mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
dbb11a5ce2
35366: Fix for ALF-13542 - Notification is not displayed, when you try to create duplicate user.
35538: Merged BRANCHES/DEV/CLOUD1 to BRANCHES/DEV/V4.0-BUG-FIX: (pre-req for ALF-13791)
35410: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
- fix merge issue (compilation fix)
35443: Merge build/test fix (record-only)
35463: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30194: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29718: ALF-6029: Additional MT fix to force default tenant
29719: THOR-7: Create tenant
35541: Fix for ALF-13723 SOLR does not include the same query unit tests as lucene
- added base tests
35547: Merged BRANCHES/DEV/CLOUD1 to BRANCHES/DEV/V4.0-BUG-FIX: (ALF-13791)
35511: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30252: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29763: THOR-107: MT-aware immutable singletons
29766: THOR-107: MT-aware immutable singletons
29768: THOR-31: MT-aware shared cache
29770: THOR-107: MT-aware immutable singletons
35512: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30253: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29771: THOR-31: MT-aware shared cache
29777: THOR-107: MT-aware immutable singletons
29786: THOR-107: MT-aware immutable singletons
29787: THOR-31: MT-aware shared cache (fix MultiTNodeServiceInterceptorTest)
29799: THOR-107: MT-aware immutable singletons
35513: Merge build/test fix
35516: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/CLOUD1:
30026: THOR-5: tenant-aware caches
35517: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30260: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1: (core)
29860: THOR-73: prep for HEAD sync/merge-forward
29866: THOR-73: prep for HEAD sync/merge-forward
30026: THOR-5: tenant-aware caches
35520: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30297: THOR-73: Line-endings only
30298: THOR-73: Line-endings only
30300: THOR-73: fix ActivitiWorkflowServiceIntegrationTest
30302: THOR-73: fix SubscriptionServiceActivitiesTest
35528: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30459: THOR-156: prep - consolidate/improve get current user's tenant domain
30469: Fix bootstrap config check when running unit tests (where one tenant already exists)
(partial merge only)
35565: MT: fix update tenant entity
- pre-req for ALF-13757
35567: Fix merge fallout (compile error)
35569: ALF-13757: MT - minor patch to migrate existing tenants, if any (when upgrading)
35592: Merged BRANCHES/DEV/THOR1_SPRINTS to BRANCHES/DEV/V4.0-BUG-FIX: (ALF-13791)
34153: Minor: THOR-5: MT-aware immutable singletons (spp/vti)
35598: ALF-11459: Added null-check on in-flight process diagram-generation to prevent error when running headless
35604: ALF-13426 Transformation: DOCX conversion failure
<<< Fix split into two parts to make merge of this general part to 3.4.10 simpler. >>>
<<< The second part contains 4.0.x specific changes. >>>
- Change to ContentServiceImpl to fail over to other available transformers on error (can be turned off with
global property content.transformer.failover=false).
35605: ALF-13426 Transformation: DOCX conversion failure
<<< Second part >>>
- Remove explicit transformation sections for OOXML (added in 4.0.1 ALF-12461) as these are stopping other
transformers from being used. Was done originally as a copy paste from another bean that needed an explicit section.
- The combination of allowing other transformers (that were used prior to 4.0.1) and fail over from OOXML to these
transformers allows to docx fixes that do and do not contain an embedded image to be transformed to png.
35608: fix build
35609: Merged V3.4-BUG-FIX (3.4.10) to V4.0-BUG-FIX (4.0.2) RECORD ONLY
35607: Merged V4.0-BUG-FIX (4.0.2) to V3.4-BUG-FIX (3.4.10)
35604: ALF-13426 Transformation: DOCX conversion failure
<<< Fix split into two parts to make merge of this general part to 3.4.10 simpler. >>>
<<< The second part contains 4.0.x specific changes. >>>
- Change to ContentServiceImpl to fail over to other available transformers on error (can be turned off with
global property content.transformer.failover=false).
35619: ALL LANGUAGES: Translation updates based on EN r35407
35630: Merged HEAD to BRANCHES/DEV/V4.0-BUG-FIX:
34289: Upgrading JUnit lib to 4.10 to get full Rules support.
34317: Some initial documentation on JUnit Rules samples.
34328: More JUnit rules fun. Added a new rule to help with the creation and automatic cleanup of temporary test nodes.
34777: Added enhancement to TemporaryNodes rule to allow for dummy content.
34805: Added a convenience method to the ApplicationContextInit @Rule to allow for easier spring overriding in test code.
35621: Merged BRANCHES/DEV/CLOUDSYNCLOCAL2 to HEAD:
35620: More JUnit Rules Enhancements, covering well known nodes and easier context loading
35631: Fixing some Eclipse junit/lib dependencies which had become out of date - seemingly before my pervious commit (35630).
35640: Fix for ALF-10085 "Adding/removing CMIS Relationship changes last modified date of source object"
35647: Merged BRANCHES/DEV/DAM/V4.0-BUG-FIX-35588 to BRANCHES/DEV/V4.0-BUG-FIX:
35589: Creating new branch from $FROM
35591: Merged BRANCHES/DEV/DAM/V4.0-BUG-FIX-35195 to BRANCHES/DEV/DAM/V4.0-BUG-FIX-35588:
35196: Creating new branch from $FROM
35338: ALF-13734: Move Additional DocumentList Methods to DocumentListViewRenderer
- Moved tooltip to simple viewRenderer
35340: ALF-13734: Move Additional DocumentList Methods to DocumentListViewRenderer
- Moved fnRenderCellSelected logic to DocumentListViewRenderer
- Moved fnRenderCellStatus logic to DocumentListViewRenderer
- Moved fnRenderCellDescription logic to DocumentListViewRenderer
- Moved fnRenderCellActions logic to DocumentListViewRenderer
35346: ALF-13734: Move Additional DocumentList Methods to DocumentListViewRenderer
- Moved onEventHighlightRow logic to DocumentListViewRenderer
- Moved onEventUnhighlightRow logic to DocumentListViewRenderer
- Moved onActionShowMore logic to DocumentListViewRenderer
- Minor private method renaming
35427: ALF-13734: Move Additional DocumentList Methods to DocumentListViewRenderer
- Changed check for display of metadata banners and lines to more explicit bannerView and lineView properties which are set to the viewRenderer's name by default, but can now more easily be overridden
35503: ALF-13734: Move Additional DocumentList Methods to DocumentListViewRenderer
- Renamed bannerView property to more specific metadataBannerViewName
- Renamed lineView property to more specific metadataLineViewName
35583: ALF-13734: Move Additional DocumentList Methods to DocumentListViewRenderer
- Added rowClassName property to make finding the row easier in cases where an event trigger element might not be the row itself
- Added check for expected row element class name in getDataTableRecordIdFromRowElement, if not present trying getAncestorByClassName with rowClassName property
- Moved onFileRenamed to DocumentListViewRenderer
- Changed fnActionHandler to use getDataTableRecordIdFromRowElement rather than target.offsetParent
- Changed onLikes to use getDataTableRecordIdFromRowElement rather than assume the row parameter is the correct element
- Changed onFavourite to use getDataTableRecordIdFromRowElement rather than assume the row parameter is the correct element
35610: ALF-13734: Move Additional DocumentList Methods to DocumentListViewRenderer
- Changed method of grabbing container element in selectFiles to use parentElementIdSuffix from current viewRenderer
35650: Fix for ALF-13813 SOLR fails for fuzzy queries
35651: Fix tests for ALF-13813 SOLR fails for fuzzy queries
More for ALF-13723 SOLR does not include the same query unit tests as lucene
- added tests for Alfresco fts run via the request handler
- fixed fuzzy query tests so far ...
- report queries that generate errors
35664: ALF-13294 - CIFS: When versionable aspect is active, using the Microsoft Word for Mac 2008 option "always create a backup copy" leads to document versions loss
35679: Fix DataList QName hard-codings by pulling out to a proper Model Java Constants Interface
35689: Add the NameSpace constants for the Links model
35699: Merged BRANCHES/DEV/CLOUDSYNCLOCAL2 to BRANCHES/DEV/V4.0-BUG-FIX:
35698: New WebScript to provide the Share View URL for a given NodeRef (based on the Node Type and SysAdminParams)
35716: Make overriding just the Share URL easier (needed for Cloud installs)
35741: ALF-13819 Remove description+template for a controller-less webscript that was committed by mistake in v3.4
35765: Fixed version of junit.jar in build files
35772: ALF-1994 - Allow user defined white-list of HTML tags for HTML sanitisation process. Spring config added for tags and attributes.
35781: Fix for MySQL part of ALF-13150: Performance of Purging Empty Transactions (like 10M)
ALF-13839: MySQL: "Failed to purge txns" from DeletedNodeCleanupWorker
- Added MySQL override of the NodeDAO for this call with a dedicated DELETE ... JOIN ... for MySQL
35784: Fix for ALF-13845 SOLR "alfresco" queries are not cached correctly
35785: More for ALF-13723 SOLR does not include the same query unit tests as lucene
- duplicated sort and AFTS tests from the lucene sub-system
- run queries via request handler
- addded new locale tests for d:text ordering
35805: ALF-13828 Method name typo, should be getThumbnailDefinitions not getThumbnailDefintions. (Old method retained, @deprecated, for backwards compatibility)
35806: More debug to setFileInformation
35836: Fix for ALF-13794 Mismatch in SOLRAPIClient and NodeContentGet webscript causes content of type d:content not to get indexed
35862: Fix for ALF-13826 Solr CMIS Query After Delete a Node Throws CmisRuntimeException: Node does not exist
- make appropriate methods aware of node existence....
35867: ALF-13886 Certain errors may lead to no conn model object being available, so check it is there before using it to render the "Return to folder" link
35901: ALF-13474 possibility of deleting compleded workflows + explorer ui cancel action fix
35923: Fix for ALF-13724 Share folder permission management - changes to parent/child folders not accurately reflected
35936: More for ALF-13723 SOLR does not include the same query unit tests as lucene
- tests for mltext localised collation
35944: BufferedContentDiskDriver needs to use deviceName and sessionKey to make it unique rather than userName
35949: ALF-13755: MT is configured (but not enabled) by default
- note: also related to THOR-248 (effectively means that r31407 becomes a merge record-only)
35951: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/V4.0-BUG-FIX:
34107: record-only (follow on to r35949 - see ALF-13755 / THOR-248)
35953: ALF-12792 - Creation Date and Modification Date initialization for open files.
35968: Follow up to fix for ALF-13839: MySQL: "Failed to purge txns" from DeletedNodeCleanupWorker
- Sanity check highlighted transactional resource block in the database
- Each cleanup runs its own transactions as required now
- See also ALF-13150: Performance of Purging Empty Transactions suffers if the number of unused transactions grows too large (like 10M)
35970: Merged BRANCHES/DEV/DAM/V4.0-BUG-FIX-35924 to BRANCHES/DEV/V4.0-BUG-FIX:
35925: Creating new branch from BRANCHES/DEV/V4.0-BUG-FIX
35966: ALF-13912: Move DocumentList.onHighlightFile UI Logic to DocumentListViewRenderer
- Moved DocumentList.onHighlightFile logic to DocumentListViewRenderer
- Added DocumentListViewRenderer.getRowElementFromDataTableRecord and DocumentListViewRenderer.getRowSelectElementFromDataTableRecord
- Changed onHighlightFile to call those new getRow* methods for easier reuse in view renderer extensions
35979: ALF-10278, ALF-13902: Ending task now done with the right assignee when unassigned (eg. not claimed from pool) or when workflow-owner completes the task assigned to someone else, without claiming first
35981: Fix for ALF-12670 - An exception occurs during creation wiki page
Changed Wiki title field limit to the 100 char limit imposed by QName which unfortunately is used by the underlying service to store the field title.
