Dave Ward ee8081b663 Merged V4.1-BUG-FIX to HEAD
41035: Fix for ALF-15225 - qt.length not performing as expected in search.lib.js
   41047: RUSSIAN: Translation updates based on EN r40961
   41049: GERMAN: Translation updates based on EN r41033. Fixes ALF-15749 and ALF-15720.
   41050: SPANISH: Translation updates based on EN r41033. Fixes ALF-15749 and ALF-15720.
   41051: FRENCH: Translation updates based on EN r41033. Fixes ALF-15749 and ALF-15720.
   41052: ITALIAN: Translation updates based on EN r41033. Fixes ALF-15749 and ALF-15720.
   41053: JAPANESE: Translation updates based on EN r41033. Fixes ALF-15749 and ALF-15720.
   41054: DUTCH: Translation updates based on EN r41033. Fixes ALF-15749 and ALF-15720.
   41055: RUSSIAN: Translation updates based on EN r41033. Fixes ALF-15749 and ALF-15720.
   41061: ALF-11214 - IMAP subsystem is not successfully restarted after incorrect modification of IMAP properties via Admin Console
   41063: RUSSIAN: Translation updates based on EN r41033 (encoding fixes)
   41064: CHINESE: Translation updates based on EN r41033
   41073: ALF-15760: Merged V4.0 to V4.1-BUG-FIX (another lost meta-inf revision)
      34416: ALF-12992: Updated weblogic DD for SOLR
   41074: ALF-15419 / ALF-14438: Merged V3.4-BUG-FIX to V4.1-BUG-FIX (PARTIAL)
      37373: Merged PATCHES/V3.4.6 to V3.4-BUG-FIX
         36821: ALF-13827 / ALF-14402: Make replicated caches recover from temporary comms failures by flushing when a change in peers is detected
         - We do not flush caches who replicate via copy (e.g. tickets cache) as these may not be recoverable
         37122: ALF-13919 / ALF-14403: Merged DEV to PATCHES/V3.4.6
         - Rework of Dmitry's implementation
         - Uses dynamic HQL query to retrieve JBPM workflow instances by specified query criteria
         - WorkflowInstancesGet web script no longer has to iterate over every workflow instance in the database!
         - DB index added to enable efficient querying by string variable
         - Hibernate tastic!
         37188: ALF-13919 / ALF-14403: Worked around HQL polymorphism issues by using explicit variable subclass names in from clause
         37204: ALF-13919 / ALF-14403: Fix to date range handling by Dmitry
   41077: ALF-10730: Fixed object finder drop-down tree to show parent icon type when icon type not available
   41089: ALF-13998: 'No items' error is highlighted in red, even that is not sever error.
   41109: Part fix for ALF-11297 Disabled test: test-system-build-test has been removed from the test target dependency list
   41118: Fixes: ALF-15765 and related issue ALF-15476: 
      - Corrects merge of r34405 and r40159
      - Adds people api to cloud proxy config
      - Cloud/Global Folder picker sites list now universally shows only those sites the user is a member of.
   41119: ALF-15419 / ALF-14438: Merged DEV to V4.1-BUG-FIX
      41117: ALF-15419 : CLONE Remove JBPM indexes present from upgrades
         The schema reference files were updated to contain JBPM_VARIABLEINSTANCE.IDX_VARINST_STRVAL index.
