mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-14 17:58:59 +00:00
a7b885a1c6
29057: ALF-9491: Bitrock 7.2.2
29063: ALF-8766 Concatenated strings in EN webclient file
29066: Merge DEV/DEV/BELARUS/V3.4-BUG-FIX-2011_07_13 to DEV/V3.4-BUG-FIX
29010: ALF-7396: Japanese- Untranslated
29072: HomeFolderProvider work - Changes as a result of Dave Ward's comments
(HomeFolderManager not fully done as there is a spring issue with using NodeService, FileFolderService, fileFolderService, SearchService or searchService)
29074: ALF-7637 - Share displays incorrect folder contents after copy-on-outbound rule against working copy
29075: ALF-8406 - Configuring the datalist display for sub-types does not work
29082: ALF-6847 translation: "Collega" should be reverted to English: "Link" as per term list.
29087: ALF-5717 property names for wcm quickstart website-model had an invalid format or did not end in .description or .title
29093: Merge V3.3 to DEV/V3.4-BUG-FIX (28596)
28596: Remove dependency between subsystems and all the object factories in the parent context!
- Do not allow eager initialization when looking up parent post processors
- Removes circular dependencies from sysAdmin subsystem
29094: Merge HEAD to DEV/V3.4-BUG-FIX ()
28892: Broke circular references between NodeService beans, NodeIndexer, Lucene and back to NodeService.
- NodeIndexer is now bootstrapped to pull out reference to the Lucene beans
29100: Revert Merge V3.3 to DEV/V3.4-BUG-FIX (28596) Caused RepositoryStartupTest to fail
28596: Remove dependency between subsystems and all the object factories in the parent context!
- Do not allow eager initialization when looking up parent post processors
- Removes circular dependencies from sysAdmin subsystem
29102: ALF-9048: Make apply_amps.bat work from its installed location
29103: ALF-8746: Restored Japanese choice format translations
29104: Merged V3.3 to V3.4-BUG-FIX (Reinstated this revision as it is required)
28596: Remove dependency between subsystems and all the object factories in the parent context!
- Do not allow eager initialization when looking up parent post processors
- Removes circular dependencies from sysAdmin subsystem
29105: Use org.springframework.aop.target.LazyInitTargetSource in the NodeService public proxy to break a circular dependency
29106: Make PersonService interact with HomeFolderManager via a lazy proxy to prevent another circular dependency
- Simple HomeFolderManager interface created
- Implementation class renamed to PortableHomeFolderManager
- Removed TODOs from authentication-services-context.xml
29107: Forgot to remove the serviceRegistry dependency from homeFolderManager
29108: ALF-9529: Installer memory consumption and startup time improvements
- Bitrock discover the for loop!
29109: ALF-9530: Postgres installed as Windows service should run as a postgres user, not System
- Fix from Bitrock
29118: Fix for ALF-6737 - It's impossible to view any version of the wiki page if it was renamed with native characters
29119: Fix for ALF-5787 - strings extracted for L10N in Web form creation help text
29124: ALF-9530: Follow up fix from Bitrock
29126: Fix for ALF-8344 - Incorrect message is displayed while recover deleted file
29127: Fix for ALF-9445 - French - Share, translation on Transfer Target configuration
29129: ALF-9476: Make FTPS work on IBM JDK
29133: Fix failing DictionaryRestApiTest
29136: Fix build issues from 29104:
- run as system when creating home folders (PortableHomeFolderManager)
- re-factored onCreateNode out of PortableHomeFolderManager into PersonServiceImpl
- re-factored property PortableHomeFolderManager.enableHomeFolderCreationAsPeopleAreCreated to PersonServiceImpl.homeFolderCreationEager
29137: Fix for ALF-8831 - Internal error occurs in My Tasks Webscripts component
29138: Fix for ALF-8765 - Layout is displaced if translated string occupies more than 1 line
29140: Fix for ALF-8668 - Deleting author account causes Failed to load the forum posts
29142: - PortableHomeFolderManager: Moved code to run as System into PersonServiceImpl so that one must have a valid authority to call the publick makeHomeFolder method. The authority should already be valid if called via PersonServiceImpl.
- Removed unused policyBehaviourFilter property from PersonServiceImpl
29146: ALF-8701: partially translated string in html-upload.get_fr
29147: ALF-8727: DE - changes to Root Category
29149: ALF-8731: DE - Wiki changes (space before full stop)
29152: ALF-9503: Add space after colon in strings in file wdr-messages.properties
29153: Fixed ALF-7899: association.ftl does not render when showTargetLink=true in workflow
29165: ALF-8749: on submit action properties in wcn-workflow-messages.properties
29166: Fix for ALF-6220 - Language pack - .ftl localization
29167: ALF-9550 - Typos in new section of webclient.properties
29169: Fix for ALF-7844 - W3C: Impossible to activate 'Choose from popular tags in this site' link by Enter/Space keys
29170: Merge V3.4-TEAM to V3.4-BUG-FIX (3.4.4)
27471: Fix for ALF-8150 - check for visibility before applying focus to element for IE.
29171: Fixes: ALF-8922, removes date formatting from API (now returns ISO8601) and instead formats it on the client, using L10N strings.
29172: Fix for ALF-2023 - Repository Action - Copy item to specific space doesn not include content. The option to 'deep copy' is now exposed in the UI for Run Action and Rules in Explorer.
29173: Fix for ALF-1446 - Sorting of inline descendants is not observed
29175: ALF-241 - The item is not coppied via 'Paste All' in Shelf when 'Details' page is opened
29177: Fix for ALF-9520 - confusing sample config. Reordered sample config file as suggested.
29178: Fixed ALF-6400: GERMAN: Explorer mouse over hints for TinyMCE are not localized
Fixed ALF-5766: ALL translations errors in Explorer - Calendars are not localizable for content based on webforms
29202: Merge DEV/BELARUS/V3.4-BUG-FIX-2011_04_12 to V3.4-BUG-FIX (3.4.4)
27836: ALF-8524: CLONE - Sharepoint doesn't work with HTTPS
Changes in url links required for HTTPS support.
29203: Restored removal of postgresCreateSymLinksLinuxBuildingFromWindows tag (32 bit Linux) from revision 26582
29211: Fix for ALF-1051 - It is impossible to find link by tag from link details page
29212: Fix for ALF-5301 - TinyMCE is replacing carriage return with white spaces
29250: Latest L10N update for all languages (DE, ES, FR, IT, JA) from Gloria (based on r29172)
29253: L10N Update from Gloria
29270: Fixed ALF-516: Unable to add content/delete tables in webform content when using FireFox
29271: Update from Gloria
29272: Merged BRANCHES/DEV/BELARUS/V3.4-BUG-FIX-2011_07_13 to BRANCHES/DEV/V3.4-BUG-FIX: (with minor modification)
29223: ALF-7619: When document A has an association with a document B editing A's properties fails if user has no permission to edit B
29274: ALF-9517 Incorrect behaviour of versions on Copy action. Version is 0.1 rather than 1.0
29283: Resolve ALF-8273: Valid datetime value cannot be parsed by CMIS AtomPub interface
29284: Update from Gloria
29286: ALF-9596: Merged PATCHES/V3.4.1 to V3.4-BUG-FIX
28150: ALF-8607: Detailed debug logging when out of sync transaction detected by index checker / tracker
28177: ALF-8607: Corrections to debug logging in AbstractReindexComponent
28213: ALF-8607: Further corrections to debug logging in AbstractReindexComponent
- Log attributes from indexes, rather than nodeService properties
28341: ALF-8607: Stop index checker from 'lying'
- isTxnPresentInIndex() call must be made in a new transaction in order to get a database view in sync with the current indexes
28352: ALF-8607: Revisit transaction delineation. Nested transaction only required in checkTxnsImpl()
28403: ALF-8607: Merged PATCHES/V3.3.4 to PATCHES/V3.4.1
27823: ALF-7237: Index tracker needs to perform a cascade reindex on updated nodes in order to cope with node moves
28406: ALF-8607: Improvement to FTS fix. Prevent FTS from restoring documents that have been deleted!
28412: ALF-8607: Invalidate properties and aspects as well as parent assocs when stale cache entry dected during transaction tracking
28427: ALF-8607: Prevent NPE with bad NodeRef in ADMLuceneIndexerImpl.createDocumentsImpl()
28705: ALF-8607: Validate transaction IDs when fetching parent associations
- Compare the cached child node transaction ID against one fetched from the DB
- Stops us from pairing up the cached node for an older or newer transaction with the wrong parent associations
28707: ALF-8607: Merged PATCHES/V3.3.4 to PATCHES/V3.4.1
28588: ALF-7237: Prevent FTS from ever wiping out a document that still exists and ignore duplicates
28708: ALF-8607: Make FTS capable of recovering from cache concurrency issues by using a RetryingTransactionHelper and better exception handling.
- Also avoids skipping the entire batch when the reindexing of a particular document fails.