35991: ALF-13901: Incorrect workflow-history gathering/displaying on uncompleted tasks in ended parallel multi-instance activity
35993: ALF-10278, ALF-13902: Fixed failing test (was not using AuthenticationUtil for test-user)
36001: BDE-69: create test-minimal and continuous-minimal Ant targets
36004: Fixes for:
ALF-12813 - jsonUtils.toJSONString mangles up Associative Arrays
- Added support for nested Java Map/List to jsonUtils
ALF-13647 - the first time a ICAL calendar URL is called with kerberos SSO a JSESSIONID cookie is not sent by the client, request fails with a 500 Internal server error
- Support for "negotiate" HTTP auth header and general improvements to that area
ALF-13877 - Invalid WebScript URLs cause ERROR-level exception stacks
- DEBUG only output for "missing" webscripts and invalid API call URLs
36014: ALF-13844: XSLT Filtering Not 100% Secure
- added more namespaces to the security filter.
- verified that include/import uses the security filter.
36018: ALF-13609: Enterprise installers lay down sample site and users
-Added feature to SiteLoadPatch to disable loading.
-Added property "disable.sample.site". Set property (system or otherwise) disable.sample.site=true to skip loading the sample site on a new installation.
36031: debug improvement.
36039: ALF-13779: isPooled() implemented correctly now
36044: ALF-13770: Merged V3.4-BUG-FIX (3.4.10) to V4.0-BUG-FIX (4.0.2)
36043: ALF-13769: Merged V3.4.8 (3.4.8.7) to V3.4-BUG-FIX (3.4.10)
35776: ALF-11535 Home Folder Synchronizer fails when destination folder already exists
- Don't move home folders that are the same as the provider's root folder or even above it!
If the same, these tend to be shared folders.
If above, this indicates that an LDAP sync has corrupted the original provider name and has hence
changed what we think is the root folder!
36046: ALF-13745: Merged V3.4-BUG-FIX (3.4.10) to V4.0-BUG-FIX (4.0.2)
<<< Also added placeholder thumbnails (copies if docx, pptx and xlsx which in turn appear to be copies of the 2003 doc, ppt and xls) >>>
36041: ALF-13667 Additional OpenOffice mimetypes to be added to the mime-type maps
- Added mimetypes for docm dotx dotm pptm ppsx ppsm potx potm ppam sldx sldm xltm xlsm xltm xlam xlsb
- Added transformation limits to avoid very long running tasks.
- Disable Jod and OpenOffice transformers via PDFBox for new types to txt, as there are better options
with the exception of potm and xlsb that can only be done by Office.
- TransformerDebug include max source size in available transformer list
35958: ALF-13745 Add Support for Microsoft Word File Format DOCM
<< General TransformationOptionLimits change >>
- Addition of TransformationOptionLimitsMap to make it simpler to add lots of TransformationOptionLimits.
Only one per line rather than about 10 - Needed for this JIRA as lots of limits are needed
- Changes to transformerDebug to make it more obvious which transformers are excluded
36047: Fix for ALF-13925 - UsernamePropertyDecorator incorrectly handles displayName construction
36048: More for ALF-13723 SOLR does not include the same query unit tests as lucene
- tests and fixes for internal fields
36061: Fix remoteapi tests by putting back repository tests before, where they belong
36064: ALF-13682 'View Process Diagram' not working if auditing is turned on
- modified Auditable annotation on the getWorkflowImage() method which was returning an InputStream
so we would not consume the input again.
- modified AuditMethodInterceptor to ignore any InputStream and OutputStream values. Implemented as a
list of non aubitable classes. Refactored generation of auditable arguments and return value to a method
rather than two almost identical in-line copies.
36065: ALF-13756: MT - replace Tenant attributes with Tenant table
- update schema comp files for x5 DBs
- note: will need to be tested in DB build plans (via schema comp -> when fail on error is enabled)
36066: ALF-13609: Enterprise installers lay down sample site and users
-Removed extraneous line of code.
-Renamed boolean to "disabled" and associated accessors.
-Added property "sample.site.disabled=false" to repository.properties.
-To disable loading of the sample site on a new installation, set property (system or otherwise) "sample.site.disabled=true"
36080: Merged BRANCHES/DEV/DAM/V4.0-BUG-FIX-36070 to BRANCHES/DEV/V4.0-BUG-FIX:
36071: Creating new branch from BRANCHES/DEV/V4.0-BUG-FIX
36079: Merged BRANCHES/DEV/DAM/V4.0-BUG-FIX-35924 to BRANCHES/DEV/DAM/V4.0-BUG-FIX-36070:
36069: ALF-13935: Move DocumentList Upload Indicators and Instructions to DocumentListViewRenderer
- Created renderEmptyDataSourceHtml method in DocumentListViewRenderer which contains the view logic previously in _setupDataSource
- Created _setEmptyDataSourceMessage which actually appends the constructed empty HTML instructions for cases where extensions simply want the same instructions but in a different container
- Added firing of Bubbling event postSetupViewRenderers at the end of _setupViewRenderers since all viewRenderers now have to be registered before _setupDataSource is called
36085: More for ALF-13723 SOLR does not include the same query unit tests as lucene
- internal fields
- paging
- security filters
36089: ALF-11725: Replication document with comment fails due to integrity exception
- updated script transfer service.
36094: ALF-11725 : config change.
36098: ALF-13719: Javascript addAspect(aspect, properties) does not apply cm:autoVersionOnUpdateProps property value
36105: SESURF-102: Fix dependency handling when use-checksum-dependencies is not enabled.
36107: Tweak wiki page create/update logic, to handle clearing the tags when updating a page when all tags are removed (ALF-10979)
36109: ALF-7874 MimeType definitions for Adobe AfterEffects files
36110: ALF-7874 Upgrade Tika for improved detection of Adobe Premier and AfterEffects
36112: ALF-7874 MimeType definition addition for Adobe Premier files
36133: Merged DEV to V4.0-BUG-FIX
36130: ALF-13988 : apply_amps script no longer works on Mac OSX
apply_amps.sh was corrected to resolve "readlink -f" Mac OS problem.
36135: ALF-12330: Editing of completed task now redirects to referring page (if available) + transition-buttons not rendered on completed tasks
36141: Merged V3.4-BUG-FIX to V4.0-BUG-FIX
35641: ALF-13452: Open office startup from Java not working on OSX
- Fix from Bitrock in combination with new wrapper in BINARIES
35687: ALF-13520: alfresco.log file ending up in system32 directory
- Not anymore!
35736: ALF-13751: Reduce over-agressive traversal of child associations when detecting cyclic groups in LDAP sync
- Recurse upwards to topmost parent then recurse downwards
- No need to recurse upwards and downwards on every recursion step!
35987: Merged DEV to V3.4-BUG-FIX
35984: ALF-11850 WCM - Incorrect message when copying/cutting assets within a Web Project
1. In ClipboardBean.addClipboardNode(NodeRef ref, NodeRef parent, ClipboardStatus mode) was added check whether the node in the AVM.
2. In webclient.properties was added node_added_clipboard_avm property.
36049: Fix for ALF-9662 To allow admin user to view dashboard of moderated site.
36050: Fix for ALF-13843 - Content creation silently fails when it's being created with already existent name.
36054: Fix for ALF-13231 - Message 'Failure' on workflow cancelation
36055: Fix for ALF-13926 - Intranet compatibility options override share's settings
36102: Merged BRANCHES/V3.4 to BRANCHES/DEV/V3.4-BUG-FIX
36097: Fix for ALF-13976 - 404 error handling in Share no longer correctly receives JSON response. OKed by DaveW.
36103: ALF-13578 : CIFS AlfJLANWorker threads (concurrency) - server not responding
36137: Merged V3.4 to V3.4-BUG-FIX
35433: ALF-13021: Folder deletion from Editorial not deleting from Live folder automatically
- Fix by Valery
- Needs further work for 4.0.x
35488: ALF-13718: Full reindex performance on SQL Server
- ORDER BY on child assoc query changed to only include ID (with Derek's permission)
- ADMLuceneIndexerImpl altered to not use batch loading in getChildAssocs so as not to blow the transactional caches when reindexing a large hierarchy
- ADMLuceneIndexerImpl altered so that it only checks for the existence of child associations when 'lazily' creating parent containers
- ADMLuceneTest corrected (with Andy's permission) so that this doesn't throw the unit test out
35505: ALF-13718: Corrected ADMLuceneCategoryTest to clear the 'real' index before creating a fake 'test' index
35809: Merged DEV to V3.4
35800: ALF-10353 : Internet Explorer hangs when using the object picker with a larger number of documents
YUI library was modified to use chunked unloading of listeners via a series of setTimeout() functions in event.js for IE 6,7,8.
36101: ALF-13978: Merged V4.0-BUG-FIX to V3.4
36014: ALF-13844: XSLT Filtering Not 100% Secure
- added more namespaces to the security filter.
- verified that include/import uses the security filter.
36108: ALF-13978: Fixed compilation errors
36129: Merged DEV to V3.4
36123: ALF-13951 : It's impossible to customize dashboard in Alfresco Share
A yui-2.8.1-patched library contains a fix for ALF-10353.
36142: Merged V3.4-BUG-FIX to V4.0-BUG-FIX (RECORD ONLY)
35432: ALF-13762: Merged V4.0-BUG-FIX to V3.4-BUG-FIX
35366: Fix for ALF-13542 - Notification is not displayed, when you try to create duplicate user.
35593: Merged BRANCHES/V3.4 to BRANCHES/DEV/V3.4-BUG-FIX:
35375: Fix for ALF-13711: "Hidden Aspect applied to Mac powerpoint files."
- re-instated previous hidden aspect behaviour
- unit tests
- also fixed cascade behaviour
36144: Merged V4.0 to V4.0-BUG-FIX
35918: 31473: -- initial commit for ALF-11027
-- enables CE / EE deployment of artifacts to a maven repository
-- added necessary ant build files and build properties.
