
|
|
private CannedQueryResults<NodeRef> nonCannedGetPeopleQuery(String filter, PagingRequest pagingRequest)
|
|
{
|
|
Long start = (logger.isDebugEnabled() ? System.currentTimeMillis() : null);
|
|
int maxResults = pagingRequest != null ? pagingRequest.getMaxItems() : Integer.MAX_VALUE;
|
|
if (maxResults <= 0)
|
|
{
|
|
maxResults = Integer.MAX_VALUE;
|
|
}
|
|
|
|
String term = filter.replace("\\", "").replace("\"", "");
|
|
StringTokenizer t = new StringTokenizer(term, " ");
|
|
int propIndex = term.indexOf(':');
|
|
|
|
SearchParameters params = new SearchParameters();
|
|
params.addQueryTemplate("_PERSON", "|%firstName OR |%lastName OR |%userName");
|
|
params.setDefaultFieldName("_PERSON");
|
|
|
|
StringBuilder query = new StringBuilder(256);
|
|
|
|
query.append("TYPE:\"").append(ContentModel.TYPE_PERSON).append("\" AND (");
|
|
|
|
if (t.countTokens() == 1)
|
|
{
|
|
// single word with no field will go against _PERSON and expand
|
|
|
|
// fts-alfresco property search i.e. location:"maidenhead"
|
|
query.append(term.substring(0, propIndex + 1)).append('"')
|
|
.append(term.substring(propIndex + 1));
|
|
if (propIndex > 0)
|
|
{
|
|
query.append('"');
|
|
}
|
|
else
|
|
{
|
|
query.append("*\"");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// scan for non-fts-alfresco property search tokens
|
|
int nonFtsTokens = 0;
|
|
while (t.hasMoreTokens())
|
|
{
|
|
if (t.nextToken().indexOf(':') == -1)
|
|
nonFtsTokens++;
|
|
}
|
|
t = new StringTokenizer(term, " ");
|
|
|
|
// multiple terms supplied - look for first and second name etc.
|
|
// assume first term is first name, any more are second i.e.
|
|
// "Fraun van de Wiels"
|
|
// also allow fts-alfresco property search to reduce results
|
|
params.setDefaultOperator(SearchParameters.Operator.AND);
|
|
boolean firstToken = true;
|
|
boolean tokenSurname = false;
|
|
boolean propertySearch = false;
|
|
while (t.hasMoreTokens())
|
|
{
|
|
term = t.nextToken();
|
|
if (!propertySearch && term.indexOf(':') == -1)
|
|
{
|
|
if (nonFtsTokens == 1)
|
|
{
|
|
// simple search: first name, last name and username
|
|
// starting with term
|
|
query.append("_PERSON:\"");
|
|
query.append(term);
|
|
query.append("*\" ");
|
|
}
|
|
else
|
|
{
|
|
if (firstToken)
|
|
{
|
|
query.append("firstName:\"");
|
|
query.append(term);
|
|
query.append("*\" ");
|
|
|
|
firstToken = false;
|
|
}
|
|
else
|
|
{
|
|
if (tokenSurname)
|
|
{
|
|
query.append("OR ");
|
|
}
|
|
query.append("lastName:\"");
|
|
query.append(term);
|
|
query.append("*\" ");
|
|
|
|
tokenSurname = true;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// fts-alfresco property search i.e. "location:maidenhead"
|
|
propIndex = term.indexOf(':');
|
|
query.append(term.substring(0, propIndex + 1)).append('"')
|
|
.append(term.substring(propIndex + 1)).append('"');
|
|
|
|
propertySearch = true;
|
|
}
|
|
}
|
|
}
|
|
query.append(")");
|
|
|
|
// define the search parameters
|
|
params.setLanguage(SearchService.LANGUAGE_FTS_ALFRESCO);
|
|
params.addStore(this.storeRef);
|
|
params.setQuery(query.toString());
|
|
if (maxResults > 0)
|
|
{
|
|
params.setLimitBy(LimitBy.FINAL_SIZE);
|
|
params.setLimit(maxResults);
|
|
}
|
|
|
|
ResultSet results = null;
|
|
List<NodeRef> resultNodeRefs = null;
|
|
try
|
|
{
|
|
results = searchService.query(params);
|
|
resultNodeRefs = results.getNodeRefs();
|
|
}
|
|
catch (Throwable err)
|
|
{
|
|
resultNodeRefs = Collections.emptyList();
|
|
|
|
// hide query parse error from users
|
|
if (logger.isDebugEnabled())
|
|
logger.debug("Failed to execute people search: " + query.toString(), err);
|
|
}
|
|
finally
|
|
{
|
|
if (results != null)
|
|
{
|
|
results.close();
|
|
}
|
|
}
|
|
|
|
// Turn NodeRefs into a single page of results.