28710: ALF-8607: Corrected transaction delineation
28753: ALF-8607: Prevent errors caused by AbstractReindexComponent diagnostics trying to parse FTSREF document IDs as NodeRefs (which they aren't!)
28755: ALF-8607: When 'failing over' during FTS indexing, don't bother adding a FTS status document so we don't get stuck in a loop with a problematic document
28815: ALF-8607: Do two way validation of cached / fetched nodes and their parent associations to avoid skew
- Should resolve problem of tracking moves to the archive store and moves in general
28862: ALF-8607: Lucene indexers now support 'read through' behaviour for FTS and Index tracking batches
- Small discrete read only transactions used to read each reindexed node from the database / cache
- Avoids cache 'drift' and 'skew' after long running indexing transactions
28863: ALF-8607: Missing file
28869: ALF-8607: isTxnPresentInIndex() needs to 'read through' so index tracker and checker don't pollute the cache
28872: ALF-8607: Optimization to prevent constant writing to AVM indexes whilst 'ticking over'.
28950: ALF-8607: Improved logic in AbstractReindexComponent.isTxnPresentInIndex() so that we can reliably cope with multi-store transactions (e.g. archive store + spaces store)
- Due to FTS, the txn ID may have 'drifted in' to one store but not the other so we must validate all stores in the txn
29098: ALF-8607: Use getNodeRefStatus as a cache validation point for reindexing 'read through' transactions
- Guarantees that FTS reindexed node will see correct state (well if we had consistent read behaviour it would!)
- Removes stale nodeRef -> ID mappings (e.g. when original node moved to archive store and substituted with deleted node)
- Inexplicably seems to produce a ~30x speedup in performance tests on MySQL! Appears to remove a contention point. More investigation required to find out what!
29287: ALF-9598: Merged PATCHES/V3.4.1 to V3.4-BUG-FIX
28653: ALF-9189: More efficient usage of IndexReaders to avoid huge memory churn with large indexes
- A single reading thread could block out all other reading threads because a write lock is obtained whilst constructing a set of FilterIndexReaderByStringId readers and all deletions across all indexes have to be evaluated. We now cache a FilterIndexReaderByStringId for each 'layer' of the index so that we get some reuse. We also defer evaluation of deletions to AFTER the write lock is returned and in some cases never have to evaluate the deletions at all.
- When merging deletions we now make use of a cached index reader for locating the documents, and only resort to a new reader if deletions have to be performed. Hopefully this will mean that the reader for the largest indexes, containing the least recently used stuff, will get left alone most of the time.
28690: ALF-9189: Corrections to previous fix
- Forgot to remove non-lazy reader initialization
- Fixed NPE
- Reinstated correct looping behaviour - each processed delta must be considered as one of the indexes to search for the next processed delta
29099: ALF-9189: Avoid having to allocate a byte array full of number ones for all occurrences of a term to 'fake' norms.
- Severe Lucene memory hog during FTS
29262: ALF-9189: Fixed memory leak during index tracking / reindexing and further memory leak regression
- Fixed up Lucene refcounting again - remember to propagate through decrefs on ReferenceCounting readers
- Refined ALF-9189 fix to guarantee mainreader clean up
- Remember to flush the delta during reindexing / tracking
- Some extra trace diagnostics to help
29288: ALF-9600: Merged PATCHES/V3.4.1 to V3.4-BUG_FIX
28876: ALF-9041: Merged HEAD to PATCHES/V3.4.1
28850: Latest SpringSurf libs
- Fix to SSO connector passing empty username
29289: ALF-8241: assemble-tomcat populates endorsed directory with xalan.jar and serializer.jar and Bitrock installer installs these too
29291: Merged DEV/SWIFT to V3.4-BUG-FIX (3.4.4) - already merged to HEAD as part of a larger merge
26104: RM: Remove incomplete and unnecessary unit test
29302: Fix for ALF-8885 - Unable to paste item due to system error:null
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@29325 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
1688 lines
62 KiB
Java
1688 lines
62 KiB
Java
/*
|
|
* Copyright (C) 2005-2011 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.security.person;
|
|
|
|
import java.io.Serializable;
|
|
import java.util.ArrayList;
|
|
import java.util.Collections;
|
|
import java.util.Comparator;
|
|
import java.util.HashMap;
|
|
import java.util.HashSet;
|
|
import java.util.LinkedHashSet;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
import java.util.concurrent.ConcurrentHashMap;
|
|
|
|
import org.alfresco.error.AlfrescoRuntimeException;
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.query.CannedQueryFactory;
|
|
import org.alfresco.query.CannedQueryResults;
|
|
import org.alfresco.query.PagingRequest;
|
|
import org.alfresco.query.PagingResults;
|
|
import org.alfresco.repo.action.executer.MailActionExecuter;
|
|
import org.alfresco.repo.cache.SimpleCache;
|
|
import org.alfresco.repo.domain.permissions.AclDAO;
|
|
import org.alfresco.repo.node.NodeServicePolicies;
|
|
import org.alfresco.repo.node.NodeServicePolicies.BeforeCreateNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.OnCreateNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy;
|
|
import org.alfresco.repo.node.getchildren.FilterProp;
|
|
import org.alfresco.repo.node.getchildren.FilterPropString;
|
|
import org.alfresco.repo.node.getchildren.GetChildrenCannedQuery;
|
|
import org.alfresco.repo.node.getchildren.GetChildrenCannedQueryFactory;
|
|
import org.alfresco.repo.node.getchildren.FilterPropString.FilterTypeString;
|
|
import org.alfresco.repo.policy.JavaBehaviour;
|
|
import org.alfresco.repo.policy.PolicyComponent;
|
|
import org.alfresco.repo.search.SearcherException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
|
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
|
|
import org.alfresco.repo.tenant.TenantDomainMismatchException;
|
|
import org.alfresco.repo.tenant.TenantService;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
|
|
import org.alfresco.repo.transaction.TransactionListenerAdapter;
|
|
import org.alfresco.repo.transaction.TransactionalResourceHelper;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
|
|
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
|
import org.alfresco.service.ServiceRegistry;
|
|
import org.alfresco.service.cmr.action.Action;
|
|
import org.alfresco.service.cmr.action.ActionService;
|
|
import org.alfresco.service.cmr.admin.RepoAdminService;
|
|
import org.alfresco.service.cmr.admin.RepoUsageStatus;
|
|
import org.alfresco.service.cmr.admin.RepoUsage.UsageType;
|
|
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
|
import org.alfresco.service.cmr.invitation.InvitationException;
|
|
import org.alfresco.service.cmr.model.FileFolderService;
|
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.repository.TemplateService;
|
|
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
|
|
import org.alfresco.service.cmr.search.SearchService;
|
|
import org.alfresco.service.cmr.security.AuthorityService;
|
|
import org.alfresco.service.cmr.security.AuthorityType;
|
|
import org.alfresco.service.cmr.security.MutableAuthenticationService;
|
|
import org.alfresco.service.cmr.security.NoSuchPersonException;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.service.namespace.NamespacePrefixResolver;
|
|
import org.alfresco.service.namespace.NamespaceService;
|
|
import org.alfresco.service.namespace.QName;
|
|
import org.alfresco.service.namespace.RegexQNamePattern;
|
|
import org.alfresco.service.transaction.TransactionService;
|
|
import org.alfresco.util.EqualsHelper;
|
|
import org.alfresco.util.GUID;
|
|
import org.alfresco.util.ModelUtil;
|
|
import org.alfresco.util.Pair;
|
|
import org.alfresco.util.ParameterCheck;
|
|
import org.alfresco.util.PropertyCheck;
|
|
import org.alfresco.util.registry.NamedObjectRegistry;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.springframework.extensions.surf.util.I18NUtil;
|
|
|
|
public class PersonServiceImpl extends TransactionListenerAdapter implements PersonService,
|
|
NodeServicePolicies.BeforeCreateNodePolicy,
|
|
NodeServicePolicies.OnCreateNodePolicy,
|
|
NodeServicePolicies.BeforeDeleteNodePolicy,
|
|
NodeServicePolicies.OnUpdatePropertiesPolicy
|
|
|
|
{
|
|
private static Log logger = LogFactory.getLog(PersonServiceImpl.class);
|
|
|
|