-- also added a README
31474: -- added .project to svn:ignore
32534: -- added missing artifacts and fixed wrong ones
-- added possibility of custom artifacts labeling (by adding -Dmaven.custom.label), e.g. to allow snapshot / release deployments from working branches
-- TODO: document required ~/.m2/settings.xml
32582: -- renamed alfresco-datamodel to alfresco-data-model
-- fixed release/snapshot and custom version labeling
-- tested with Community, enterprise build undergoing (removed distribute-extras as pre-requisite)
32610: -- tested enterprise only deployment
-- removed tabs
-- fixed property placeholding
-- tested all artifacts
32611: -- added maven-ant-tasks library to automatically load ant maven tasks without dependencies on the ant installation
-- added typedef in the main maven.xml
35250: -- reworking on ALF-11027 to enable automated deployment of artifacts to the Maven repo
-- following conversations with DaveW implemented the following:
- removed classifier (just rely on different groupId, org.alfresco for Community and org.alfresco.enterprise for Enterprise)
- Added debugging lines to make sure proper repo / groupId configuration is picked up
- enabled SNAPSHOT/RELEASE deployment for both community and enterprise
-- updated README-maven-deploy.txt with all instructions on how to run the build
35388: -- added references to Maven settings.xml in the BINARIES as discussed with DaveW
35648: [ALF-11027] Since artifact:mvn does not support settingsFile attribute, switching to embedded command line -gs parameter to specify a custom settings.xml location
35649: [ALF-11027] Since artifact:mvn does not support settingsFile attribute, switching to embedded command line -gs parameter to specify a custom settings.xml location
35652: [ALF-11027] artifact:mvn uses an older Maven version which command line switch is -s instead of -gs
35775: [ALF-11027] Removed DoD and Kofax deployment from enteprise deployment procedure
35783: [ALF-11027] removing custom README and added documentation in line of the tw maven.xml files
35793: Fix comment syntax: no -- allowed there
35802: [ALF-11027] Removed calls to DoD targets
35810: [ALF-11027] Introducing a maven-build-deploy goal to build and deploy at once, maven-deploy now "just does the job
35822: [ALF-11027] Moved the maven setup steps to a maven-env-prerequisites separate target, so it gets executed earlier and defines the task
35851: [ALF-11027] Move targets around to fix the regular, non-continuous build
35894: [ALF-11027] Add maven.do.deploy variable, to control maven deployment from bamboo using parameterised plan
35896: [ALF-11027] Using Bamboo Plan Variables properly
35899: [ALF-11027] Use Bamboo variable to specify release vs snapshot rather than deployment or not
35905: [ALF-11027] Upload source and javadoc jars into Maven repo as well
35912: Upgrade maven-deploy-plugin to 2.7, to be able to deploy Javadoc and Source jars as well
35950: ALF-11027: Fix typo in jlan-embed deployment, removed svn revision from version, removed deployment of jmx-dumper
36145: Merged V4.0 to V4.0-BUG-FIX (RECORD ONLY)
34612: Merged V4.0-BUG-FIX to V4.0
ALF-12740: Update to previous fix (only apply to IE8 and below)
34618: Merged V4.0-BUG-FIX to V4.0
34474: ALF-13169 Tomcat fails to shutdown
- fix non daemon Timers
34637: Merged BRANCHES/DEV/V4.0-BUG-FIX to BRANCHES/V4.0 (4.0.1)
34636: Fix for ALF-13365 SOLR: Recently modified docs dashlet sorts incorrectly
34690: MERGE V4.0_BUG-FIX to V4.0
34226 : ALF-12780 Mac OS X Lion 10.7.2: Editing a document via CIFS and TextEdit removes versionable aspect from this file
34716: Merged V4.0-BUG-FIX to V4.0
34715: Fix for __ShowDetails desktop action returned URL is truncated if hostname too long. ALF-13202.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@36155 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
1954 lines
67 KiB
Java
1954 lines
67 KiB
Java
/*
|
|
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.domain.permissions;
|
|
|
|
import java.io.Serializable;
|
|
import java.util.ArrayList;
|
|
import java.util.Collections;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
|
|
import org.alfresco.error.AlfrescoRuntimeException;
|
|
import org.alfresco.repo.cache.SimpleCache;
|
|
import org.alfresco.repo.domain.node.NodeDAO;
|
|
import org.alfresco.repo.domain.qname.QNameDAO;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.permissions.ACEType;
|
|
import org.alfresco.repo.security.permissions.ACLCopyMode;
|
|
import org.alfresco.repo.security.permissions.ACLType;
|
|
import org.alfresco.repo.security.permissions.AccessControlEntry;
|
|
import org.alfresco.repo.security.permissions.AccessControlList;
|
|
import org.alfresco.repo.security.permissions.AccessControlListProperties;
|
|
import org.alfresco.repo.security.permissions.SimpleAccessControlEntry;
|
|
import org.alfresco.repo.security.permissions.SimpleAccessControlList;
|
|
import org.alfresco.repo.security.permissions.SimpleAccessControlListProperties;
|
|
import org.alfresco.repo.security.permissions.impl.AclChange;
|
|
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
|
|
import org.alfresco.repo.tenant.TenantService;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
|
|
import org.alfresco.repo.transaction.TransactionListenerAdapter;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.security.AccessStatus;
|
|
import org.alfresco.service.cmr.security.AuthorityType;
|
|
import org.alfresco.service.namespace.QName;
|
|
import org.alfresco.util.GUID;
|
|
import org.alfresco.util.Pair;
|
|
import org.alfresco.util.ParameterCheck;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
/**
|
|
* DAO to manage ACL persistence
|
|
*
|
|
* Note: based on earlier AclDaoComponentImpl
|
|
*
|
|
* @author Andy Hind, janv
|
|
* @since 3.4
|
|
*/
|
|
public class AclDAOImpl implements AclDAO
|
|
{
|
|
private static Log logger = LogFactory.getLog(AclDAOImpl.class);
|
|
|
|
private QNameDAO qnameDAO;
|
|
private AclCrudDAO aclCrudDAO;
|
|
private NodeDAO nodeDAO;
|
|
private TenantService tenantService;
|
|
private SimpleCache<Long, AccessControlList> aclCache;
|
|
private SimpleCache<Serializable, Set<String>> readersCache;
|
|
|
|
private SimpleCache<Serializable, Set<String>> readersDeniedCache;
|
|
|
|
private enum WriteMode
|
|
{
|
|
/**
|
|
* Remove inherited ACEs after that set
|
|
*/
|
|
TRUNCATE_INHERITED,
|
|
/**
|
|
* Add inherited ACEs
|
|
*/
|
|
ADD_INHERITED,
|
|
/**
|
|
* The source of inherited ACEs is changing
|
|
*/
|
|
CHANGE_INHERITED,
|
|
/**
|
|
* Remove all inherited ACEs
|
|
*/
|
|
REMOVE_INHERITED,
|
|
/**
|
|
* Insert inherited ACEs
|
|
*/
|
|
INSERT_INHERITED,
|
|
/**
|
|
* Copy ACLs and update ACEs and inheritance
|
|
*/
|
|
COPY_UPDATE_AND_INHERIT,
|
|
/**
|
|
* Simple copy
|
|
*/
|
|
COPY_ONLY, CREATE_AND_INHERIT;
|
|
}
|
|
|
|
public void setQnameDAO(QNameDAO qnameDAO)
|
|
{
|
|
this.qnameDAO = qnameDAO;
|
|
}
|
|
|
|
public void setTenantService(TenantService tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
public void setAclCrudDAO(AclCrudDAO aclCrudDAO)
|
|
{
|
|
this.aclCrudDAO = aclCrudDAO;
|
|
}
|
|
|
|
public void setNodeDAO(NodeDAO nodeDAO)
|
|
{
|
|
this.nodeDAO = nodeDAO;
|
|
}
|
|
|
|
/**
|
|
* Set the ACL cache
|
|
*
|
|
* @param aclCache
|
|
*/
|
|
public void setAclCache(SimpleCache<Long, AccessControlList> aclCache)
|
|
{
|
|
this.aclCache = aclCache;
|
|
}
|
|
|
|
/**
|
|
* @param readersCache the readersCache to set
|
|
*/
|
|
public void setReadersCache(SimpleCache<Serializable, Set<String>> readersCache)
|
|
{
|
|
this.readersCache = readersCache;
|
|
}
|
|
|
|
/**
|
|
* @param readersDeniedCache the readersDeniedCache to set
|
|
*/
|
|
public void setReadersDeniedCache(SimpleCache<Serializable, Set<String>> readersDeniedCache)
|
|
{
|
|
this.readersDeniedCache = readersDeniedCache;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public Long createAccessControlList()
|
|
{
|
|
return createAccessControlList(getDefaultProperties()).getId();
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public AccessControlListProperties getDefaultProperties()
|
|
{
|
|
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
|
|
properties.setAclType(ACLType.DEFINING);
|
|
properties.setInherits(true);
|
|
properties.setVersioned(false);
|
|
return properties;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public Acl createAccessControlList(AccessControlListProperties properties)
|
|
{
|
|
if (properties == null)
|
|
{
|
|
throw new IllegalArgumentException("Properties cannot be null");
|
|
}
|
|
|
|
if (properties.getAclType() == null)
|
|
{
|
|
throw new IllegalArgumentException("ACL Type must be defined");
|
|
}
|
|
switch (properties.getAclType())
|
|
{
|
|
case OLD:
|
|
if (properties.isVersioned() == Boolean.TRUE)
|
|
{
|
|
throw new IllegalArgumentException("Old acls can not be versioned");
|
|
}
|
|
break;
|
|
case SHARED:
|
|
throw new IllegalArgumentException("Can not create shared acls direct - use get inherited");
|
|
case DEFINING:
|
|
case LAYERED:
|
|
break;
|
|
case FIXED:
|
|
if (properties.getInherits() == Boolean.TRUE)
|
|
{
|
|
throw new IllegalArgumentException("Fixed ACLs can not inherit");
|
|
}
|
|
case GLOBAL:
|
|
if (properties.getInherits() == Boolean.TRUE)
|
|
{
|
|
throw new IllegalArgumentException("Fixed ACLs can not inherit");
|
|
}
|
|
default:
|
|
break;
|
|
}
|
|
return createAccessControlList(properties, null, null);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public Acl createAccessControlList(AccessControlListProperties properties, List<AccessControlEntry> aces, Long inherited)
|
|
{
|
|