|
|
final List<NodeRef> nodRefs = resultNodeRefs;
|
|
CannedQueryResults<NodeRef> cqResults = new CannedQueryResults<NodeRef>()
|
|
{
|
|
@Override
|
|
public CannedQuery<NodeRef> getOriginatingQuery()
|
|
{
|
|
return null;
|
|
}
|
|
|
|
@Override
|
|
public String getQueryExecutionId()
|
|
{
|
|
return null;
|
|
}
|
|
|
|
@Override
|
|
public Pair<Integer, Integer> getTotalResultCount()
|
|
{
|
|
int size = nodRefs.size();
|
|
return new Pair<Integer, Integer>(size, size);
|
|
}
|
|
|
|
@Override
|
|
public int getPagedResultCount()
|
|
{
|
|
return nodRefs.size();
|
|
}
|
|
|
|
@Override
|
|
public int getPageCount()
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
@Override
|
|
public NodeRef getSingleResult()
|
|
{
|
|
if (nodRefs.size() != 1)
|
|
{
|
|
throw new IllegalStateException(
|
|
"There must be exactly one page of one result available.");
|
|
}
|
|
return nodRefs.get(0);
|
|
}
|
|
|
|
@Override
|
|
public List<NodeRef> getPage()
|
|
{
|
|
return nodRefs;
|
|
}
|
|
|
|
@Override
|
|
public List<List<NodeRef>> getPages()
|
|
{
|
|
return Collections.singletonList(getPage());
|
|
}
|
|
|
|
@Override
|
|
public boolean hasMoreItems()
|
|
{
|
|
return false;
|
|
}
|
|
};
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("nonCannedGetPeopleQuery(\""+filter+"\", "+maxResults+") "+cqResults.getTotalResultCount()+" in "+(System.currentTimeMillis()-start)+" msecs ");
|
|
}
|
|
return cqResults;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public Set<NodeRef> getPeopleFilteredByProperty(QName propertyKey, Serializable propertyValue, int count)
|
|
{
|
|
if (count > 1000)
|
|
{
|
|
throw new IllegalArgumentException("Only 1000 results are allowed but got a request for " + count + ". Use getPeople.");
|
|
}
|
|
|
|
// check that given property key is defined for content model type 'cm:person'
|
|
// and throw exception if it isn't
|
|
if (this.dictionaryService.getProperty(ContentModel.TYPE_PERSON, propertyKey) == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Property '" + propertyKey + "' is not defined " + "for content model type cm:person");
|
|
}
|
|
|
|
List<Pair<QName, String>> filterProps = new ArrayList<Pair<QName, String>>(1);
|
|
filterProps.add(new Pair<QName, String>(propertyKey, (String)propertyValue));
|
|
|
|
PagingRequest pagingRequest = new PagingRequest(count, null);
|
|
List<PersonInfo> personInfos = getPeople(filterProps, true, null, pagingRequest).getPage();
|
|
|
|
Set<NodeRef> refs = new HashSet<NodeRef>(personInfos.size());
|
|
for (PersonInfo personInfo : personInfos)
|
|
{
|
|
refs.add(personInfo.getNodeRef());
|
|
}
|
|
|
|
return refs;
|
|
}
|
|
|
|
// Policies
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void onCreateNode(ChildAssociationRef childAssocRef)
|
|
{
|
|
NodeRef personRef = childAssocRef.getChildRef();
|
|
|
|
String userName = (String) this.nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
|
|
|
|
if (getPeopleContainer().equals(childAssocRef.getParentRef()))
|
|
{
|
|
removeFromCache(userName);
|
|
}
|
|
|
|
permissionsManager.setPermissions(personRef, userName, userName);
|
|
|
|
// Make sure there is an authority entry - with a DB constraint for uniqueness
|
|
// aclDao.createAuthority(username);