   41130: ALF-15590: FSTR transfer of custom content type with parent cm:content fails
   - Fix by Dmitry
   41131: ALF-15714: Bitrock Uninstaller: Uninstaller doesn't remove all files and folders in *nix
   - Fix provided by Bitrock
   41132: Fix for ALF-14388 - Edit Online option is not supported for '.docm', 'dotm', '.xlsm' files
    - corrected mimetypes to be lower-case
   41150: ALF-13287 Added the handling of UTC represented by "Z" within comparator
   41154: Check for authentication errors when validating a ticket, if an error occurs re-authenticate. ALF-15394
   41155: ALF-15569: User with '@' symbol in username cannot invite
   - note: since Ent 4.0.2(+) by default MT is pre-configured but not enabled
   41173: Merged V4.1 to V4.1-BUG-FIX
      41121: Merged BRANCHES/DEV/FEATURES/CLOUD1_CLOUDSYNC to BRANCHES/V4.1:
         41003: CloudSync: ALF-15734 - force unsync (of last SSMN) on target causes repeating pull errors to appear in both logs
         41026: CloudSync: ALF-15734 - force unsync (of last SSMN) on target causes repeating pull errors to appear in both logs
         41039: CloudSync: ALF-15734 - force unsync (of last SSMN) on target causes repeating pull errors to appear in both logs
         41086: CloudSync: ALF-15734 - force unsync (of last SSMN) on target causes repeating pull errors to appear in both logs
      41123: Merged BRANCHES/DEV/FEATURES/CLOUD1_CLOUDSYNC to BRANCHES/V4.1:
         41115: CloudSync: ALF-15734 - force unsync (of last SSMN) on target causes repeating pull errors to appear in both logs
   41176: Attempt to debug unit test failure
   41181: Store leak in AVMServiceTest.test_ETWOTWO_570() causing unit test failure
   41184: ALF-15610: Copy Thai analyzer settings to its many SOLR locations
   41194: ALF-11297: re-enable system build tests
   41195: ALF-11297 ALF-15807: update activities system build tests after correction of ALF-4832
   41201: Fix for ALF-15767 Group query using cm:authorityName
   41202: Additional unit tests related to ALF-15731  TYPE:"..." queries no longer work for Lucene on 4.X
   41203: Part 1 for ALF-15811 SOLR query increases DocBitSet inefficiently
   - check it makes any difference
   41204: Merged BRANCHES/DEV/BELARUS/V4.1-BUG-FIX-2012_08_15 to BRANCHES/DEV/V4.1-BUG-FIX: (note: merging as-is ... refactor + unit test fix to follow in next commit)
      40926: ALF-12586: Admin Console shows usage as zero - if user is deleted and then re-created (eg. re-synchronized via LDAP or manually)
      40974: ALF-12586: Admin Console shows usage as zero - if user is deleted and then re-created (eg. re-synchronized via LDAP or manually)
   41205: ALF-12586: Admin Console shows usage as zero - if user is deleted and then re-created (eg. re-synchronized via LDAP or manually)
   - review and refactor the proposed/merged fix (see previous commit)
   - fix unit test so that it accounts for previous content (as per the original issue)
   - also: add missing test to suite and fix that test to work with the new fix (ie. cleanup previous content, else need to account for it)
   41210: Part 2:  ALF-14861 SOLR to scale for non-admin users in 100k sites and a subgroup of each of 1000 independent groupings with 1000 subgroups
   - do not expand authorities for thoses with the ADMINISTRATOR_ROLE as they can read all anyway
   41216: ALF-11297: system build tests need a database cleanup before running
   41222: ALF-15740, ALF-14744: Update rule firing broken for content created in Explorer
   - Old code lurking around that used to use the inline editable aspect to detect events handled by the CreateNodeRuleTrigger was removed from OnContentUpdateRuleTrigger and replaced with a check for ASPECT_NO_CONTENT
   41223: Added missing swf.languagedir setting to enterprise alfresco-global.properties
   41230: GERMAN: Translation updates based on EN rev41099.
   41232: SPANISH: Translation updates based on EN rev41099.
   41233: FRENCH: Translation updates based on EN rev41099.
   41234: ITALIAN: Translation updates based on EN rev41099.
   41235: JAPANESE: Translation updates based on EN rev41099.
   41236: DUTCH: Translation updates based on EN rev41099.
   41237: RUSSIAN: Translation updates based on EN rev41099.
   41239: CHINESE: Translation updates based on EN rev41099.