if (properties == null)
|
|
{
|
|
throw new IllegalArgumentException("Properties cannot be null");
|
|
}
|
|
|
|
AclEntity acl = new AclEntity();
|
|
if (properties.getAclId() != null)
|
|
{
|
|
acl.setAclId(properties.getAclId());
|
|
}
|
|
else
|
|
{
|
|
acl.setAclId(GUID.generate());
|
|
}
|
|
acl.setAclType(properties.getAclType());
|
|
acl.setAclVersion(Long.valueOf(1l));
|
|
|
|
switch (properties.getAclType())
|
|
{
|
|
case FIXED:
|
|
case GLOBAL:
|
|
acl.setInherits(Boolean.FALSE);
|
|
case OLD:
|
|
case SHARED:
|
|
case DEFINING:
|
|
case LAYERED:
|
|
default:
|
|
if (properties.getInherits() != null)
|
|
{
|
|
acl.setInherits(properties.getInherits());
|
|
}
|
|
else
|
|
{
|
|
acl.setInherits(Boolean.TRUE);
|
|
}
|
|
break;
|
|
}
|
|
acl.setLatest(Boolean.TRUE);
|
|
|
|
switch (properties.getAclType())
|
|
{
|
|
case OLD:
|
|
acl.setVersioned(Boolean.FALSE);
|
|
break;
|
|
case LAYERED:
|
|
if (properties.isVersioned() != null)
|
|
{
|
|
acl.setVersioned(properties.isVersioned());
|
|
}
|
|
else
|
|
{
|
|
acl.setVersioned(Boolean.TRUE);
|
|
}
|
|
break;
|
|
case FIXED:
|
|
case GLOBAL:
|
|
case SHARED:
|
|
case DEFINING:
|
|
default:
|
|
if (properties.isVersioned() != null)
|
|
{
|
|
acl.setVersioned(properties.isVersioned());
|
|
}
|
|
else
|
|
{
|
|
acl.setVersioned(Boolean.FALSE);
|
|
}
|
|
break;
|
|
}
|
|
|
|
acl.setAclChangeSetId(getCurrentChangeSetId());
|
|
acl.setRequiresVersion(false);
|
|
|
|
Acl createdAcl = (AclEntity)aclCrudDAO.createAcl(acl);
|
|
long created = createdAcl.getId();
|
|
|
|
List<Ace> toAdd = new ArrayList<Ace>();
|
|
List<AccessControlEntry> excluded = new ArrayList<AccessControlEntry>();
|
|
List<AclChange> changes = new ArrayList<AclChange>();
|
|
if ((aces != null) && aces.size() > 0)
|
|
{
|
|
for (AccessControlEntry ace : aces)
|
|
{
|
|
if ((ace.getPosition() != null) && (ace.getPosition() != 0))
|
|
{
|
|
throw new IllegalArgumentException("Invalid position");
|
|
}
|
|
|
|
// Find authority
|
|
Authority authority = aclCrudDAO.getOrCreateAuthority(ace.getAuthority());
|
|
Permission permission = aclCrudDAO.getOrCreatePermission(ace.getPermission());
|
|
|
|
// Find context
|
|
if (ace.getContext() != null)
|
|
{
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
|
|
// Find ACE
|
|
Ace entry = aclCrudDAO.getOrCreateAce(permission, authority, ace.getAceType(), ace.getAccessStatus());
|
|
|
|
// Wire up
|
|
// COW and remove any existing matches
|
|
|
|
SimpleAccessControlEntry exclude = new SimpleAccessControlEntry();
|
|
// match any access status
|
|
exclude.setAceType(ace.getAceType());
|
|
exclude.setAuthority(ace.getAuthority());
|
|
exclude.setPermission(ace.getPermission());
|
|
exclude.setPosition(0);
|
|
|
|
toAdd.add(entry);
|
|
excluded.add(exclude);
|
|
// Will remove from the cache
|
|
}
|
|
}
|
|
Long toInherit = null;
|
|
if (inherited != null)
|
|
{
|
|
toInherit = getInheritedAccessControlList(inherited);
|
|
}
|
|
getWritable(created, toInherit, excluded, toAdd, toInherit, false, changes, WriteMode.CREATE_AND_INHERIT);
|
|
|
|
|
|
return createdAcl;
|
|
}
|
|
|
|
private void getWritable(
|
|
final Long id, final Long parent,
|
|
List<? extends AccessControlEntry> exclude, List<Ace> toAdd,
|
|
Long inheritsFrom, boolean cascade,
|
|
List<AclChange> changes, WriteMode mode)
|
|
{
|
|
List<Ace> inherited = null;
|
|
List<Integer> positions = null;
|
|
|
|
if ((mode == WriteMode.ADD_INHERITED) || (mode == WriteMode.INSERT_INHERITED) || (mode == WriteMode.CHANGE_INHERITED) || (mode == WriteMode.CREATE_AND_INHERIT ))
|
|
{
|
|
inherited = new ArrayList<Ace>();
|
|
positions = new ArrayList<Integer>();
|
|
|
|
// get aces for acl (via acl member)
|
|
List<AclMember> members;
|
|
if(parent != null)
|
|
{
|
|
members = aclCrudDAO.getAclMembersByAcl(parent);
|
|
}
|
|
else
|
|
{
|
|
members = Collections.<AclMember>emptyList();
|
|
}
|
|
|
|
for (AclMember member : members)
|
|
{
|
|
Ace aceEntity = aclCrudDAO.getAce(member.getAceId());
|
|
|
|
if ((mode == WriteMode.INSERT_INHERITED) && (member.getPos() == 0))
|
|
{
|
|
inherited.add(aceEntity);
|
|
positions.add(member.getPos());
|
|
}
|
|
else
|
|
{
|
|
inherited.add(aceEntity);
|
|
positions.add(member.getPos());
|
|
}
|
|
}
|
|
}
|
|
|
|
getWritable(id, parent, exclude, toAdd, inheritsFrom, inherited, positions, cascade, 0, changes, mode, false);
|
|
}
|
|
|
|
/**
|
|
* Make a whole tree of ACLs copy on write if required Includes adding and removing ACEs which can be optimised
|
|
* slightly for copy on write (no need to add and then remove)
|
|
*/
|
|
private void getWritable(
|
|
final Long id, final Long parent,
|
|
List<? extends AccessControlEntry> exclude, List<Ace> toAdd, Long inheritsFrom,
|
|
List<Ace> inherited, List<Integer> positions,
|
|
boolean cascade, int depth, List<AclChange> changes, WriteMode mode, boolean requiresVersion)
|
|
{
|
|
AclChange current = getWritable(id, parent, exclude, toAdd, inheritsFrom, inherited, positions, depth, mode, requiresVersion);
|
|
changes.add(current);
|
|
|
|
boolean cascadeVersion = requiresVersion;
|
|
if (!cascadeVersion)
|
|
{
|
|
cascadeVersion = !current.getBefore().equals(current.getAfter());
|
|
}
|
|
|
|
if (cascade)
|
|
{
|
|
List<Long> inheritors = aclCrudDAO.getAclsThatInheritFromAcl(id);
|
|
for (Long nextId : inheritors)
|
|
{
|
|
// Check for those that inherit themselves to other nodes ...
|
|
if (!nextId.equals(id))
|
|
{
|
|
getWritable(nextId, current.getAfter(), exclude, toAdd, current.getAfter(), inherited, positions, cascade, depth + 1, changes, mode, cascadeVersion);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* COW for an individual ACL
|
|
* @return - an AclChange
|
|
*/
|
|
private AclChange getWritable(
|
|
final Long id, final Long parent,
|
|
List<? extends AccessControlEntry> exclude, List<Ace> acesToAdd, Long inheritsFrom,
|
|
List<Ace> inherited, List<Integer> positions, int depth, WriteMode mode, boolean requiresVersion)
|
|
{
|
|
AclUpdateEntity acl = aclCrudDAO.getAclForUpdate(id);
|
|
if (!acl.isLatest())
|
|
{
|
|
aclCache.remove(id);
|
|
readersCache.remove(id);
|
|
readersDeniedCache.remove(id);
|
|
return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType());
|
|
}
|
|
|
|
List<Long> toAdd = new ArrayList<Long>(0);
|
|
if (acesToAdd != null)
|
|
{
|
|
for (Ace ace : acesToAdd)
|
|
{
|
|
toAdd.add(ace.getId());
|
|
}
|
|
}
|
|
|
|
if (!acl.isVersioned())
|
|
{
|
|
switch (mode)
|
|
{
|
|
case COPY_UPDATE_AND_INHERIT:
|
|
removeAcesFromAcl(id, exclude, depth);
|
|
aclCrudDAO.addAclMembersToAcl(acl.getId(), toAdd, depth);
|
|
break;
|
|
case CHANGE_INHERITED:
|
|
replaceInherited(id, acl, inherited, positions, depth);
|
|
break;
|
|
case ADD_INHERITED:
|
|
addInherited(acl, inherited, positions, depth);
|
|
break;
|
|
case TRUNCATE_INHERITED:
|
|
truncateInherited(id, depth);
|
|
break;
|
|
case INSERT_INHERITED:
|
|
insertInherited(id, acl, inherited, positions, depth);
|
|
break;
|
|
case REMOVE_INHERITED:
|
|
removeInherited(id, depth);
|
|
break;
|
|
case CREATE_AND_INHERIT:
|
|
aclCrudDAO.addAclMembersToAcl(acl.getId(), toAdd, depth);
|
|
addInherited(acl, inherited, positions, depth);
|
|
case COPY_ONLY:
|
|
default:
|
|
break;
|
|
}
|
|
if (inheritsFrom != null)
|
|
{
|
|
acl.setInheritsFrom(inheritsFrom);
|
|
}
|
|
acl.setAclChangeSetId(getCurrentChangeSetId());
|
|
aclCrudDAO.updateAcl(acl);
|
|
aclCache.remove(id);
|
|
readersCache.remove(id);
|
|
readersDeniedCache.remove(id);
|
|
return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType());
|
|
}
|
|
else if ((acl.getAclChangeSetId() == getCurrentChangeSetId()) && (!requiresVersion) && (!acl.getRequiresVersion()))
|
|
{
|
|
switch (mode)
|
|
{
|
|
case COPY_UPDATE_AND_INHERIT:
|
|
removeAcesFromAcl(id, exclude, depth);
|
|
aclCrudDAO.addAclMembersToAcl(acl.getId(), toAdd, depth);
|
|
break;
|
|
case CHANGE_INHERITED:
|
|
replaceInherited(id, acl, inherited, positions, depth);
|
|
break;
|
|
case ADD_INHERITED:
|
|
addInherited(acl, inherited, positions, depth);
|
|
break;
|
|
case TRUNCATE_INHERITED:
|
|
truncateInherited(id, depth);
|
|
break;
|
|
case INSERT_INHERITED:
|
|
insertInherited(id, acl, inherited, positions, depth);
|
|
break;
|
|
case REMOVE_INHERITED:
|
|
removeInherited(id, depth);
|
|
break;
|
|
case CREATE_AND_INHERIT:
|
|
aclCrudDAO.addAclMembersToAcl(acl.getId(), toAdd, depth);
|
|
addInherited(acl, inherited, positions, depth);
|
|
case COPY_ONLY:
|
|
default:
|
|
break;
|
|
}
|
|
if (inheritsFrom != null)
|
|
{
|
|
acl.setInheritsFrom(inheritsFrom);
|
|
}
|
|
aclCrudDAO.updateAcl(acl);
|
|
aclCache.remove(id);
|
|
readersCache.remove(id);
|
|
readersDeniedCache.remove(id);
|
|
return new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType());
|
|
}
|
|
else
|
|
{
|
|
AclEntity newAcl = new AclEntity();
|
|
newAcl.setAclChangeSetId(getCurrentChangeSetId());
|
|
newAcl.setAclId(acl.getAclId());
|
|
newAcl.setAclType(acl.getAclType());
|
|
newAcl.setAclVersion(acl.getAclVersion() + 1);
|
|
newAcl.setInheritedAcl(-1l);
|
|
newAcl.setInherits(acl.getInherits());
|
|
newAcl.setInheritsFrom((inheritsFrom != null) ? inheritsFrom : acl.getInheritsFrom());
|
|
newAcl.setLatest(Boolean.TRUE);
|
|
newAcl.setVersioned(Boolean.TRUE);
|
|
newAcl.setRequiresVersion(Boolean.FALSE);
|
|
|
|
AclEntity createdAcl = (AclEntity)aclCrudDAO.createAcl(newAcl);
|
|
long created = createdAcl.getId();
|
|
|
|
// Create new membership entries - excluding those in the given pattern
|
|
|
|
// AcePatternMatcher excluder = new AcePatternMatcher(exclude);
|
|
|
|
// get aces for acl (via acl member)
|
|
List<AclMember> members = aclCrudDAO.getAclMembersByAcl(id);