|
|
|
|
if (homeFolderCreationEager)
|
|
{
|
|
makeHomeFolderAsSystem(childAssocRef);
|
|
}
|
|
}
|
|
|
|
private QName getChildNameLower(String userName)
|
|
{
|
|
return QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, userName.toLowerCase(), namespacePrefixResolver);
|
|
}
|
|
|
|
public void beforeCreateNode(
|
|
NodeRef parentRef,
|
|
QName assocTypeQName,
|
|
QName assocQName,
|
|
QName nodeTypeQName)
|
|
{
|
|
// NOOP
|
|
}
|
|
|
|
public void beforeCreateNodeValidation(
|
|
NodeRef parentRef,
|
|
QName assocTypeQName,
|
|
QName assocQName,
|
|
QName nodeTypeQName)
|
|
{
|
|
if (getPeopleContainer().equals(parentRef))
|
|
{
|
|
throw new AlfrescoRuntimeException("beforeCreateNode: use PersonService to create person");
|
|
}
|
|
else
|
|
{
|
|
logger.info("Person node is not being created under the people container (actual="+parentRef+", expected="+getPeopleContainer()+")");
|
|
}
|
|
}
|
|
|
|
public void beforeDeleteNode(NodeRef nodeRef)
|
|
{
|
|
String userName = (String) this.nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
if (this.authorityService.isGuestAuthority(userName))
|
|
{
|
|
throw new AlfrescoRuntimeException("The " + userName + " user cannot be deleted.");
|
|
}
|
|
|
|
NodeRef parentRef = null;
|
|
ChildAssociationRef parentAssocRef = nodeService.getPrimaryParent(nodeRef);
|
|
if (parentAssocRef != null)
|
|
{
|
|
parentRef = parentAssocRef.getParentRef();
|
|
if (getPeopleContainer().equals(parentRef))
|
|
{
|
|
removeFromCache(userName);
|
|
}
|
|
}
|
|
}
|
|
|
|
public void beforeDeleteNodeValidation(NodeRef nodeRef)
|
|
{
|
|
NodeRef parentRef = null;
|
|
ChildAssociationRef parentAssocRef = nodeService.getPrimaryParent(nodeRef);
|
|
if (parentAssocRef != null)
|
|
{
|
|
parentRef = parentAssocRef.getParentRef();
|
|
}
|
|
|
|
if (getPeopleContainer().equals(parentRef))
|
|
{
|
|
throw new AlfrescoRuntimeException("beforeDeleteNode: use PersonService to delete person");
|
|
}
|
|
else
|
|
{
|
|
logger.info("Person node that is being deleted is not under the parent people container (actual="+parentRef+", expected="+getPeopleContainer()+")");
|
|
}
|
|
}
|
|
|
|
private Set<NodeRef> getFromCache(String userName)
|
|
{
|
|
return this.personCache.get(userName.toLowerCase());
|
|
}
|
|
|
|
private void putToCache(String userName, Set<NodeRef> refs)
|
|
{
|
|
this.personCache.put(userName.toLowerCase(), refs);
|
|
}
|
|
|
|
private void removeFromCache(String userName)
|
|
{
|
|
this.personCache.remove(userName.toLowerCase());
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public String getUserIdentifier(String caseSensitiveUserName)
|
|
{
|
|
NodeRef nodeRef = getPersonOrNull(caseSensitiveUserName);
|
|
if ((nodeRef != null) && nodeService.exists(nodeRef))
|
|
{
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME));
|
|
return realUserName;
|
|
}
|
|
return null;
|
|
}
|
|
|
|
public static class NodeIdComparator implements Comparator<NodeRef>
|
|
{
|
|
private NodeService nodeService;
|
|
|
|
boolean ascending;
|
|
|
|
NodeIdComparator(NodeService nodeService, boolean ascending)
|
|
{
|
|
this.nodeService = nodeService;
|
|
this.ascending = ascending;
|
|
}
|
|
|
|
public int compare(NodeRef first, NodeRef second)
|
|
{
|
|