private static final String CANNED_QUERY_PEOPLE_LIST = "peopleGetChildrenCannedQueryFactory";
|
|
|
|
private static final String DELETE = "DELETE";
|
|
private static final String SPLIT = "SPLIT";
|
|
private static final String LEAVE = "LEAVE";
|
|
public static final String SYSTEM_FOLDER_SHORT_QNAME = "sys:system";
|
|
public static final String PEOPLE_FOLDER_SHORT_QNAME = "sys:people";
|
|
private static final String SYSTEM_USAGE_WARN_LIMIT_USERS_EXCEEDED_VERBOSE = "system.usage.err.limit_users_exceeded_verbose";
|
|
|
|
private static final String KEY_POST_TXN_DUPLICATES = "PersonServiceImpl.KEY_POST_TXN_DUPLICATES";
|
|
public static final String KEY_ALLOW_UID_UPDATE = "PersonServiceImpl.KEY_ALLOW_UID_UPDATE";
|
|
private static final String KEY_USERS_CREATED = "PersonServiceImpl.KEY_USERS_CREATED";
|
|
|
|
private StoreRef storeRef;
|
|
private TransactionService transactionService;
|
|
private NodeService nodeService;
|
|
private TenantService tenantService;
|
|
private SearchService searchService;
|
|
private AuthorityService authorityService;
|
|
private MutableAuthenticationService authenticationService;
|
|
private DictionaryService dictionaryService;
|
|
private PermissionServiceSPI permissionServiceSPI;
|
|
private NamespacePrefixResolver namespacePrefixResolver;
|
|
private HomeFolderManager homeFolderManager;
|
|
private PolicyComponent policyComponent;
|
|
private AclDAO aclDao;
|
|
private PermissionsManager permissionsManager;
|
|
private RepoAdminService repoAdminService;
|
|
private ServiceRegistry serviceRegistry;
|
|
|
|
private boolean createMissingPeople;
|
|
private static Set<QName> mutableProperties;
|
|
private String defaultHomeFolderProvider;
|
|
private boolean processDuplicates = true;
|
|
private String duplicateMode = LEAVE;
|
|
private boolean lastIsBest = true;
|
|
private boolean includeAutoCreated = false;
|
|
|
|
private NamedObjectRegistry<CannedQueryFactory<NodeRef>> cannedQueryRegistry;
|
|
|
|
/** a transactionally-safe cache to be injected */
|
|
private SimpleCache<String, Set<NodeRef>> personCache;
|
|
|
|
/** People Container ref cache (Tennant aware) */
|
|
private Map<String, NodeRef> peopleContainerRefs = new ConcurrentHashMap<String, NodeRef>(4);
|
|
|
|
private UserNameMatcher userNameMatcher;
|
|
|
|
private JavaBehaviour beforeCreateNodeValidationBehaviour;
|
|
private JavaBehaviour beforeDeleteNodeValidationBehaviour;
|
|
|
|
private boolean homeFolderCreationEager;
|
|
|
|
static
|
|
{
|
|
Set<QName> props = new HashSet<QName>();
|
|
props.add(ContentModel.PROP_HOMEFOLDER);
|
|
props.add(ContentModel.PROP_FIRSTNAME);
|
|
// Middle Name
|
|
props.add(ContentModel.PROP_LASTNAME);
|
|
props.add(ContentModel.PROP_EMAIL);
|
|
props.add(ContentModel.PROP_ORGID);
|
|
mutableProperties = Collections.unmodifiableSet(props);
|
|
}
|
|
|
|
@Override
|
|
public boolean equals(Object obj)
|
|
{
|
|
return this == obj;
|
|
}
|
|
|
|
@Override
|
|
public int hashCode()
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
/**
|
|
* Spring bean init method
|
|
*/
|
|
public void init()
|
|
{
|
|
PropertyCheck.mandatory(this, "storeUrl", storeRef);
|
|
PropertyCheck.mandatory(this, "transactionService", transactionService);
|
|
PropertyCheck.mandatory(this, "nodeService", nodeService);
|
|
PropertyCheck.mandatory(this, "permissionServiceSPI", permissionServiceSPI);
|
|
PropertyCheck.mandatory(this, "authorityService", authorityService);
|
|
PropertyCheck.mandatory(this, "authenticationService", authenticationService);
|
|
PropertyCheck.mandatory(this, "namespacePrefixResolver", namespacePrefixResolver);
|
|
PropertyCheck.mandatory(this, "policyComponent", policyComponent);
|
|
PropertyCheck.mandatory(this, "personCache", personCache);
|
|
PropertyCheck.mandatory(this, "aclDao", aclDao);
|
|
PropertyCheck.mandatory(this, "homeFolderManager", homeFolderManager);
|
|
PropertyCheck.mandatory(this, "repoAdminService", repoAdminService);
|
|
|
|
beforeCreateNodeValidationBehaviour = new JavaBehaviour(this, "beforeCreateNodeValidation");
|
|
this.policyComponent.bindClassBehaviour(
|
|
BeforeCreateNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
beforeCreateNodeValidationBehaviour);
|
|
|
|
beforeDeleteNodeValidationBehaviour = new JavaBehaviour(this, "beforeDeleteNodeValidation");
|
|
this.policyComponent.bindClassBehaviour(
|
|
BeforeDeleteNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
beforeDeleteNodeValidationBehaviour);
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnCreateNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "onCreateNode"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
BeforeDeleteNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "beforeDeleteNode"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnUpdatePropertiesPolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "onUpdateProperties"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnUpdatePropertiesPolicy.QNAME,
|
|
ContentModel.TYPE_USER,
|
|
new JavaBehaviour(this, "onUpdatePropertiesUser"));
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void setCreateMissingPeople(boolean createMissingPeople)
|
|
{
|
|
this.createMissingPeople = createMissingPeople;
|
|
}
|
|
|
|
public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver)
|
|
{
|
|
this.namespacePrefixResolver = namespacePrefixResolver;
|
|
}
|
|
|
|
public void setAuthorityService(AuthorityService authorityService)
|
|
{
|
|
this.authorityService = authorityService;
|
|
}
|
|
|
|
public void setAuthenticationService(MutableAuthenticationService authenticationService)
|
|
{
|
|
this.authenticationService = authenticationService;
|
|
}
|
|
|
|
public void setDictionaryService(DictionaryService dictionaryService)
|
|
{
|
|
this.dictionaryService = dictionaryService;
|
|
}
|
|
|
|
public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)
|
|
{
|
|
this.permissionServiceSPI = permissionServiceSPI;
|
|
}
|
|
|
|
public void setTransactionService(TransactionService transactionService)
|
|
{
|
|
this.transactionService = transactionService;
|
|
}
|
|
|
|
public void setServiceRegistry(ServiceRegistry serviceRegistry)
|
|
{
|
|
this.serviceRegistry = serviceRegistry;
|
|
}
|
|
|
|
public void setNodeService(NodeService nodeService)
|
|
{
|
|
this.nodeService = nodeService;
|
|
}
|
|
|
|
public void setTenantService(TenantService tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
public void setSearchService(SearchService searchService)
|
|
{
|
|
this.searchService = searchService;
|
|
}
|
|
|
|
public void setRepoAdminService(RepoAdminService repoAdminService)
|
|
{
|
|
this.repoAdminService = repoAdminService;
|
|
}
|
|
|
|
public void setPolicyComponent(PolicyComponent policyComponent)
|
|
{
|
|
this.policyComponent = policyComponent;
|
|
}
|
|
|
|
public void setStoreUrl(String storeUrl)
|
|
{
|
|
this.storeRef = new StoreRef(storeUrl);
|
|
}
|
|
|
|
public void setUserNameMatcher(UserNameMatcher userNameMatcher)
|
|
{
|
|
this.userNameMatcher = userNameMatcher;
|
|
}
|
|
|
|
void setDefaultHomeFolderProvider(String defaultHomeFolderProvider)
|
|
{
|
|
this.defaultHomeFolderProvider = defaultHomeFolderProvider;
|
|
}
|
|
|
|
public void setDuplicateMode(String duplicateMode)
|
|
{
|
|
this.duplicateMode = duplicateMode;
|
|
}
|
|
|
|
public void setIncludeAutoCreated(boolean includeAutoCreated)
|
|
{
|
|
this.includeAutoCreated = includeAutoCreated;
|
|
}
|
|
|
|
public void setLastIsBest(boolean lastIsBest)
|
|
{
|
|
this.lastIsBest = lastIsBest;
|
|
}
|
|
|
|
public void setProcessDuplicates(boolean processDuplicates)
|
|
{
|
|
this.processDuplicates = processDuplicates;
|
|
}
|
|
|
|
public void setHomeFolderManager(HomeFolderManager homeFolderManager)
|
|
{
|
|
this.homeFolderManager = homeFolderManager;
|
|
}
|
|
|
|
/**
|
|
* Indicates if home folders should be created when the person
|
|
* is created or delayed until first accessed.
|
|
*/
|
|
public void setHomeFolderCreationEager(boolean homeFolderCreationEager)
|
|
{
|
|
this.homeFolderCreationEager = homeFolderCreationEager;
|
|
}
|
|
|
|
public void setAclDAO(AclDAO aclDao)
|
|
{
|
|
this.aclDao = aclDao;
|
|
}
|
|
|
|
public void setPermissionsManager(PermissionsManager permissionsManager)
|
|
{
|
|
this.permissionsManager = permissionsManager;
|
|
}
|
|
|
|
/**
|
|
* Set the registry of {@link CannedQueryFactory canned queries}
|
|
*/
|
|
public void setCannedQueryRegistry(NamedObjectRegistry<CannedQueryFactory<NodeRef>> cannedQueryRegistry)
|
|
{
|
|
this.cannedQueryRegistry = cannedQueryRegistry;
|
|
}
|
|
|
|
/**
|
|
* Set the username to person cache.