|
|
|
|
if (members.size() > 0)
|
|
{
|
|
List<Pair<Long,Integer>> aceIdsWithDepths = new ArrayList<Pair<Long,Integer>>(members.size());
|
|
|
|
for (AclMember member : members)
|
|
{
|
|
aceIdsWithDepths.add(new Pair<Long, Integer>(member.getAceId(), member.getPos()));
|
|
}
|
|
|
|
// copy acl members to new acl
|
|
aclCrudDAO.addAclMembersToAcl(newAcl.getId(), aceIdsWithDepths);
|
|
}
|
|
|
|
// add new
|
|
|
|
switch (mode)
|
|
{
|
|
case COPY_UPDATE_AND_INHERIT:
|
|
// Done above
|
|
removeAcesFromAcl(newAcl.getId(), exclude, depth);
|
|
aclCrudDAO.addAclMembersToAcl(newAcl.getId(), toAdd, depth);
|
|
break;
|
|
case CHANGE_INHERITED:
|
|
replaceInherited(newAcl.getId(), newAcl, inherited, positions, depth);
|
|
break;
|
|
case ADD_INHERITED:
|
|
addInherited(newAcl, inherited, positions, depth);
|
|
break;
|
|
case TRUNCATE_INHERITED:
|
|
truncateInherited(newAcl.getId(), depth);
|
|
break;
|
|
case INSERT_INHERITED:
|
|
insertInherited(newAcl.getId(), newAcl, inherited, positions, depth);
|
|
break;
|
|
case REMOVE_INHERITED:
|
|
removeInherited(newAcl.getId(), depth);
|
|
break;
|
|
case CREATE_AND_INHERIT:
|
|
aclCrudDAO.addAclMembersToAcl(acl.getId(), toAdd, depth);
|
|
addInherited(acl, inherited, positions, depth);
|
|
case COPY_ONLY:
|
|
default:
|
|
break;
|
|
}
|
|
|
|
// Fix up inherited ACL if required
|
|
if (newAcl.getAclType() == ACLType.SHARED)
|
|
{
|
|
if (parent != null)
|
|
{
|
|
Long writableParentAcl = getWritable(parent, null, null, null, null, null, null, 0, WriteMode.COPY_ONLY, false).getAfter();
|
|
AclUpdateEntity parentAcl = aclCrudDAO.getAclForUpdate(writableParentAcl);
|
|
parentAcl.setInheritedAcl(created);
|
|
aclCrudDAO.updateAcl(parentAcl);
|
|
}
|
|
}
|
|
|
|
// fix up old version
|
|
acl.setLatest(Boolean.FALSE);
|
|
acl.setRequiresVersion(Boolean.FALSE);
|
|
aclCrudDAO.updateAcl(acl);
|
|
aclCache.remove(id);
|
|
readersCache.remove(id);
|
|
readersDeniedCache.remove(id);
|
|
return new AclChangeImpl(id, created, acl.getAclType(), newAcl.getAclType());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Helper to remove ACEs from an ACL
|
|
*/
|
|
private void removeAcesFromAcl(final Long id, final List<? extends AccessControlEntry> exclude, final int depth)
|
|
{
|
|
if (exclude == null)
|
|
{
|
|
// cascade delete all acl members - no exclusion
|
|
aclCrudDAO.deleteAclMembersByAcl(id);
|
|
}
|
|
else
|
|
{
|
|
AcePatternMatcher excluder = new AcePatternMatcher(exclude);
|
|
|
|
List<Map<String, Object>> results = aclCrudDAO.getAcesAndAuthoritiesByAcl(id);
|
|
List<Long> memberIds = new ArrayList<Long>(results.size());
|
|
|
|
for (Map<String, Object> result : results)
|
|
{
|
|
Long result_aclmemId = (Long) result.get("aclmemId");
|
|
|
|
if ((exclude != null) && excluder.matches(aclCrudDAO, result, depth))
|
|
{
|
|
memberIds.add(result_aclmemId);
|
|
}
|
|
}
|
|
|
|
// delete list of acl members
|
|
aclCrudDAO.deleteAclMembers(memberIds);
|
|
}
|
|
}
|
|
|
|
private void replaceInherited(Long id, Acl acl, List<Ace> inherited, List<Integer> positions, int depth)
|
|
{
|
|
truncateInherited(id, depth);
|
|
addInherited(acl, inherited, positions, depth);
|
|
}
|
|
|
|
private void truncateInherited(final Long id, int depth)
|
|
{
|
|
List<AclMember> members = aclCrudDAO.getAclMembersByAcl(id);
|
|
|
|
List<Long> membersToDelete = new ArrayList<Long>(members.size());
|
|
for (AclMember member : members)
|
|
{
|
|
if (member.getPos() > depth)
|
|
{
|
|
membersToDelete.add(member.getId());
|
|
}
|
|
}
|
|
|
|
if (membersToDelete.size() > 0)
|
|
{
|
|
// delete list of acl members
|
|
aclCrudDAO.deleteAclMembers(membersToDelete);
|
|
}
|
|
}
|
|
|
|
private void removeInherited(final Long id, int depth)
|
|
{
|
|
List<AclMemberEntity> members = aclCrudDAO.getAclMembersByAclForUpdate(id);
|
|
|
|
List<Long> membersToDelete = new ArrayList<Long>(members.size());
|
|
for (AclMemberEntity member : members)
|
|
{
|
|
if (member.getPos() == depth + 1)
|
|
{
|
|
membersToDelete.add(member.getId());
|
|
}
|
|
else if (member.getPos() > (depth + 1))
|
|
{
|
|
member.setPos(member.getPos() - 1);
|
|
aclCrudDAO.updateAclMember(member);
|
|
}
|
|
}
|
|
|
|
if (membersToDelete.size() > 0)
|
|
{
|
|
// delete list of acl members
|
|
aclCrudDAO.deleteAclMembers(membersToDelete);
|
|
}
|
|
}
|
|
|
|
private void addInherited(Acl acl, List<Ace> inherited, List<Integer> positions, int depth)
|
|
{
|
|
if ((inherited != null) && (inherited.size() > 0))
|
|
{
|
|
List<Pair<Long,Integer>> aceIdsWithDepths = new ArrayList<Pair<Long,Integer>>(inherited.size());
|
|
for (int i = 0; i < inherited.size(); i++)
|
|
{
|
|
Ace add = inherited.get(i);
|
|
Integer position = positions.get(i);
|
|
aceIdsWithDepths.add(new Pair<Long, Integer>(add.getId(), position.intValue() + depth + 1));
|
|
}
|
|
aclCrudDAO.addAclMembersToAcl(acl.getId(), aceIdsWithDepths);
|
|
}
|
|
}
|
|
|
|
private void insertInherited(final Long id, AclEntity acl, List<Ace> inherited, List<Integer> positions, int depth)
|
|
{
|
|
// get aces for acl (via acl member)
|
|
List<AclMemberEntity> members = aclCrudDAO.getAclMembersByAclForUpdate(id);
|
|
|
|
for (AclMemberEntity member : members)
|
|
{
|
|
if (member.getPos() > depth)
|
|
{
|
|
member.setPos(member.getPos() + 1);
|
|
aclCrudDAO.updateAclMember(member);
|
|
}
|
|
}
|
|
|
|
addInherited(acl, inherited, positions, depth);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<AclChange> deleteAccessControlEntries(final String authority)
|
|
{
|
|
List<AclChange> acls = new ArrayList<AclChange>();
|
|
|
|
// get authority
|
|
Authority authEntity = aclCrudDAO.getAuthority(authority);
|
|
if (authEntity == null)
|
|
{
|
|
return acls;
|
|
}
|
|
|
|
List<Long> aces = new ArrayList<Long>();
|
|
|
|
List<AclMember> members = aclCrudDAO.getAclMembersByAuthority(authority);
|
|
|
|
boolean leaveAuthority = false;
|
|
if (members.size() > 0)
|
|
{
|
|
List<Long> membersToDelete = new ArrayList<Long>(members.size());
|
|
|
|
// fix up members and extract acls and aces
|
|
for (AclMember member : members)
|
|
{
|
|
// Delete acl entry
|
|
Long aclMemberId = member.getId();
|
|
Long aclId = member.getAclId();
|
|
Long aceId = member.getAceId();
|
|
|
|
boolean hasAnotherTenantNodes = false;
|
|
if (AuthenticationUtil.isMtEnabled())
|
|
{
|
|
// ALF-3563
|
|
|
|
// Retrieve dependent nodes
|
|
List<Long> nodeIds = aclCrudDAO.getADMNodesByAcl(aclId, -1);
|
|
nodeIds.addAll(aclCrudDAO.getAVMNodesByAcl(aclId, -1));
|
|
|
|
if (nodeIds.size() > 0)
|
|
{
|
|
for (Long nodeId : nodeIds)
|
|
{
|
|
Pair<Long, NodeRef> nodePair = nodeDAO.getNodePair(nodeId);
|
|
if (nodePair == null)
|
|
{
|
|
logger.warn("Node does not exist: " + nodeId);
|
|
continue;
|
|
}
|
|
else
|
|
{
|
|
NodeRef nodeRef = nodePair.getSecond();
|
|
try
|
|
{
|
|
// Throws AlfrescoRuntimeException in case of domain mismatch
|
|
tenantService.checkDomain(nodeRef.getStoreRef().getIdentifier());
|
|
}
|
|
catch (AlfrescoRuntimeException e)
|
|
{
|
|
hasAnotherTenantNodes = true;
|
|
leaveAuthority = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!hasAnotherTenantNodes)
|
|
{
|
|
aclCache.remove(aclId);
|
|
readersCache.remove(aclId);
|
|
readersDeniedCache.remove(aclId);
|
|
|
|
Acl list = aclCrudDAO.getAcl(aclId);
|
|
acls.add(new AclChangeImpl(aclId, aclId, list.getAclType(), list.getAclType()));
|
|
membersToDelete.add(aclMemberId);
|
|
aces.add((Long)aceId);
|
|
}
|
|
}
|
|
|
|
// delete list of acl members
|
|
aclCrudDAO.deleteAclMembers(membersToDelete);
|
|
}
|
|
|
|
if (!leaveAuthority)
|
|
{
|
|
// remove ACEs
|
|
aclCrudDAO.deleteAces(aces);
|
|
|
|
// Tidy up any unreferenced ACEs
|
|
|
|
// get aces by authority
|
|
List<Ace> unreferenced = aclCrudDAO.getAcesByAuthority(authEntity.getId());
|
|
|
|
if (unreferenced.size() > 0)
|
|
{
|
|
List<Long> unrefencedAcesToDelete = new ArrayList<Long>(unreferenced.size());
|
|
for (Ace ace : unreferenced)
|
|
{
|
|
unrefencedAcesToDelete.add(ace.getId());
|
|
}
|
|
aclCrudDAO.deleteAces(unrefencedAcesToDelete);
|
|
}
|
|
|
|
// remove authority
|
|
if (authEntity != null)
|
|
{
|
|
aclCrudDAO.deleteAuthority(authEntity.getId());
|
|
}
|
|
}
|
|
|
|
return acls;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public void deleteAclForNode(long aclId, boolean isAVMNode)
|
|
{
|
|
Acl dbAcl = getAcl(aclId);
|
|
if (dbAcl.getAclType() == ACLType.DEFINING)
|
|
{
|
|
// delete acl members & acl
|
|
aclCrudDAO.deleteAclMembersByAcl(aclId);
|
|
aclCrudDAO.deleteAcl(aclId);
|
|
|
|
aclCache.remove(aclId);
|
|
readersCache.remove(aclId);
|
|
readersDeniedCache.remove(aclId);
|
|
}
|
|
if (dbAcl.getAclType() == ACLType.SHARED)
|
|
{
|
|
// check unused
|
|
Long defining = dbAcl.getInheritsFrom();
|
|
if (aclCrudDAO.getAcl(defining) == null)
|
|
{
|
|
if (! isAVMNode)
|
|
{
|
|
// ADM
|
|
if (getADMNodesByAcl(aclId, 1).size() == 0)
|
|
{
|
|
// delete acl members & acl
|
|
aclCrudDAO.deleteAclMembersByAcl(aclId);
|
|
aclCrudDAO.deleteAcl(aclId);
|
|
|
|
aclCache.remove(aclId);
|
|
readersCache.remove(aclId);
|
|
readersDeniedCache.remove(aclId);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// TODO: AVM
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<AclChange> deleteAccessControlList(final Long id)
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
// debug only
|
|
int maxForDebug = 11;
|
|
List<Long> nodeIds = getADMNodesByAcl(id, maxForDebug);
|
|
|
|
for (Long nodeId : nodeIds)
|
|
{
|
|
logger.debug("deleteAccessControlList: Found nodeId=" + nodeId + ", aclId=" + id);
|
|
}
|
|
}
|
|
|
|
List<AclChange> acls = new ArrayList<AclChange>();
|
|
|
|
final AclUpdateEntity acl = aclCrudDAO.getAclForUpdate(id);