Long firstId = DefaultTypeConverter.INSTANCE.convert(Long.class, nodeService.getProperty(first, ContentModel.PROP_NODE_DBID));
|
|
Long secondId = DefaultTypeConverter.INSTANCE.convert(Long.class, nodeService.getProperty(second, ContentModel.PROP_NODE_DBID));
|
|
|
|
if (firstId != null)
|
|
{
|
|
if (secondId != null)
|
|
{
|
|
return firstId.compareTo(secondId) * (ascending ? 1 : -1);
|
|
}
|
|
else
|
|
{
|
|
return ascending ? -1 : 1;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (secondId != null)
|
|
{
|
|
return ascending ? 1 : -1;
|
|
}
|
|
else
|
|
{
|
|
return 0;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean getUserNamesAreCaseSensitive()
|
|
{
|
|
return userNameMatcher.getUserNamesAreCaseSensitive();
|
|
}
|
|
|
|
/**
|
|
* When a uid is changed we need to create an alias for the old uid so permissions are not broken. This can happen
|
|
* when an already existing user is updated via LDAP e.g. migration to LDAP, or when a user is auto created and then
|
|
* updated by LDAP This is probably less likely after 3.2 and sync on missing person See
|
|
* https://issues.alfresco.com/jira/browse/ETWOTWO-389 (non-Javadoc)
|
|
*/
|
|
public void onUpdateProperties(NodeRef nodeRef, Map<QName, Serializable> before, Map<QName, Serializable> after)
|
|
{
|
|
String uidBefore = DefaultTypeConverter.INSTANCE.convert(String.class, before.get(ContentModel.PROP_USERNAME));
|
|
if (uidBefore == null)
|
|
{
|
|
// Node has just been created; nothing to do
|
|
return;
|
|
}
|
|
String uidAfter = DefaultTypeConverter.INSTANCE.convert(String.class, after.get(ContentModel.PROP_USERNAME));
|
|
if (!EqualsHelper.nullSafeEquals(uidBefore, uidAfter))
|
|
{
|
|
// Only allow UID update if we are in the special split processing txn or we are just changing case
|
|
if (AlfrescoTransactionSupport.getResource(KEY_ALLOW_UID_UPDATE) != null || uidBefore.equalsIgnoreCase(uidAfter))
|
|
{
|
|
if (uidBefore != null)
|
|
{
|
|
// Fix any ACLs
|
|
aclDao.renameAuthority(uidBefore, uidAfter);
|
|
}
|
|
|
|
// Fix primary association local name
|
|
QName newAssocQName = getChildNameLower(uidAfter);
|
|
ChildAssociationRef assoc = nodeService.getPrimaryParent(nodeRef);
|
|
nodeService.moveNode(nodeRef, assoc.getParentRef(), assoc.getTypeQName(), newAssocQName);
|
|
|
|
// Fix other non-case sensitive parent associations
|
|
QName oldAssocQName = QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, uidBefore, namespacePrefixResolver);
|
|
newAssocQName = QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, uidAfter, namespacePrefixResolver);
|
|
for (ChildAssociationRef parent : nodeService.getParentAssocs(nodeRef))
|
|
{
|
|
if (!parent.isPrimary() && parent.getQName().equals(oldAssocQName))
|
|
{
|
|
nodeService.removeChildAssociation(parent);
|
|
nodeService.addChild(parent.getParentRef(), parent.getChildRef(), parent.getTypeQName(), newAssocQName);
|
|
}
|
|
}
|
|
|
|
// Fix cache
|
|
removeFromCache(uidBefore);
|
|
}
|
|
else
|
|
{
|
|
throw new UnsupportedOperationException("The user name on a person can not be changed");
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Track the {@link ContentModel#PROP_ENABLED enabled/disabled} flag on {@link ContentModel#TYPE_USER <b>cm:user</b>}.