|
|
*/
|
|
public void setPersonCache(SimpleCache<String, Set<NodeRef>> personCache)
|
|
{
|
|
this.personCache = personCache;
|
|
}
|
|
|
|
/**
|
|
* Avoid injection issues: Look it up from the Service Registry as required
|
|
*/
|
|
private FileFolderService getFileFolderService()
|
|
{
|
|
return serviceRegistry.getFileFolderService();
|
|
}
|
|
|
|
/**
|
|
* Avoid injection issues: Look it up from the Service Registry as required
|
|
*/
|
|
private NamespaceService getNamespaceService()
|
|
{
|
|
return serviceRegistry.getNamespaceService();
|
|
}
|
|
|
|
/**
|
|
* Avoid injection issues: Look it up from the Service Registry as required
|
|
*/
|
|
private ActionService getActionService()
|
|
{
|
|
return serviceRegistry.getActionService();
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getPerson(String userName)
|
|
{
|
|
return getPerson(userName, true);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getPerson(final String userName, final boolean autoCreate)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantUser(userName))
|
|
{
|
|
final String tenantDomain = tenantService.getUserDomain(userName);
|
|
|
|
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
return getPersonImpl(userName, autoCreate);
|
|
}
|
|
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
return getPersonImpl(userName, autoCreate);
|
|
}
|
|
}
|
|
|
|
private NodeRef getPersonImpl(String userName, boolean autoCreate)
|
|
{
|
|
if(userName == null)
|
|
{
|
|
return null;
|
|
}
|
|
if(userName.length() == 0)
|
|
{
|
|
return null;
|
|
}
|
|
NodeRef personNode = getPersonOrNull(userName);
|
|
if (personNode == null)
|
|
{
|
|
TxnReadState txnReadState = AlfrescoTransactionSupport.getTransactionReadState();
|
|
if (autoCreate && createMissingPeople() && txnReadState == TxnReadState.TXN_READ_WRITE)
|
|
{
|
|
// We create missing people AND are in a read-write txn
|
|
return createMissingPerson(userName);
|
|
}
|
|
else
|
|
{
|
|
throw new NoSuchPersonException(userName);
|
|
}
|
|
}
|
|
else if (autoCreate)
|
|
{
|
|
makeHomeFolderIfRequired(personNode);
|
|
}
|
|
return personNode;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean personExists(String caseSensitiveUserName)
|
|
{
|
|
return getPersonOrNull(caseSensitiveUserName) != null;
|
|
}
|
|
|
|
private NodeRef getPersonOrNull(String searchUserName)
|
|
{
|
|
Set<NodeRef> allRefs = getFromCache(searchUserName);
|
|
boolean addToCache = false;
|
|
if (allRefs == null)
|
|
{
|
|
List<ChildAssociationRef> childRefs = nodeService.getChildAssocs(
|
|
getPeopleContainer(),
|
|
ContentModel.ASSOC_CHILDREN,
|
|
getChildNameLower(searchUserName),
|
|
false);
|
|
allRefs = new LinkedHashSet<NodeRef>(childRefs.size() * 2);
|
|
|
|
for (ChildAssociationRef childRef : childRefs)
|
|
{
|
|
NodeRef nodeRef = childRef.getChildRef();
|
|
allRefs.add(nodeRef);
|
|
}
|
|
addToCache = true;
|
|
}
|
|
|
|
List<NodeRef> refs = new ArrayList<NodeRef>(allRefs.size());
|
|
Set<NodeRef> nodesToRemoveFromCache = new HashSet<NodeRef>();
|
|
for (NodeRef nodeRef : allRefs)
|
|
{
|
|
if (nodeService.exists(nodeRef))
|
|
{
|
|
Serializable value = nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, value);
|
|
if (userNameMatcher.matches(searchUserName, realUserName))
|
|
{
|
|
refs.add(nodeRef);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
nodesToRemoveFromCache.add(nodeRef);
|
|
}
|
|
}
|
|
|
|
if (!nodesToRemoveFromCache.isEmpty())
|
|
{
|
|
allRefs.removeAll(nodesToRemoveFromCache);
|
|
}
|
|
|
|
NodeRef returnRef = null;
|
|
if (refs.size() > 1)
|
|
{
|
|
returnRef = handleDuplicates(refs, searchUserName);
|
|
}
|
|
else if (refs.size() == 1)
|
|
{
|
|
returnRef = refs.get(0);
|
|
|
|
if (addToCache)
|
|
{
|
|
// Don't bother caching unless we get a result that doesn't need duplicate processing
|
|
putToCache(searchUserName, allRefs);
|
|
}
|
|
}
|
|
return returnRef;
|
|
}
|
|
|
|
private NodeRef handleDuplicates(List<NodeRef> refs, String searchUserName)
|
|
{
|
|
if (processDuplicates)
|
|
{
|
|
NodeRef best = findBest(refs);
|
|
HashSet<NodeRef> toHandle = new HashSet<NodeRef>();
|
|
toHandle.addAll(refs);
|
|
toHandle.remove(best);
|
|
addDuplicateNodeRefsToHandle(toHandle);
|
|
return best;
|
|
}
|
|
else
|
|
{
|
|
String userNameSensitivity = " (user name is case-" + (userNameMatcher.getUserNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
|
|
String domainNameSensitivity = "";
|
|
if (!userNameMatcher.getDomainSeparator().equals(""))
|
|
{
|
|
domainNameSensitivity = " (domain name is case-" + (userNameMatcher.getDomainNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
|
|
}
|
|
|
|
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName + userNameSensitivity + domainNameSensitivity);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get the txn-bound usernames that need cleaning up
|
|
*/
|
|
private Set<NodeRef> getPostTxnDuplicates()
|
|
{
|
|
@SuppressWarnings("unchecked")
|
|
Set<NodeRef> postTxnDuplicates = (Set<NodeRef>) AlfrescoTransactionSupport.getResource(KEY_POST_TXN_DUPLICATES);
|
|
if (postTxnDuplicates == null)
|
|
{
|
|
postTxnDuplicates = new HashSet<NodeRef>();
|
|
AlfrescoTransactionSupport.bindResource(KEY_POST_TXN_DUPLICATES, postTxnDuplicates);
|
|
}
|
|
return postTxnDuplicates;
|
|
}
|
|
|
|
/**
|
|
* Flag a username for cleanup after the transaction.
|
|
*/
|
|
private void addDuplicateNodeRefsToHandle(Set<NodeRef> refs)
|
|
{
|
|
// Firstly, bind this service to the transaction
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
// Now get the post txn duplicate list
|
|
Set<NodeRef> postTxnDuplicates = getPostTxnDuplicates();
|
|
postTxnDuplicates.addAll(refs);
|
|
}
|
|
|
|
/**
|
|
* Process clean up any duplicates that were flagged during the transaction.