|
|
if (!acl.isLatest())
|
|
{
|
|
throw new UnsupportedOperationException("Old ACL versions can not be updated");
|
|
}
|
|
if (acl.getAclType() == ACLType.SHARED)
|
|
{
|
|
throw new UnsupportedOperationException("Delete is not supported for shared acls - they are deleted with the defining acl");
|
|
}
|
|
|
|
if ((acl.getAclType() == ACLType.DEFINING) || (acl.getAclType() == ACLType.LAYERED))
|
|
{
|
|
if ((acl.getInheritedAcl() != null) && (acl.getInheritedAcl() != -1))
|
|
{
|
|
final Acl inherited = aclCrudDAO.getAcl(acl.getInheritedAcl());
|
|
|
|
// Will remove from the cache
|
|
getWritable(inherited.getId(), acl.getInheritsFrom(), null, null, null, true, acls, WriteMode.REMOVE_INHERITED);
|
|
Acl unusedInherited = null;
|
|
for (AclChange change : acls)
|
|
{
|
|
if (change.getBefore()!= null && change.getBefore().equals(inherited.getId()))
|
|
{
|
|
unusedInherited = aclCrudDAO.getAcl(change.getAfter());
|
|
}
|
|
}
|
|
|
|
final Long newId = unusedInherited.getId();
|
|
List<Long> inheritors = aclCrudDAO.getAclsThatInheritFromAcl(newId);
|
|
for (Long nextId : inheritors)
|
|
{
|
|
// Will remove from the cache
|
|
getWritable(nextId, acl.getInheritsFrom(), null, null, acl.getInheritsFrom(), true, acls, WriteMode.REMOVE_INHERITED);
|
|
}
|
|
|
|
// delete acl members
|
|
aclCrudDAO.deleteAclMembersByAcl(newId);
|
|
|
|
// delete 'unusedInherited' acl
|
|
aclCrudDAO.deleteAcl(unusedInherited.getId());
|
|
|
|
if (inherited.isVersioned())
|
|
{
|
|
AclUpdateEntity inheritedForUpdate = aclCrudDAO.getAclForUpdate(inherited.getId());
|
|
if (inheritedForUpdate != null)
|
|
{
|
|
inheritedForUpdate.setLatest(Boolean.FALSE);
|
|
aclCrudDAO.updateAcl(inheritedForUpdate);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// delete 'inherited' acl
|
|
aclCrudDAO.deleteAcl(inherited.getId());
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
List<Long> inheritors = aclCrudDAO.getAclsThatInheritFromAcl(id);
|
|
for (Long nextId : inheritors)
|
|
{
|
|
// Will remove from the cache
|
|
getWritable(nextId, acl.getInheritsFrom(), null, null, null, true, acls, WriteMode.REMOVE_INHERITED);
|
|
}
|
|
}
|
|
|
|
// delete
|
|
if (acl.isVersioned())
|
|
{
|
|
acl.setLatest(Boolean.FALSE);
|
|
acl.setAclChangeSetId(getCurrentChangeSetId());
|
|
aclCrudDAO.updateAcl(acl);
|
|
}
|
|
else
|
|
{
|
|
// delete acl members & acl
|
|
aclCrudDAO.deleteAclMembersByAcl(id);
|
|
aclCrudDAO.deleteAcl(acl.getId());
|
|
}
|
|
|
|
// remove the deleted acl from the cache
|
|
aclCache.remove(id);
|
|
readersCache.remove(id);
|
|
readersDeniedCache.remove(id);
|
|
acls.add(new AclChangeImpl(id, null, acl.getAclType(), null));
|
|
return acls;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<AclChange> deleteLocalAccessControlEntries(Long id)
|
|
{
|
|
List<AclChange> changes = new ArrayList<AclChange>();
|
|
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
|
|
pattern.setPosition(Integer.valueOf(0));
|
|
// Will remove from the cache
|
|
getWritable(id, null, Collections.singletonList(pattern), null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
|
|
return changes;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<AclChange> deleteInheritedAccessControlEntries(Long id)
|
|
{
|
|
List<AclChange> changes = new ArrayList<AclChange>();
|
|
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
|
|
pattern.setPosition(Integer.valueOf(-1));
|
|
// Will remove from the cache
|
|
getWritable(id, null, Collections.singletonList(pattern), null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
|
|
return changes;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<AclChange> deleteAccessControlEntries(Long id, AccessControlEntry pattern)
|
|
{
|
|
List<AclChange> changes = new ArrayList<AclChange>();
|
|
// Will remove from the cache
|
|
getWritable(id, null, Collections.singletonList(pattern), null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
|
|
return changes;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public Acl getAcl(Long id)
|
|
{
|
|
return aclCrudDAO.getAcl(id);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public AccessControlListProperties getAccessControlListProperties(Long id)
|
|
{
|
|
ParameterCheck.mandatory("id", id); // Prevent unboxing failures
|
|
return aclCrudDAO.getAcl(id);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public AccessControlList getAccessControlList(Long id)
|
|
{
|
|
AccessControlList acl = aclCache.get(id);
|
|
if (acl == null)
|
|
{
|
|
acl = getAccessControlListImpl(id);
|
|
aclCache.put(id, acl);
|
|
}
|
|
else
|
|
{
|
|
// System.out.println("Used cache for "+id);
|
|
}
|
|
return acl;
|
|
}
|
|
|
|
/**
|
|
* @return the access control list
|
|
*/
|
|
private AccessControlList getAccessControlListImpl(final Long id)
|
|
{
|
|
SimpleAccessControlList acl = new SimpleAccessControlList();
|
|
AccessControlListProperties properties = getAccessControlListProperties(id);
|
|
if (properties == null)
|
|
{
|
|
return null;
|
|
}
|
|
|
|
acl.setProperties(properties);
|
|
|
|
List<Map<String, Object>> results = aclCrudDAO.getAcesAndAuthoritiesByAcl(id);
|
|
|
|
List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>(results.size());
|
|
for (Map<String, Object> result : results)
|
|
// for (AclMemberEntity member : members)
|
|
{
|
|
Boolean aceIsAllowed = (Boolean) result.get("allowed");
|
|
Integer aceType = (Integer) result.get("applies");
|
|
String authority = (String) result.get("authority");
|
|
Long permissionId = (Long) result.get("permissionId");
|
|
Integer position = (Integer) result.get("pos");
|
|
//Long result_aclmemId = (Long) result.get("aclmemId"); // not used here
|
|
|
|
SimpleAccessControlEntry sacEntry = new SimpleAccessControlEntry();
|
|
sacEntry.setAccessStatus(aceIsAllowed ? AccessStatus.ALLOWED : AccessStatus.DENIED);
|
|
sacEntry.setAceType(ACEType.getACETypeFromId(aceType));
|
|
sacEntry.setAuthority(authority);
|
|
// if (entry.getContext() != null)
|
|
// {
|
|
// SimpleAccessControlEntryContext context = new SimpleAccessControlEntryContext();
|
|
// context.setClassContext(entry.getContext().getClassContext());
|
|
// context.setKVPContext(entry.getContext().getKvpContext());
|
|
// context.setPropertyContext(entry.getContext().getPropertyContext());
|
|
// sacEntry.setContext(context);
|
|
// }
|
|
Permission perm = aclCrudDAO.getPermission(permissionId);
|
|
QName permTypeQName = qnameDAO.getQName(perm.getTypeQNameId()).getSecond(); // Has an ID so must exist
|
|
SimplePermissionReference permissionRefernce = SimplePermissionReference.getPermissionReference(permTypeQName, perm.getName());
|
|
sacEntry.setPermission(permissionRefernce);
|
|
sacEntry.setPosition(position);
|
|
entries.add(sacEntry);
|
|
}
|
|
|
|
Collections.sort(entries);
|
|
acl.setEntries(entries);
|
|
|
|
return acl;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public Long getInheritedAccessControlList(Long id)
|
|
{
|
|
aclCache.remove(id);
|
|
AclUpdateEntity acl = aclCrudDAO.getAclForUpdate(id);
|
|
if (acl.getAclType() == ACLType.OLD)
|
|
{
|
|
return null;
|
|
}
|
|
if ((acl.getInheritedAcl() != null) && (acl.getInheritedAcl() != -1))
|
|
{
|
|
return acl.getInheritedAcl();
|
|
}
|
|
|
|
Long inheritedAclId = null;
|
|
|
|
if ((acl.getAclType() == ACLType.DEFINING) || (acl.getAclType() == ACLType.LAYERED))
|
|
{
|
|
List<AclChange> changes = new ArrayList<AclChange>();
|
|
// created shared acl
|
|
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
|
|
properties.setAclType(ACLType.SHARED);
|
|
properties.setInherits(Boolean.TRUE);
|
|
properties.setVersioned(acl.isVersioned());
|
|
Long sharedId = createAccessControlList(properties, null, null).getId();
|
|
getWritable(sharedId, id, null, null, id, true, changes, WriteMode.ADD_INHERITED);
|
|
acl.setInheritedAcl(sharedId);
|
|
inheritedAclId = sharedId;
|
|
}
|
|
else
|
|
{
|
|
acl.setInheritedAcl(acl.getId());
|
|
inheritedAclId = acl.getId();
|
|
}
|
|
|
|
// Does not cause the change set to change
|
|
//acl.setAclChangeSetId(getCurrentChangeSetId());
|
|
aclCrudDAO.updateAcl(acl);
|
|
return inheritedAclId;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<AclChange> mergeInheritedAccessControlList(Long inherited, Long target)
|
|
{
|
|
// TODO: For now we do a replace - we could do an insert if both inherit from the same acl
|
|
|
|
List<AclChange> changes = new ArrayList<AclChange>();
|
|
|
|
Acl targetAcl = aclCrudDAO.getAcl(target);
|
|
|
|
Acl inheritedAcl = null;
|
|
if (inherited != null)
|
|
{
|
|
inheritedAcl = aclCrudDAO.getAcl(inherited);
|
|
}
|
|
else
|
|
{
|
|
// Assume we are just resetting it to inherit as before
|
|
if (targetAcl.getInheritsFrom() != null)
|
|
{
|
|
inheritedAcl = aclCrudDAO.getAcl(targetAcl.getInheritsFrom());
|
|
if (inheritedAcl == null)
|
|
{
|
|
// TODO: Try previous versions
|
|
throw new IllegalStateException("No old inheritance definition to use");
|
|
}
|
|
else
|
|
{
|
|
// find the latest version of the acl
|
|
if (!inheritedAcl.isLatest())
|
|
{
|
|
final String searchAclId = inheritedAcl.getAclId();
|
|
|
|
Long actualInheritor = (Long)aclCrudDAO.getLatestAclByGuid(searchAclId);
|
|
|
|
inheritedAcl = aclCrudDAO.getAcl(actualInheritor);
|
|
if (inheritedAcl == null)
|
|
{
|
|
// TODO: Try previous versions
|
|
throw new IllegalStateException("No ACL found");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// There is no inheritance to set
|
|
return changes;
|
|
}
|
|
}
|
|
|
|
// recursion test
|
|
// if inherited already inherits from the target
|
|
|
|
Acl test = inheritedAcl;
|
|
while (test != null)
|
|
{
|
|