|
|
*/
|
|
public void onUpdatePropertiesUser(NodeRef nodeRef, Map<QName, Serializable> before, Map<QName, Serializable> after)
|
|
{
|
|
String userName = (String) after.get(ContentModel.PROP_USER_USERNAME);
|
|
if (userName == null)
|
|
{
|
|
// Won't find user
|
|
return;
|
|
}
|
|
// Get the person
|
|
NodeRef personNodeRef = getPersonOrNull(userName);
|
|
if (personNodeRef == null)
|
|
{
|
|
// Don't attempt to maintain enabled/disabled flag
|
|
return;
|
|
}
|
|
|
|
// Check the enabled/disabled flag
|
|
Boolean enabled = (Boolean) after.get(ContentModel.PROP_ENABLED);
|
|
if (enabled == null || enabled.booleanValue())
|
|
{
|
|
nodeService.removeAspect(personNodeRef, ContentModel.ASPECT_PERSON_DISABLED);
|
|
}
|
|
else
|
|
{
|
|
nodeService.addAspect(personNodeRef, ContentModel.ASPECT_PERSON_DISABLED, null);
|
|
}
|
|
|
|
// Do post-commit user counting, if required
|
|
Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
|
|
usersCreated.add(userName);
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void beforeCommit(boolean readOnly)
|
|
{
|
|
// check whether max users has been exceeded
|
|
RunAsWork<Long> getMaxUsersWork = new RunAsWork<Long>()
|
|
{
|
|
@Override
|
|
public Long doWork() throws Exception
|
|
{
|
|
return repoAdminService.getRestrictions().getUsers();
|
|
}
|
|
};
|
|
Long maxUsers = AuthenticationUtil.runAs(getMaxUsersWork, AuthenticationUtil.getSystemUserName());
|
|
if(maxUsers == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
Long users = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Long>()
|
|
{
|
|
public Long doWork() throws Exception
|
|
{
|
|
repoAdminService.updateUsage(UsageType.USAGE_USERS);
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Number of users is " + repoAdminService.getUsage().getUsers());
|
|
}
|
|
return repoAdminService.getUsage().getUsers();
|
|
}
|
|
} , AuthenticationUtil.getSystemUserName());
|
|
|
|
// Get the set of users created in this transaction
|
|
Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
|
|
|
|
// If we exceed the limit, generate decent message about which users were being created, etc.
|
|
if (users > maxUsers)
|
|
{
|
|
List<String> usersMsg = new ArrayList<String>(5);
|
|
int i = 0;
|
|
for (String userCreated : usersCreated)
|
|
{
|
|
i++;
|
|
if (i > 5)
|
|
{
|
|
usersMsg.add(" ... more");
|
|
break;
|
|
}
|
|
else
|
|
{
|
|
usersMsg.add(userCreated);
|
|
}
|
|
}
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Maximum number of users exceeded: " + usersCreated);
|
|
}
|
|
throw AlfrescoRuntimeException.create(SYSTEM_USAGE_WARN_LIMIT_USERS_EXCEEDED_VERBOSE, maxUsers, usersMsg);
|
|
}
|
|
|
|
// Get the usages and log any warnings
|
|
RepoUsageStatus usageStatus = repoAdminService.getUsageStatus();
|
|
usageStatus.logMessages(logger);
|
|
}
|
|
|
|
public int countPeople()
|
|
{
|
|
NodeRef peopleContainer = getPeopleContainer();
|
|
return nodeService.countChildAssocs(peopleContainer, true);
|
|
}
|
|
|
|
/**
|
|
* Helper for when creating new users and people:
|
|
* Updates the supplied username with any required tenant
|
|
* details, and ensures that the tenant domains match.
|
|
* If Multi-Tenant is disabled, returns the same username.
|
|
*/
|
|
public static String updateUsernameForTenancy(String username, TenantService tenantService)
|
|
throws TenantDomainMismatchException
|
|
{
|
|
if(! tenantService.isEnabled())
|
|
{
|
|
// Nothing to do if not using multi tenant
|
|
return username;
|
|
}
|
|
|
|
String currentDomain = tenantService.getCurrentUserDomain();
|
|
if (! currentDomain.equals(TenantService.DEFAULT_DOMAIN))
|
|
{
|
|
if (! tenantService.isTenantUser(username))
|
|
{
|
|
// force domain onto the end of the username
|
|
username = tenantService.getDomainUser(username, currentDomain);
|
|
logger.warn("Added domain to username: " + username);
|
|
}
|
|
else
|
|
{
|
|
// Check the user's domain matches the current domain
|
|
// Throws a TenantDomainMismatchException if they don't match
|
|
tenantService.checkDomainUser(username);
|
|
}
|
|
}
|
|
return username;
|
|
}
|
|
|
|
@Override
|
|
public boolean isEnabled(String userName)
|
|
{
|
|
NodeRef noderef = getPerson(userName, false);
|
|
|
|
Serializable ser = nodeService.getProperty(noderef, ContentModel.PROP_ENABLED);
|
|
|
|
if (ser == null)
|
|
{
|
|
return true;
|
|
}
|
|
else
|
|
{
|
|
return DefaultTypeConverter.INSTANCE.booleanValue(ser);
|
|
}
|
|
|
|
}
|
|
} |