|
|
*/
|
|
@Override
|
|
public void afterCommit()
|
|
{
|
|
// Get the duplicates in a form that can be read by the transaction work anonymous instance
|
|
final Set<NodeRef> postTxnDuplicates = getPostTxnDuplicates();
|
|
if (postTxnDuplicates.size() == 0)
|
|
{
|
|
// Nothing to do
|
|
return;
|
|
}
|
|
|
|
RetryingTransactionCallback<Object> processDuplicateWork = new RetryingTransactionCallback<Object>()
|
|
{
|
|
public Object execute() throws Throwable
|
|
{
|
|
if (duplicateMode.equalsIgnoreCase(SPLIT))
|
|
{
|
|
logger.info("Splitting " + postTxnDuplicates.size() + " duplicate person objects.");
|
|
// Allow UIDs to be updated in this transaction
|
|
AlfrescoTransactionSupport.bindResource(KEY_ALLOW_UID_UPDATE, Boolean.TRUE);
|
|
split(postTxnDuplicates);
|
|
logger.info("Split " + postTxnDuplicates.size() + " duplicate person objects.");
|
|
}
|
|
else if (duplicateMode.equalsIgnoreCase(DELETE))
|
|
{
|
|
delete(postTxnDuplicates);
|
|
logger.info("Deleted duplicate person objects");
|
|
}
|
|
else
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Duplicate person objects exist");
|
|
}
|
|
}
|
|
|
|
// Done
|
|
return null;
|
|
}
|
|
};
|
|
transactionService.getRetryingTransactionHelper().doInTransaction(processDuplicateWork, false, true);
|
|
}
|
|
|
|
private void delete(Set<NodeRef> toDelete)
|
|
{
|
|
for (NodeRef nodeRef : toDelete)
|
|
{
|
|
deletePerson(nodeRef);
|
|
}
|
|
}
|
|
|
|
private void split(Set<NodeRef> toSplit)
|
|
{
|
|
for (NodeRef nodeRef : toSplit)
|
|
{
|
|
String userName = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
String newUserName = userName + GUID.generate();
|
|
nodeService.setProperty(nodeRef, ContentModel.PROP_USERNAME, userName + GUID.generate());
|
|
logger.info(" New person object: " + newUserName);
|
|
}
|
|
}
|
|
|
|
private NodeRef findBest(List<NodeRef> refs)
|
|
{
|
|
// Given that we might not have audit attributes, use the assumption that the node ID increases to sort the
|
|
// nodes
|
|
if (lastIsBest)
|
|
{
|
|
Collections.sort(refs, new NodeIdComparator(nodeService, false));
|
|
}
|
|
else
|
|
{
|
|
Collections.sort(refs, new NodeIdComparator(nodeService, true));
|
|
}
|
|
|
|
NodeRef fallBack = null;
|
|
|
|
for (NodeRef nodeRef : refs)
|
|
{
|
|
if (fallBack == null)
|
|
{
|
|
fallBack = nodeRef;
|
|
}
|
|
|
|
if (includeAutoCreated || !wasAutoCreated(nodeRef))
|
|
{
|
|
return nodeRef;
|
|
}
|
|
}
|
|
|
|
return fallBack;
|
|
}
|
|
|
|
private boolean wasAutoCreated(NodeRef nodeRef)
|
|
{
|
|
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME));
|
|
|
|
String testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_FIRSTNAME));
|
|
if ((testString == null) || !testString.equals(userName))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_LASTNAME));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_EMAIL));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_ORGID));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_HOME_FOLDER_PROVIDER));
|
|
if ((testString == null) || !testString.equals(defaultHomeFolderProvider))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean createMissingPeople()
|
|
{
|
|
return createMissingPeople;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public Set<QName> getMutableProperties()
|
|
{
|
|
return mutableProperties;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void setPersonProperties(String userName, Map<QName, Serializable> properties)
|
|
{
|
|
setPersonProperties(userName, properties, true);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void setPersonProperties(String userName, Map<QName, Serializable> properties, boolean autoCreate)
|
|
{
|
|
NodeRef personNode = getPersonOrNull(userName);
|
|
if (personNode == null)
|
|
{
|
|
if (createMissingPeople())
|
|
{
|
|
personNode = createMissingPerson(userName);
|
|
}
|
|
else
|
|
{
|
|
throw new PersonException("No person found for user name " + userName);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (autoCreate)
|
|
{
|
|
makeHomeFolderIfRequired(personNode);
|
|
}
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode, ContentModel.PROP_USERNAME));
|
|
String suggestedUserName;
|
|
|
|
// LDAP sync: allow change of case if we have case insensitive user names and the same name in a different case
|
|
if (getUserNamesAreCaseSensitive()
|
|
|| (suggestedUserName = (String) properties.get(ContentModel.PROP_USERNAME)) == null
|
|
|| !suggestedUserName.equalsIgnoreCase(realUserName))
|
|
{
|
|
properties.put(ContentModel.PROP_USERNAME, realUserName);
|
|
}
|
|
}
|
|
Map<QName, Serializable> update = nodeService.getProperties(personNode);
|
|
update.putAll(properties);
|
|
|
|
nodeService.setProperties(personNode, update);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean isMutable()
|
|
{
|
|
return true;
|
|
}
|
|
|
|
private NodeRef createMissingPerson(String userName)
|
|
{
|
|
HashMap<QName, Serializable> properties = getDefaultProperties(userName);
|
|
NodeRef person = createPerson(properties);
|
|
return person;
|
|
}
|
|
|
|
private void makeHomeFolderIfRequired(NodeRef person)
|
|
{
|
|
if (person != null)
|
|
{
|
|
NodeRef homeFolder = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER));
|
|
if (homeFolder == null)
|
|
{
|
|
final ChildAssociationRef ref = nodeService.getPrimaryParent(person);
|
|
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Object>()
|
|
{
|
|
public Object execute() throws Throwable
|
|
{
|
|
makeHomeFolderAsSystem(ref);
|
|
return null;
|
|
}
|
|
}, transactionService.isReadOnly(), transactionService.isReadOnly() ? false : AlfrescoTransactionSupport.getTransactionReadState() == TxnReadState.TXN_READ_ONLY);
|
|
}
|
|
}
|
|
}
|
|
|
|
private void makeHomeFolderAsSystem(final ChildAssociationRef childAssocRef)
|
|
{
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
@Override
|
|
public Object doWork() throws Exception
|
|
{
|
|
homeFolderManager.makeHomeFolder(childAssocRef);
|
|
return null;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
}
|
|
|
|
private HashMap<QName, Serializable> getDefaultProperties(String userName)
|
|
{
|
|
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
properties.put(ContentModel.PROP_FIRSTNAME, tenantService.getBaseNameUser(userName));
|
|
properties.put(ContentModel.PROP_LASTNAME, "");
|
|
properties.put(ContentModel.PROP_EMAIL, "");
|
|
properties.put(ContentModel.PROP_ORGID, "");
|
|
properties.put(ContentModel.PROP_HOME_FOLDER_PROVIDER, defaultHomeFolderProvider);
|
|
|
|
properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
|
|
properties.put(ContentModel.PROP_SIZE_QUOTA, -1L); // no quota
|
|
|
|
return properties;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef createPerson(Map<QName, Serializable> properties)
|
|
{
|
|
return createPerson(properties, authorityService.getDefaultZones());
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef createPerson(Map<QName, Serializable> properties, Set<String> zones)
|
|
{
|
|
ParameterCheck.mandatory("properties", properties);
|
|
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_USERNAME));
|
|
if (userName == null)
|
|
{
|
|
throw new IllegalArgumentException("No username specified when creating the person.");
|
|
}
|
|
|
|
/*
|
|
* Check restrictions on the number of users
|
|
*/
|
|
Long maxUsers = repoAdminService.getRestrictions().getUsers();
|
|
if (maxUsers != null)
|
|
{
|
|
// Get the set of users created in this transaction
|
|
Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
|
|
usersCreated.add(userName);
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
}
|
|
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(userName);
|
|
if (authorityType != AuthorityType.USER)
|
|
{
|
|
throw new AlfrescoRuntimeException("Attempt to create person for an authority which is not a user");
|
|
}
|
|
|
|
tenantService.checkDomainUser(userName);
|
|
|
|
if (personExists(userName))
|
|
{
|
|
throw new AlfrescoRuntimeException("Person '" + userName + "' already exists.");
|
|
}
|
|
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
|
|
|
|
NodeRef personRef = null;
|
|
try
|
|
{
|
|
beforeCreateNodeValidationBehaviour.disable();
|
|
|
|
personRef = nodeService.createNode(
|
|
getPeopleContainer(),
|
|
ContentModel.ASSOC_CHILDREN,
|
|
getChildNameLower(userName), // Lowercase:
|
|
ContentModel.TYPE_PERSON, properties).getChildRef();
|
|
}
|
|
finally
|
|
{
|
|
beforeCreateNodeValidationBehaviour.enable();
|
|
}
|
|
|
|
if (zones != null)
|
|
{
|
|
for (String zone : zones)
|
|
{
|
|
// Add the person to an authentication zone (corresponding to an external user registry)
|
|
// Let's preserve case on this child association
|
|
nodeService.addChild(authorityService.getOrCreateZone(zone), personRef, ContentModel.ASSOC_IN_ZONE, QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, userName, namespacePrefixResolver));
|
|
}
|
|
}
|
|
|
|
removeFromCache(userName);
|
|
|
|
return personRef;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void notifyPerson(final String userName, final String password)
|
|
{
|
|
// Get the details of our user, or fail trying
|
|
NodeRef noderef = getPerson(userName, false);
|
|
Map<QName,Serializable> userProps = nodeService.getProperties(noderef);
|
|
|
|
// Do they have an email set? We can't email them if not...