if (test.getId()!= null && test.getId().equals(target))
|
|
{
|
|
throw new IllegalStateException("Cyclical ACL detected");
|
|
}
|
|
Long parent = test.getInheritsFrom();
|
|
if ((parent == null) || (parent == -1l))
|
|
{
|
|
test = null;
|
|
}
|
|
else
|
|
{
|
|
test = aclCrudDAO.getAcl(test.getInheritsFrom());
|
|
}
|
|
}
|
|
|
|
if ((targetAcl.getAclType() != ACLType.DEFINING) && (targetAcl.getAclType() != ACLType.LAYERED))
|
|
{
|
|
throw new IllegalArgumentException("Only defining ACLs can have their inheritance set");
|
|
}
|
|
|
|
if (!targetAcl.getInherits())
|
|
{
|
|
return changes;
|
|
}
|
|
|
|
Long actualInheritedId = inheritedAcl.getId();
|
|
|
|
if ((inheritedAcl.getAclType() == ACLType.DEFINING) || (inheritedAcl.getAclType() == ACLType.LAYERED))
|
|
{
|
|
actualInheritedId = getInheritedAccessControlList(actualInheritedId);
|
|
}
|
|
// Will remove from the cache
|
|
getWritable(target, actualInheritedId, null, null, actualInheritedId, true, changes, WriteMode.CHANGE_INHERITED);
|
|
|
|
return changes;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<AclChange> setAccessControlEntry(final Long id, final AccessControlEntry ace)
|
|
{
|
|
Acl target = aclCrudDAO.getAcl(id);
|
|
if (target.getAclType() == ACLType.SHARED)
|
|
{
|
|
throw new IllegalArgumentException("Shared ACLs are immutable");
|
|
}
|
|
|
|
List<AclChange> changes = new ArrayList<AclChange>();
|
|
|
|
if ((ace.getPosition() != null) && (ace.getPosition() != 0))
|
|
{
|
|
throw new IllegalArgumentException("Invalid position");
|
|
}
|
|
|
|
// Find authority
|
|
Authority authority = aclCrudDAO.getOrCreateAuthority(ace.getAuthority());
|
|
Permission permission = aclCrudDAO.getOrCreatePermission(ace.getPermission());
|
|
|
|
// Find context
|
|
if (ace.getContext() != null)
|
|
{
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
|
|
// Find ACE
|
|
Ace entry = aclCrudDAO.getOrCreateAce(permission, authority, ace.getAceType(), ace.getAccessStatus());
|
|
|
|
// Wire up
|
|
// COW and remove any existing matches
|
|
|
|
SimpleAccessControlEntry exclude = new SimpleAccessControlEntry();
|
|
// match any access status
|
|
exclude.setAceType(ace.getAceType());
|
|
exclude.setAuthority(ace.getAuthority());
|
|
exclude.setPermission(ace.getPermission());
|
|
exclude.setPosition(0);
|
|
List<Ace> toAdd = new ArrayList<Ace>(1);
|
|
toAdd.add(entry);
|
|
// Will remove from the cache
|
|
getWritable(id, null, Collections.singletonList(exclude), toAdd, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
|
|
|
|
return changes;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<AclChange> enableInheritance(Long id, Long parent)
|
|
{
|
|
List<AclChange> changes = new ArrayList<AclChange>();
|
|
|
|
AclUpdateEntity acl = aclCrudDAO.getAclForUpdate(id);
|
|
|
|
switch (acl.getAclType())
|
|
{
|
|
case FIXED:
|
|
case GLOBAL:
|
|
throw new IllegalArgumentException("Fixed and global permissions can not inherit");
|
|
case OLD:
|
|
acl.setInherits(Boolean.TRUE);
|
|
acl.setAclChangeSetId(getCurrentChangeSetId());
|
|
aclCrudDAO.updateAcl(acl);
|
|
aclCache.remove(id);
|
|
readersCache.remove(id);
|
|
readersDeniedCache.remove(id);
|
|
changes.add(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()));
|
|
return changes;
|
|
case SHARED:
|
|
// TODO support a list of children and casacade if given
|
|
throw new IllegalArgumentException(
|
|
"Shared acls should be replace by creating a definig ACL, wiring it up for inhertitance, and then applying inheritance to any children. It can not be done by magic ");
|
|
case DEFINING:
|
|
case LAYERED:
|
|
default:
|
|
if (!acl.getInherits())
|
|
{
|
|
// Will remove from the cache
|
|
getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY);
|
|
acl = aclCrudDAO.getAclForUpdate(changes.get(0).getAfter());
|
|
acl.setInherits(Boolean.TRUE);
|
|
acl.setAclChangeSetId(getCurrentChangeSetId());
|
|
aclCrudDAO.updateAcl(acl);
|
|
}
|
|
else
|
|
{
|
|
// Will remove from the cache
|
|
getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY);
|
|
}
|
|
|
|
List<AclChange> merged = mergeInheritedAccessControlList(parent, changes.get(0).getAfter());
|
|
changes.addAll(merged);
|
|
return changes;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<AclChange> disableInheritance(Long id, boolean setInheritedOnAcl)
|
|
{
|
|
aclCache.remove(id);
|
|
AclUpdateEntity acl = aclCrudDAO.getAclForUpdate(id);
|
|
List<AclChange> changes = new ArrayList<AclChange>(1);
|
|
switch (acl.getAclType())
|
|
{
|
|
case FIXED:
|
|
case GLOBAL:
|
|
return Collections.<AclChange> singletonList(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()));
|
|
case OLD:
|
|
acl.setInherits(Boolean.FALSE);
|
|
acl.setAclChangeSetId(getCurrentChangeSetId());
|
|
aclCrudDAO.updateAcl(acl);
|
|
aclCache.remove(id);
|
|
readersCache.remove(id);
|
|
readersDeniedCache.remove(id);
|
|
changes.add(new AclChangeImpl(id, id, acl.getAclType(), acl.getAclType()));
|
|
return changes;
|
|
case SHARED:
|
|
// TODO support a list of children and casacade if given
|
|
throw new IllegalArgumentException("Shared ACL must inherit");
|
|
case DEFINING:
|
|
case LAYERED:
|
|
default:
|
|
return disableInheritanceImpl(id, setInheritedOnAcl, acl);
|
|
}
|
|
}
|
|
|
|
private Long getCopy(Long toCopy, Long toInheritFrom, ACLCopyMode mode)
|
|
{
|
|
AclUpdateEntity aclToCopy;
|
|
Long inheritedId;
|
|
Acl aclToInheritFrom;
|
|
switch (mode)
|
|
{
|
|
case INHERIT:
|
|
if (toCopy.equals(toInheritFrom))
|
|
{
|
|
return getInheritedAccessControlList(toCopy);
|
|
}
|
|
else
|
|
{
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
case COW:
|
|
aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
|
|
aclToCopy.setRequiresVersion(true);
|
|
aclToCopy.setAclChangeSetId(getCurrentChangeSetId());
|
|
aclCrudDAO.updateAcl(aclToCopy);
|
|
aclCache.remove(toCopy);
|
|
readersCache.remove(toCopy);
|
|
readersDeniedCache.remove(toCopy);
|
|
inheritedId = getInheritedAccessControlList(toCopy);
|
|
if ((inheritedId != null) && (!inheritedId.equals(toCopy)))
|
|
{
|
|
AclUpdateEntity inheritedAcl = aclCrudDAO.getAclForUpdate(inheritedId);
|
|
inheritedAcl.setRequiresVersion(true);
|
|
inheritedAcl.setAclChangeSetId(getCurrentChangeSetId());
|
|
aclCrudDAO.updateAcl(inheritedAcl);
|
|
aclCache.remove(inheritedId);
|
|
readersCache.remove(inheritedId);
|
|
readersDeniedCache.remove(inheritedId);
|
|
}
|
|
return toCopy;
|
|
case REDIRECT:
|
|
if ((toInheritFrom != null) && (toInheritFrom.equals(toCopy)))
|
|
{
|
|
return getInheritedAccessControlList(toInheritFrom);
|
|
}
|
|
aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
|
|
aclToInheritFrom = null;
|
|
if (toInheritFrom != null)
|
|
{
|
|
aclToInheritFrom = aclCrudDAO.getAcl(toInheritFrom);
|
|
}
|
|
|
|
switch (aclToCopy.getAclType())
|
|
{
|
|
case DEFINING:
|
|
// This is not called on the redirecting node as only LAYERED change permissions when redirected
|
|
// So this needs to make a copy in the same way layered does
|
|
case LAYERED:
|
|
if (toInheritFrom == null)
|
|
{
|
|
return toCopy;
|
|
}
|
|
// manages cache clearing beneath
|
|
List<AclChange> changes = mergeInheritedAccessControlList(toInheritFrom, toCopy);
|
|
for (AclChange change : changes)
|
|
{
|
|
if (change.getBefore().equals(toCopy))
|
|
{
|
|
return change.getAfter();
|
|
}
|
|
}
|
|
throw new UnsupportedOperationException();
|
|
case SHARED:
|
|
if (aclToInheritFrom != null)
|
|
{
|
|
return getInheritedAccessControlList(toInheritFrom);
|
|
}
|
|
else
|
|
{
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
case FIXED:
|
|
case GLOBAL:
|
|
case OLD:
|
|
return toCopy;
|
|
default:
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
case COPY:
|
|
aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
|
|
aclToInheritFrom = null;
|
|
if (toInheritFrom != null)
|
|
{
|
|
aclToInheritFrom = aclCrudDAO.getAcl(toInheritFrom);
|
|
}
|
|
|
|
switch (aclToCopy.getAclType())
|
|
{
|
|
case DEFINING:
|
|
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
|
|
properties.setAclType(ACLType.DEFINING);
|
|
properties.setInherits(aclToCopy.getInherits());
|
|
properties.setVersioned(true);
|
|
|
|
Long id = createAccessControlList(properties).getId();
|
|
|
|
AccessControlList indirectAcl = getAccessControlList(toCopy);
|
|
for (AccessControlEntry entry : indirectAcl.getEntries())
|
|
{
|
|
if (entry.getPosition() == 0)
|
|
{
|
|
setAccessControlEntry(id, entry);
|
|
}
|
|
}
|
|
if (aclToInheritFrom != null)
|
|
{
|
|
mergeInheritedAccessControlList(toInheritFrom, id);
|
|
}
|
|
return id;
|
|
case SHARED:
|
|
if (aclToInheritFrom != null)
|
|
{
|
|
return getInheritedAccessControlList(toInheritFrom);
|
|
}
|
|
else
|
|
{
|
|
return null;
|
|
}
|
|
case FIXED:
|
|
case GLOBAL:
|
|
case LAYERED:
|
|
case OLD:
|
|
return toCopy;
|
|
default:
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
default:
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public Acl getAclCopy(Long toCopy, Long toInheritFrom, ACLCopyMode mode)
|
|
{
|
|
return getAclEntityCopy(toCopy, toInheritFrom, mode);
|
|
}
|
|
|
|
private Acl getAclEntityCopy(Long toCopy, Long toInheritFrom, ACLCopyMode mode)
|
|
{
|
|
Long id = getCopy(toCopy, toInheritFrom, mode);
|
|
if (id == null)
|
|
{
|
|
return null;
|
|
}
|
|
return aclCrudDAO.getAcl(id);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<Long> getAVMNodesByAcl(long aclEntityId, int maxResults)
|
|
{
|
|
return aclCrudDAO.getAVMNodesByAcl(aclEntityId, maxResults);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public List<Long> getADMNodesByAcl(long aclEntityId, int maxResults)
|
|
{
|
|