|
|
String email = null;
|
|
if (userProps.containsKey(ContentModel.PROP_EMAIL))
|
|
{
|
|
email = (String)userProps.get(ContentModel.PROP_EMAIL);
|
|
}
|
|
|
|
if (email == null || email.length() == 0)
|
|
{
|
|
if (logger.isInfoEnabled())
|
|
{
|
|
logger.info("Not sending new user notification to " + userName + " as no email address found");
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
// We need a freemarker model, so turn the QNames into
|
|
// something a bit more freemarker friendly
|
|
Map<String,Serializable> model = buildEmailTemplateModel(userProps);
|
|
model.put("password", password); // Not stored on the person
|
|
|
|
// Set the details of the person sending the email into the model
|
|
NodeRef creatorNR = getPerson(AuthenticationUtil.getFullyAuthenticatedUser());
|
|
Map<QName,Serializable> creatorProps = nodeService.getProperties(creatorNR);
|
|
Map<String,Serializable> creator = buildEmailTemplateModel(creatorProps);
|
|
model.put("creator", (Serializable)creator);
|
|
|
|
// Set share information into the model
|
|
String productName = ModelUtil.getProductName(repoAdminService);
|
|
model.put(TemplateService.KEY_PRODUCT_NAME, productName);
|
|
|
|
// Set the details for the action
|
|
Map<String,Serializable> actionParams = new HashMap<String, Serializable>();
|
|
actionParams.put(MailActionExecuter.PARAM_TEMPLATE_MODEL, (Serializable)model);
|
|
actionParams.put(MailActionExecuter.PARAM_TO, email);
|
|
actionParams.put(MailActionExecuter.PARAM_FROM, creatorProps.get(ContentModel.PROP_EMAIL));
|
|
actionParams.put(MailActionExecuter.PARAM_SUBJECT,
|
|
I18NUtil.getMessage("invitation.notification.person.email.subject", productName));
|
|
|
|
// Pick the appropriate localised template
|
|
actionParams.put(MailActionExecuter.PARAM_TEMPLATE, getNotifyEmailTemplateNodeRef());
|
|
|
|
// Ask for the email to be sent asynchronously
|
|
Action mailAction = getActionService().createAction(MailActionExecuter.NAME, actionParams);
|
|
getActionService().executeAction(mailAction, noderef, false, true);
|
|
}
|
|
|
|
/**
|
|
* Finds the email template and then attempts to find a localized version
|
|
*/
|
|
private NodeRef getNotifyEmailTemplateNodeRef()
|
|
{
|
|
// Find the new user email template
|
|
String xpath = "app:company_home/app:dictionary/app:email_templates/cm:invite/cm:new-user-email.html.ftl";
|
|
try
|
|
{
|
|
NodeRef rootNodeRef = nodeService.getRootNode(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE);
|
|
List<NodeRef> nodeRefs = searchService.selectNodes(
|
|
rootNodeRef,
|
|
xpath,
|
|
null,
|
|
getNamespaceService(),
|
|
false);
|
|
if (nodeRefs.size() > 1)
|
|
{
|
|
logger.error("Found too many email templates using: " + xpath);
|
|
nodeRefs = Collections.singletonList(nodeRefs.get(0));
|
|
}
|
|
else if (nodeRefs.size() == 0)
|
|
{
|
|
throw new InvitationException("Cannot find the email template using " + xpath);
|
|
}
|
|
// Now localise this
|
|
NodeRef base = nodeRefs.get(0);
|
|
NodeRef local = getFileFolderService().getLocalizedSibling(base);
|
|
return local;
|
|
}
|
|
catch (SearcherException e)
|
|
{
|
|
throw new InvitationException("Cannot find the email template!", e);
|
|
}
|
|
}
|
|
|
|
private Map<String,Serializable> buildEmailTemplateModel(Map<QName,Serializable> props)
|
|
{
|
|
Map<String,Serializable> model = new HashMap<String, Serializable>((int)(props.size()*1.5));
|
|
for (QName qname : props.keySet())
|
|
{
|
|
model.put(qname.getLocalName(), props.get(qname));
|
|
model.put(qname.getLocalName().toLowerCase(), props.get(qname));
|
|
}
|
|
return model;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getPeopleContainer()
|
|
{
|
|
String cacheKey = tenantService.getCurrentUserDomain();
|
|
NodeRef peopleNodeRef = peopleContainerRefs.get(cacheKey);
|
|
if (peopleNodeRef == null)
|
|
{
|
|
NodeRef rootNodeRef = nodeService.getRootNode(tenantService.getName(storeRef));
|
|
List<ChildAssociationRef> children = nodeService.getChildAssocs(rootNodeRef, RegexQNamePattern.MATCH_ALL,
|
|
QName.createQName(SYSTEM_FOLDER_SHORT_QNAME, namespacePrefixResolver), false);
|
|
|
|
if (children.size() == 0)
|
|
{
|
|
throw new AlfrescoRuntimeException("Required people system path not found: "
|
|
+ SYSTEM_FOLDER_SHORT_QNAME);
|
|
}
|
|
|
|
NodeRef systemNodeRef = children.get(0).getChildRef();
|
|
|
|
children = nodeService.getChildAssocs(systemNodeRef, RegexQNamePattern.MATCH_ALL, QName.createQName(
|
|
PEOPLE_FOLDER_SHORT_QNAME, namespacePrefixResolver), false);
|
|
|
|
if (children.size() == 0)
|
|
{
|
|
throw new AlfrescoRuntimeException("Required people system path not found: "
|
|
+ PEOPLE_FOLDER_SHORT_QNAME);
|
|
}
|
|
|
|
peopleNodeRef = children.get(0).getChildRef();
|
|
peopleContainerRefs.put(cacheKey, peopleNodeRef);
|
|
}
|
|
return peopleNodeRef;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void deletePerson(String userName)
|
|
{
|
|
// Normalize the username to avoid case sensitivity issues
|
|
userName = getUserIdentifier(userName);
|
|
if (userName == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
NodeRef personRef = getPersonOrNull(userName);
|
|
|
|
deletePersonImpl(userName, personRef);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void deletePerson(NodeRef personRef)
|
|
{
|
|
QName typeQName = nodeService.getType(personRef);
|
|
if (typeQName.equals(ContentModel.TYPE_PERSON))
|
|
{
|
|
String userName = (String) this.nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
|
|
deletePersonImpl(userName, personRef);
|
|
}
|
|
else
|
|
{
|
|
throw new AlfrescoRuntimeException("deletePerson: invalid type of node "+personRef+" (actual="+typeQName+", expected="+ContentModel.TYPE_PERSON+")");
|
|
}
|
|
}
|
|
|
|
private void deletePersonImpl(String userName, NodeRef personRef)
|
|
{
|
|
if (userName != null)
|
|
{
|
|
// Remove internally-stored password information, if any
|
|
try
|
|
{
|
|
authenticationService.deleteAuthentication(userName);
|
|
}
|
|
catch (AuthenticationException e)
|
|
{
|
|
// Ignore this - externally authenticated user
|
|
}
|
|
|
|
// Invalidate all that user's tickets
|
|
try
|
|
{
|
|
authenticationService.invalidateUserSession(userName);
|
|
}
|
|
catch (AuthenticationException e)
|
|
{
|
|
// Ignore this
|
|
}
|
|
|
|
// remove any user permissions
|
|
permissionServiceSPI.deletePermissions(userName);
|
|
}
|
|
|
|
// delete the person
|
|
if (personRef != null)
|
|
{
|
|
try
|
|
{
|
|
beforeDeleteNodeValidationBehaviour.disable();
|
|
|
|
nodeService.deleteNode(personRef);
|
|
}
|
|
finally
|
|
{
|
|
beforeDeleteNodeValidationBehaviour.enable();
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Kick off the transaction listener for create user. It has the side-effect of
|
|
* recalculating the number of users.
|
|
*/
|
|
Long maxUsers = repoAdminService.getRestrictions().getUsers();
|
|
if (maxUsers != null)
|
|
{
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*
|
|
* @deprecated see getPeople
|
|
*/
|
|
public Set<NodeRef> getAllPeople()
|
|
{
|
|
List<PersonInfo> personInfos = getPeople(null, true, null, new PagingRequest(Integer.MAX_VALUE, null)).getPage();
|
|
Set<NodeRef> refs = new HashSet<NodeRef>(personInfos.size());
|
|
for (PersonInfo personInfo : personInfos)
|
|
{
|
|
refs.add(personInfo.getNodeRef());
|
|
}
|
|
return refs;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public PagingResults<PersonInfo> getPeople(List<Pair<QName, String>> stringPropFilters, boolean filterIgnoreCase, List<Pair<QName, Boolean>> sortProps, PagingRequest pagingRequest)
|
|
{
|
|
ParameterCheck.mandatory("pagingRequest", pagingRequest);
|
|
|
|
Long start = (logger.isDebugEnabled() ? System.currentTimeMillis() : null);
|
|
|
|
NodeRef contextNodeRef = getPeopleContainer();
|
|
|
|
Set<QName> childTypeQNames = new HashSet<QName>(1);
|
|
childTypeQNames.add(ContentModel.TYPE_PERSON);
|
|
|
|
// get canned query
|
|
GetChildrenCannedQueryFactory getChildrenCannedQueryFactory = (GetChildrenCannedQueryFactory)cannedQueryRegistry.getNamedObject(CANNED_QUERY_PEOPLE_LIST);
|
|
|
|
List<FilterProp> filterProps = null;
|
|
if (stringPropFilters != null)
|
|
{
|
|
filterProps = new ArrayList<FilterProp>(stringPropFilters.size());
|
|
for (Pair<QName, String> filterProp : stringPropFilters)
|
|
{
|
|
String filterStr = filterProp.getSecond();
|
|
if ((filterStr == null) || (filterStr.equals("")) || (filterStr.equals("*")))
|
|
{
|
|
// The wildcard means no filtering is needed on this property
|
|
continue;
|
|
}
|
|
else if (filterStr.endsWith("*"))
|
|
{
|
|
// The trailing * is implicit
|
|
filterStr = filterStr.substring(0, filterStr.length()-1);
|
|
}
|
|
|
|
// Turn this into a canned query filter
|
|
filterProps.add(new FilterPropString(filterProp.getFirst(), filterStr, (filterIgnoreCase ? FilterTypeString.STARTSWITH_IGNORECASE : FilterTypeString.STARTSWITH)));
|
|
}
|
|
}
|
|
|
|
GetChildrenCannedQuery cq = (GetChildrenCannedQuery)getChildrenCannedQueryFactory.getCannedQuery(contextNodeRef, childTypeQNames, filterProps, sortProps, pagingRequest);
|
|
|
|
// execute canned query
|
|
final CannedQueryResults<NodeRef> results = cq.execute();
|
|
|
|
final List<NodeRef> nodeRefs;
|
|
if (results.getPageCount() > 0)
|
|
{
|
|
nodeRefs = results.getPages().get(0);
|
|
}
|
|
else
|
|
{
|
|
nodeRefs = Collections.emptyList();
|
|
}
|
|
|
|
// set total count
|
|
final Pair<Integer, Integer> totalCount;
|
|
if (pagingRequest.getRequestTotalCountMax() > 0)
|
|
{
|
|
totalCount = results.getTotalResultCount();
|
|
}
|
|
else
|
|
{
|
|
totalCount = null;
|
|
}
|
|
|
|
if (start != null)
|
|
{
|
|
int cnt = results.getPagedResultCount();
|
|
int skipCount = pagingRequest.getSkipCount();
|
|
int maxItems = pagingRequest.getMaxItems();
|
|
boolean hasMoreItems = results.hasMoreItems();
|
|
int pageNum = (skipCount / maxItems) + 1;
|
|
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug(
|
|
"getPeople: "+cnt+" items in "+(System.currentTimeMillis()-start)+" msecs " +
|
|
"[pageNum="+pageNum+",skip="+skipCount+",max="+maxItems+",hasMorePages="+hasMoreItems+
|
|
",totalCount="+totalCount+",filters="+stringPropFilters+
|
|
",filtersIgnoreCase="+filterIgnoreCase+"]");
|
|
}
|
|
}
|
|
|
|
final List<PersonInfo> personInfos = new ArrayList<PersonInfo>(nodeRefs.size());
|
|
for (NodeRef nodeRef : nodeRefs)
|
|
{
|
|
Map<QName, Serializable> props = nodeService.getProperties(nodeRef);
|
|
personInfos.add(new PersonInfo(nodeRef,
|
|
(String)props.get(ContentModel.PROP_USERNAME),
|
|
(String)props.get(ContentModel.PROP_FIRSTNAME),
|
|
(String)props.get(ContentModel.PROP_LASTNAME)));
|
|
}
|
|
|
|
return new PagingResults<PersonInfo>()
|
|
{
|
|
@Override
|
|
public String getQueryExecutionId()
|
|
{
|
|
return results.getQueryExecutionId();
|
|
}
|
|
@Override
|
|
public List<PersonInfo> getPage()
|
|
{
|
|
return personInfos;
|
|
}
|
|
@Override
|
|
public boolean hasMoreItems()
|
|
{
|
|
return results.hasMoreItems();
|
|
}
|
|
@Override
|
|
public Pair<Integer, Integer> getTotalResultCount()
|
|
{
|
|
return totalCount;
|
|
}
|
|
};
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*
|
|
* @deprecated see getPeople
|
|
*/
|
|
public Set<NodeRef> getPeopleFilteredByProperty(QName propertyKey, Serializable propertyValue)
|
|
{
|
|
// check that given property key is defined for content model type 'cm:person'
|
|
// and throw exception if it isn't
|
|
if (this.dictionaryService.getProperty(ContentModel.TYPE_PERSON, propertyKey) == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Property '" + propertyKey + "' is not defined " + "for content model type cm:person");
|
|
}
|
|
|
|
List<Pair<QName, String>> filterProps = new ArrayList<Pair<QName, String>>(1);
|
|
filterProps.add(new Pair<QName, String>(propertyKey, (String)propertyValue));
|
|
|
|
PagingRequest pagingRequest = new PagingRequest(Integer.MAX_VALUE, null);
|
|
List<PersonInfo> personInfos = getPeople(filterProps, true, null, pagingRequest).getPage();
|
|
|
|
Set<NodeRef> refs = new HashSet<NodeRef>(personInfos.size());
|
|
for (PersonInfo personInfo : personInfos)
|
|
{
|
|
refs.add(personInfo.getNodeRef());
|
|
}
|
|
|
|
return refs;
|
|
}
|
|
|
|
// Policies
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void onCreateNode(ChildAssociationRef childAssocRef)
|
|
{
|
|
NodeRef personRef = childAssocRef.getChildRef();
|
|
|
|
String userName = (String) this.nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
|
|
|
|
if (getPeopleContainer().equals(childAssocRef.getParentRef()))
|
|
{
|
|
removeFromCache(userName);
|
|
}
|
|
|
|
permissionsManager.setPermissions(personRef, userName, userName);
|
|
|
|
// Make sure there is an authority entry - with a DB constraint for uniqueness
|
|
// aclDao.createAuthority(username);
|
|
|
|
if (homeFolderCreationEager)
|
|
{
|
|
makeHomeFolderAsSystem(childAssocRef);
|
|
}
|
|
}
|
|
|
|
private QName getChildNameLower(String userName)
|
|
{
|
|
return QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, userName.toLowerCase(), namespacePrefixResolver);
|
|
}
|
|
|
|
public void beforeCreateNode(
|
|
NodeRef parentRef,
|
|
QName assocTypeQName,
|
|
QName assocQName,
|
|
QName nodeTypeQName)
|
|
{
|
|
// NOOP
|
|
}
|
|
|
|
public void beforeCreateNodeValidation(
|
|
NodeRef parentRef,
|
|
QName assocTypeQName,
|
|
QName assocQName,
|
|
QName nodeTypeQName)
|
|
{
|
|
if (getPeopleContainer().equals(parentRef))
|
|
{
|
|
throw new AlfrescoRuntimeException("beforeCreateNode: use PersonService to create person");
|
|
}
|
|
else
|
|
{
|
|
logger.info("Person node is not being created under the people container (actual="+parentRef+", expected="+getPeopleContainer()+")");
|
|
}
|
|
}
|
|
|
|
public void beforeDeleteNode(NodeRef nodeRef)
|
|
{
|
|
String userName = (String) this.nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
if (this.authorityService.isGuestAuthority(userName))
|
|
{
|
|
throw new AlfrescoRuntimeException("The " + userName + " user cannot be deleted.");
|
|
}
|
|
|
|
NodeRef parentRef = null;
|
|
ChildAssociationRef parentAssocRef = nodeService.getPrimaryParent(nodeRef);
|
|
if (parentAssocRef != null)
|
|
{
|
|
parentRef = parentAssocRef.getParentRef();
|
|
if (getPeopleContainer().equals(parentRef))
|
|
{
|
|
removeFromCache(userName);
|
|
}
|
|
}
|
|
}
|
|
|
|
public void beforeDeleteNodeValidation(NodeRef nodeRef)
|
|
{
|
|
NodeRef parentRef = null;
|
|
ChildAssociationRef parentAssocRef = nodeService.getPrimaryParent(nodeRef);
|
|
if (parentAssocRef != null)
|
|
{
|
|
parentRef = parentAssocRef.getParentRef();
|
|
}
|
|
|
|
if (getPeopleContainer().equals(parentRef))
|
|
{
|
|
throw new AlfrescoRuntimeException("beforeDeleteNode: use PersonService to delete person");
|
|
}
|
|
else
|
|
{
|
|
logger.info("Person node that is being deleted is not under the parent people container (actual="+parentRef+", expected="+getPeopleContainer()+")");
|
|
}
|
|
}
|
|
|
|
private Set<NodeRef> getFromCache(String userName)
|
|
{
|
|