return aclCrudDAO.getADMNodesByAcl(aclEntityId, maxResults);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public Acl createLayeredAcl(Long indirectedAcl)
|
|
{
|
|
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
|
|
properties.setAclType(ACLType.LAYERED);
|
|
|
|
Acl acl = createAccessControlList(properties);
|
|
long id = acl.getId();
|
|
|
|
if (indirectedAcl != null)
|
|
{
|
|
mergeInheritedAccessControlList(indirectedAcl, id);
|
|
}
|
|
return acl;
|
|
}
|
|
|
|
private List<AclChange> disableInheritanceImpl(Long id, boolean setInheritedOnAcl, AclEntity aclIn)
|
|
{
|
|
List<AclChange> changes = new ArrayList<AclChange>();
|
|
|
|
if (!aclIn.getInherits())
|
|
{
|
|
return Collections.<AclChange> emptyList();
|
|
}
|
|
|
|
// Manages caching
|
|
getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY);
|
|
AclUpdateEntity acl = aclCrudDAO.getAclForUpdate(changes.get(0).getAfter());
|
|
final Long inheritsFrom = acl.getInheritsFrom();
|
|
acl.setInherits(Boolean.FALSE);
|
|
acl.setAclChangeSetId(getCurrentChangeSetId());
|
|
aclCrudDAO.updateAcl(acl);
|
|
|
|
// Keep inherits from so we can reinstate if required
|
|
// acl.setInheritsFrom(-1l);
|
|
|
|
// Manages caching
|
|
getWritable(acl.getId(), null, null, null, null, true, changes, WriteMode.TRUNCATE_INHERITED);
|
|
|
|
// set Inherited - TODO: UNTESTED
|
|
|
|
if ((inheritsFrom != null) && (inheritsFrom != -1) && setInheritedOnAcl)
|
|
{
|
|
// get aces for acl (via acl member)
|
|
List<AclMember> members = aclCrudDAO.getAclMembersByAcl(inheritsFrom);
|
|
|
|
for (AclMember member : members)
|
|
{
|
|
// TODO optimise
|
|
Ace ace = aclCrudDAO.getAce(member.getAceId());
|
|
Authority authority = aclCrudDAO.getAuthority(ace.getAuthorityId());
|
|
|
|
SimpleAccessControlEntry entry = new SimpleAccessControlEntry();
|
|
entry.setAccessStatus(ace.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
|
|
entry.setAceType(ace.getAceType());
|
|
entry.setAuthority(authority.getAuthority());
|
|
|
|
/* NOTE: currently unused - intended for possible future enhancement
|
|
if (ace.getContextId() != null)
|
|
{
|
|
AceContext aceContext = aclCrudDAO.getAceContext(ace.getContextId());
|
|
|
|
SimpleAccessControlEntryContext context = new SimpleAccessControlEntryContext();
|
|
context.setClassContext(aceContext.getClassContext());
|
|
context.setKVPContext(aceContext.getKvpContext());
|
|
context.setPropertyContext(aceContext.getPropertyContext());
|
|
entry.setContext(context);
|
|
}
|
|
*/
|
|
|
|
Permission perm = aclCrudDAO.getPermission(ace.getPermissionId());
|
|
QName permTypeQName = qnameDAO.getQName(perm.getTypeQNameId()).getSecond(); // Has an ID so must exist
|
|
SimplePermissionReference permissionRefernce = SimplePermissionReference.getPermissionReference(permTypeQName, perm.getName());
|
|
entry.setPermission(permissionRefernce);
|
|
entry.setPosition(Integer.valueOf(0));
|
|
|
|
setAccessControlEntry(id, entry);
|
|
}
|
|
}
|
|
return changes;
|
|
}
|
|
|
|
private static final String RESOURCE_KEY_ACL_CHANGE_SET_ID = "acl.change.set.id";
|
|
|
|
private UpdateChangeSetListener updateChangeSetListener = new UpdateChangeSetListener();
|
|
/**
|
|
* Wrapper to update the current changeset to get the change time correct
|
|
*
|
|
* @author Derek Hulley
|
|
* @since 4.0
|
|
*/
|
|
private class UpdateChangeSetListener extends TransactionListenerAdapter
|
|
{
|
|
@Override
|
|
public void beforeCommit(boolean readOnly)
|
|
{
|
|
if (readOnly)
|
|
{
|
|
return;
|
|
}
|
|
Long changeSetId = (Long) AlfrescoTransactionSupport.getResource(RESOURCE_KEY_ACL_CHANGE_SET_ID);
|
|
if (changeSetId == null)
|
|
{
|
|
// There has not been a change
|
|
return;
|
|
}
|
|
// Update it
|
|
long commitTimeMs = System.currentTimeMillis();
|
|
aclCrudDAO.updateAclChangeSet(changeSetId, commitTimeMs);
|
|
}
|
|
}
|
|
/**
|
|
* Support to get the current ACL change set and bind this to the transaction. So we only make one new version of an
|
|
* ACL per change set. If something is in the current change set we can update it.
|
|
*/
|
|
private long getCurrentChangeSetId()
|
|
{
|
|
Long changeSetId = (Long) AlfrescoTransactionSupport.getResource(RESOURCE_KEY_ACL_CHANGE_SET_ID);
|
|
if (changeSetId == null)
|
|
{
|
|
changeSetId = aclCrudDAO.createAclChangeSet();
|
|
|
|
// bind the ID and the listener
|
|
AlfrescoTransactionSupport.bindResource(RESOURCE_KEY_ACL_CHANGE_SET_ID, changeSetId);
|
|
AlfrescoTransactionSupport.bindListener(updateChangeSetListener);
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("New change set = " + changeSetId);
|
|
}
|
|
}
|
|
return changeSetId;
|
|
}
|
|
|
|
private static class AcePatternMatcher
|
|
{
|
|
private List<? extends AccessControlEntry> patterns;
|
|
|
|
AcePatternMatcher(List<? extends AccessControlEntry> patterns)
|
|
{
|
|
this.patterns = patterns;
|
|
}
|
|
|
|
boolean matches(AclCrudDAO aclCrudDAO, Map<String, Object> result, int position)
|
|
{
|
|
if (patterns == null)
|
|
{
|
|
return true;
|
|
}
|
|
|
|
for (AccessControlEntry pattern : patterns)
|
|
{
|
|
if (checkPattern(aclCrudDAO, result, position, pattern))
|
|
{
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
private boolean checkPattern(AclCrudDAO aclCrudDAO, Map<String, Object> result, int position, AccessControlEntry pattern)
|
|
{
|
|
Boolean result_aceIsAllowed = (Boolean) result.get("allowed");
|
|
Integer result_aceType = (Integer) result.get("applies");
|
|
String result_authority = (String) result.get("authority");
|
|
Long result_permissionId = (Long) result.get("permissionId");
|
|
Integer result_position = (Integer) result.get("pos");
|
|
//Long result_aclmemId = (Long) result.get("aclmemId"); // not used
|
|
|
|
if (pattern.getAccessStatus() != null)
|
|
{
|
|
if (pattern.getAccessStatus() != (result_aceIsAllowed ? AccessStatus.ALLOWED : AccessStatus.DENIED))
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if (pattern.getAceType() != null)
|
|
{
|
|
if (pattern.getAceType() != ACEType.getACETypeFromId(result_aceType))
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if (pattern.getAuthority() != null)
|
|
{
|
|
if ((pattern.getAuthorityType() != AuthorityType.WILDCARD) && !pattern.getAuthority().equals(result_authority))
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if (pattern.getContext() != null)
|
|
{
|
|
throw new IllegalArgumentException("Context not yet supported");
|
|
}
|
|
|
|
if (pattern.getPermission() != null)
|
|
{
|
|
Long permId = aclCrudDAO.getPermission(pattern.getPermission()).getId();
|
|
if (!permId.equals(result_permissionId))
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if (pattern.getPosition() != null)
|
|
{
|
|
if (pattern.getPosition().intValue() >= 0)
|
|
{
|
|
if (result_position != position)
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
else if (pattern.getPosition().intValue() == -1)
|
|
{
|
|
if (result_position <= position)
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|
|
|
|
static class AclChangeImpl implements AclChange
|
|
{
|
|
private Long before;
|
|
private Long after;
|
|
private ACLType typeBefore;
|
|
private ACLType typeAfter;
|
|
|
|
public AclChangeImpl(Long before, Long after, ACLType typeBefore, ACLType typeAfter)
|
|
{
|
|
this.before = before;
|
|
this.after = after;
|
|
this.typeAfter = typeAfter;
|
|
this.typeBefore = typeBefore;
|
|
}
|
|
|
|
public Long getAfter()
|
|
{
|
|
return after;
|
|
}
|
|
|
|
public Long getBefore()
|
|
{
|
|
return before;
|
|
}
|
|
|
|
/**
|
|
* @param after
|
|
*/
|
|
public void setAfter(Long after)
|
|
{
|
|
this.after = after;
|
|
}
|
|
|
|
/**
|
|
* @param before
|
|
*/
|
|
public void setBefore(Long before)
|
|
{
|
|
this.before = before;
|
|
}
|
|
|
|
public ACLType getTypeAfter()
|
|
{
|
|
return typeAfter;
|
|
}
|
|
|
|
/**
|
|
* @param typeAfter
|
|
*/
|
|
public void setTypeAfter(ACLType typeAfter)
|
|
{
|
|
this.typeAfter = typeAfter;
|
|
}
|
|
|
|
public ACLType getTypeBefore()
|
|
{
|
|
return typeBefore;
|
|
}
|
|
|
|
/**
|
|
* @param typeBefore
|
|
*/
|
|
public void setTypeBefore(ACLType typeBefore)
|
|
{
|
|
this.typeBefore = typeBefore;
|
|
}
|
|
|
|
@Override
|
|
public String toString()
|
|
{
|
|
StringBuilder builder = new StringBuilder();
|
|
builder.append("(").append(getBefore()).append(",").append(getTypeBefore()).append(")");
|
|
builder.append(" - > ");
|
|
builder.append("(").append(getAfter()).append(",").append(getTypeAfter()).append(")");
|
|
return builder.toString();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public void renameAuthority(String before, String after)
|
|
{
|
|
aclCrudDAO.renameAuthority(before, after);
|
|
aclCache.clear();
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@Override
|
|
public void fixSharedAcl(Long shared, Long defining)
|
|
{
|
|
if (defining == null)
|
|
{
|
|
throw new IllegalArgumentException("Null defining acl");
|
|
}
|
|
|
|
if (shared == null)
|
|
{
|
|
throw new IllegalArgumentException("Null shared acl");
|
|
}
|
|
List<AclChange> changes = new ArrayList<AclChange>();
|
|
getWritable(shared, defining, null, null, defining, true, changes, WriteMode.CHANGE_INHERITED);
|
|
}
|
|
|
|
/* (non-Javadoc)
|
|
* @see org.alfresco.repo.domain.permissions.AclDAO#getMaxChangeSetCommitTime()
|
|
*/
|
|
@Override
|
|
public Long getMaxChangeSetCommitTime()
|
|
{
|
|
return aclCrudDAO.getMaxChangeSetCommitTime();
|
|
}
|
|
|
|
/* (non-Javadoc)
|
|
* @see org.alfresco.repo.domain.permissions.AclDAO#getMaxChangeSetIdByCommitTime(long)
|
|
*/
|
|
@Override
|
|
public Long getMaxChangeSetIdByCommitTime(long maxCommitTime)
|
|
{
|
|
return aclCrudDAO.getMaxChangeSetIdByCommitTime(maxCommitTime);
|
|
}
|
|
}
|