return this.personCache.get(userName.toLowerCase());
|
|
}
|
|
|
|
private void putToCache(String userName, Set<NodeRef> refs)
|
|
{
|
|
this.personCache.put(userName.toLowerCase(), refs);
|
|
}
|
|
|
|
private void removeFromCache(String userName)
|
|
{
|
|
this.personCache.remove(userName.toLowerCase());
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public String getUserIdentifier(String caseSensitiveUserName)
|
|
{
|
|
NodeRef nodeRef = getPersonOrNull(caseSensitiveUserName);
|
|
if ((nodeRef != null) && nodeService.exists(nodeRef))
|
|
{
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME));
|
|
return realUserName;
|
|
}
|
|
return null;
|
|
}
|
|
|
|
public static class NodeIdComparator implements Comparator<NodeRef>
|
|
{
|
|
private NodeService nodeService;
|
|
|
|
boolean ascending;
|
|
|
|
NodeIdComparator(NodeService nodeService, boolean ascending)
|
|
{
|
|
this.nodeService = nodeService;
|
|
this.ascending = ascending;
|
|
}
|
|
|
|
public int compare(NodeRef first, NodeRef second)
|
|
{
|
|
Long firstId = DefaultTypeConverter.INSTANCE.convert(Long.class, nodeService.getProperty(first, ContentModel.PROP_NODE_DBID));
|
|
Long secondId = DefaultTypeConverter.INSTANCE.convert(Long.class, nodeService.getProperty(second, ContentModel.PROP_NODE_DBID));
|
|
|
|
if (firstId != null)
|
|
{
|
|
if (secondId != null)
|
|
{
|
|
return firstId.compareTo(secondId) * (ascending ? 1 : -1);
|
|
}
|
|
else
|
|
{
|
|
return ascending ? -1 : 1;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (secondId != null)
|
|
{
|
|
return ascending ? 1 : -1;
|
|
}
|
|
else
|
|
{
|
|
return 0;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean getUserNamesAreCaseSensitive()
|
|
{
|
|
return userNameMatcher.getUserNamesAreCaseSensitive();
|
|
}
|
|
|
|
/**
|
|
* When a uid is changed we need to create an alias for the old uid so permissions are not broken. This can happen
|
|
* when an already existing user is updated via LDAP e.g. migration to LDAP, or when a user is auto created and then
|
|
* updated by LDAP This is probably less likely after 3.2 and sync on missing person See
|
|
* https://issues.alfresco.com/jira/browse/ETWOTWO-389 (non-Javadoc)
|
|
*/
|
|
public void onUpdateProperties(NodeRef nodeRef, Map<QName, Serializable> before, Map<QName, Serializable> after)
|
|
{
|
|
String uidBefore = DefaultTypeConverter.INSTANCE.convert(String.class, before.get(ContentModel.PROP_USERNAME));
|
|
if (uidBefore == null)
|
|
{
|
|
// Node has just been created; nothing to do
|
|
return;
|
|
}
|
|
String uidAfter = DefaultTypeConverter.INSTANCE.convert(String.class, after.get(ContentModel.PROP_USERNAME));
|
|
if (!EqualsHelper.nullSafeEquals(uidBefore, uidAfter))
|
|
{
|
|
// Only allow UID update if we are in the special split processing txn or we are just changing case
|
|
if (AlfrescoTransactionSupport.getResource(KEY_ALLOW_UID_UPDATE) != null || uidBefore.equalsIgnoreCase(uidAfter))
|
|
{
|
|
if (uidBefore != null)
|
|
{
|
|
// Fix any ACLs
|
|
aclDao.renameAuthority(uidBefore, uidAfter);
|
|
}
|
|
|
|
// Fix primary association local name
|
|
QName newAssocQName = getChildNameLower(uidAfter);
|
|
ChildAssociationRef assoc = nodeService.getPrimaryParent(nodeRef);
|
|
nodeService.moveNode(nodeRef, assoc.getParentRef(), assoc.getTypeQName(), newAssocQName);
|
|
|
|
// Fix other non-case sensitive parent associations
|
|
QName oldAssocQName = QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, uidBefore, namespacePrefixResolver);
|
|
newAssocQName = QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, uidAfter, namespacePrefixResolver);
|
|
for (ChildAssociationRef parent : nodeService.getParentAssocs(nodeRef))
|
|
{
|
|
if (!parent.isPrimary() && parent.getQName().equals(oldAssocQName))
|
|
{
|
|
nodeService.removeChildAssociation(parent);
|
|
nodeService.addChild(parent.getParentRef(), parent.getChildRef(), parent.getTypeQName(), newAssocQName);
|
|
}
|
|
}
|
|
|
|
// Fix cache
|
|
removeFromCache(uidBefore);
|
|
}
|
|
else
|
|
{
|
|
throw new UnsupportedOperationException("The user name on a person can not be changed");
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Track the {@link ContentModel#PROP_ENABLED enabled/disabled} flag on {@link ContentModel#TYPE_USER <b>cm:user</b>}.
|
|
*/
|
|
public void onUpdatePropertiesUser(NodeRef nodeRef, Map<QName, Serializable> before, Map<QName, Serializable> after)
|
|
{
|
|
String userName = (String) after.get(ContentModel.PROP_USER_USERNAME);
|
|
if (userName == null)
|
|
{
|
|
// Won't find user
|
|
return;
|
|
}
|
|
// Get the person
|
|
NodeRef personNodeRef = getPersonOrNull(userName);
|
|
if (personNodeRef == null)
|
|
{
|
|
// Don't attempt to maintain enabled/disabled flag
|
|
return;
|
|
}
|
|
|
|
// Check the enabled/disabled flag
|
|
Boolean enabled = (Boolean) after.get(ContentModel.PROP_ENABLED);
|
|
if (enabled == null || enabled.booleanValue())
|
|
{
|
|
nodeService.removeAspect(personNodeRef, ContentModel.ASPECT_PERSON_DISABLED);
|
|
}
|
|
else
|
|
{
|
|
nodeService.addAspect(personNodeRef, ContentModel.ASPECT_PERSON_DISABLED, null);
|
|
}
|
|
|
|
// Do post-commit user counting, if required
|
|
Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
|
|
usersCreated.add(userName);
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void beforeCommit(boolean readOnly)
|
|
{
|
|
// check whether max users has been exceeded
|
|
RunAsWork<Long> getMaxUsersWork = new RunAsWork<Long>()
|
|
{
|
|
@Override
|
|
public Long doWork() throws Exception
|
|
{
|
|
return repoAdminService.getRestrictions().getUsers();
|
|
}
|
|
};
|
|
Long maxUsers = AuthenticationUtil.runAs(getMaxUsersWork, AuthenticationUtil.getSystemUserName());
|
|
if(maxUsers == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
Long users = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Long>()
|
|
{
|
|
public Long doWork() throws Exception
|
|
{
|
|
repoAdminService.updateUsage(UsageType.USAGE_USERS);
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Number of users is " + repoAdminService.getUsage().getUsers());
|
|
}
|
|
return repoAdminService.getUsage().getUsers();
|
|
}
|
|
} , AuthenticationUtil.getSystemUserName());
|
|
|
|
// Get the set of users created in this transaction
|
|
Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
|
|
|
|
// If we exceed the limit, generate decent message about which users were being created, etc.
|
|
if (users > maxUsers)
|
|
{
|
|
List<String> usersMsg = new ArrayList<String>(5);
|
|
int i = 0;
|
|
for (String userCreated : usersCreated)
|
|
{
|
|
i++;
|
|
if (i > 5)
|
|
{
|
|
usersMsg.add(" ... more");
|
|
break;
|
|
}
|
|
else
|
|
{
|
|
usersMsg.add(userCreated);
|
|
}
|
|
}
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Maximum number of users exceeded: " + usersCreated);
|
|
}
|
|
throw AlfrescoRuntimeException.create(SYSTEM_USAGE_WARN_LIMIT_USERS_EXCEEDED_VERBOSE, maxUsers, usersMsg);
|
|
}
|
|
|
|
// Get the usages and log any warnings
|
|
RepoUsageStatus usageStatus = repoAdminService.getUsageStatus();
|
|
usageStatus.logMessages(logger);
|
|
}
|
|
|
|
/**
|
|
* Helper for when creating new users and people:
|
|
* Updates the supplied username with any required tenant
|
|
* details, and ensures that the tenant domains match.
|
|
* If Multi-Tenant is disabled, returns the same username.
|
|
*/
|
|
public static String updateUsernameForTenancy(String username, TenantService tenantService)
|
|
throws TenantDomainMismatchException
|
|
{
|
|
if(! tenantService.isEnabled())
|
|
{
|
|
// Nothing to do if not using multi tenant
|
|
return username;
|
|
}
|
|
|
|
String currentDomain = tenantService.getCurrentUserDomain();
|
|
if (! currentDomain.equals(TenantService.DEFAULT_DOMAIN))
|
|
{
|
|
if (! tenantService.isTenantUser(username))
|
|
{
|
|
// force domain onto the end of the username
|
|
username = tenantService.getDomainUser(username, currentDomain);
|
|
logger.warn("Added domain to username: " + username);
|
|
}
|
|
else
|
|
{
|
|
// Check the user's domain matches the current domain
|
|
// Throws a TenantDomainMismatchException if they don't match
|
|
tenantService.checkDomainUser(username);
|
|
}
|
|
}
|
|
return username;
|
|
}
|
|
} |