   41254: ALF-15628: Avoid edit online (SPP, WRITE_LOCK) clashing with edit offline (CheckOutCheckInService, READ_ONLY_LOCK)
   - Rationalization of work by Alex Malinovsky
   - WebDAVMethod.checkNode() now properly checks whether nodes without WebDAV lock info are writeable
   - CheckOutCheckInService won't allow checkout of a node with an existing WRITE_LOCK by the same user - they must unlock first
   - Propagation of correct status codes
   41264: ALF-15628: Fix CheckOutCheckInService test failures
   41265: ALF-15699: Reverse merged the following, thus downgrading us back to swftools 0.9.1
      40208: ALF-12831: Upgrade to swftools 0.9.2
   41266: Rush'n in some translation updates from Gloria
   41267: ALF-15628: Fix compilation problem
   41269: Merged V3.4-BUG-FIX to V4.1-BUG-FIX (RECORD ONLY)
      41224: ALF-14856: Merged V4.1-BUG-FIX to V3.4-BUG-FIX
      41268: ALF-15459: Merged PATCHES/V4.0.2 to V3.4-BUG-FIX
         Merged V4.1-BUG-FIX to V3.4-BUG-FIX
   41274: ALF-15608: Merged V3.4-BUG-FIX to V4.1-BUG-FIX
      41272: ALF-15567: Allow links to be followed through WebDAV on port 80 using basic auth on XP
   41277: ALF-12586: Admin Console shows usage as zero - if user is deleted and then re-created (eg. re-synchronized via LDAP or manually) 
   - fix test fallout after merge/fix (note: failed for PostgreSQL but not MySQL - although fix was not DB-specific)
   41278: ALF-15840 Error logged when "No thumbnail present in file" even though this is normal 
   41284: ALF-14875: Serialize direct permissions after inherited permissions so that they take precedence in any lookups in permission dialogs
   41290: JAPANESE: Translation updates based on EN r41099 Fixes: ALF-14565
   41296: ALF-15251	CIFS: Checked out document is not marked as locked in CIFS
   41299: ALF-15714: Bitrock Uninstaller: Uninstaller doesn't remove all files and folders in *nix
   - Additional fix provided by Bitrock
   41303: Fix for ALF-15799 Under high concurrency load balanced Solr throws an Antlr related NPE
   - do not skip IO Exceptions
   41306: Incremented version revision for 4.1.2
   41309: ALF-15827: Added FORMACTION, FORMMETHOD and ACTION  HTML attributes to grey list to close security hole (updated Surf libs r1136)
   41318: ALF-15857: Lucene FTS indexer opens streams to all documents to be indexed in a transaction simultaneously
   - Now stream opening is delayed until the point where the document is being written to the index
   41322: Fix for ALF-15858 SOLR ACL tracking can stall or miss acls during tracking
   41323: Chemistry client java to create test data for ALF-15858, ALF-15782, CLOUD-596, ALF-15753 etc
   41326: ALF-15234: IE 8 or IE9 Download .pps as .ppt 
      -Switched the order of the filename headers to better support non-conforming browsers (rfc 5987).
   41330: ALF-14875: Reversed r41284 because it didn't solve the problem in the UI. Kev reviewing.
   41332: ALF-10688: Can't deactivate an account when alfrescoNtlm follows another authentication subsystem in the authentication chain
   - Now, if a account is known to be 'mutable' then the enabled flag is read from the mutable authentication service
   41337: Merged V3.4-BUG-FIX (3.4.11) to V4.1-BUG-FIX (4.1.2)
      41336: TransformerDebug: Use debug rather than trace when there are transformers but they are all unavailable.
   41339: ALF-15840 Error logged when "No thumbnail present in file" even though this is normal
      - Found some more cases where this is logged as an ERROR
   41342: ALF-11087 (Missing icon file: components\images\filetypes\generic-tag-32.png)
   41344: ALF-15863 (* search values): Merged HEAD to V4.1-BUG-FIX (4.1.2)
      40849: ALF-12839 "Share - Inconsistency in adding a user or a group into a group" part 2
      - Making the users console stop "*" searches, just like the groups console when the min search length is set to larger than 0.
   41346: ALF-15237 - REST API Group children lists username for fullName and displayName
   41350: Merge V3.4-BUG-FIX to V4.1-BUG-FIX:
   41065: Disconnect existing CIFS sessions from the same client when a virtual circuit zero session is opened. ALF-13815
   41280: Moved session cleanup config into the base authenticator, added support to passthru/base authentication. ALF-13815
   41351: Ported database filesystem changes to fix session disconnect, from V3.4.
   41352: Merge V3.4-BUG-FIX to V4.1-BUG-FIX:
   41067: Added session disconnect support to the Alfresco CIFS authenticator. ALF-13815.
   41281: Added session cleanup support to passthru authenticator, session cleanup config moved to base class. ALF-13815 
   41353: Update svn:mergeinfo
   41355: Fix for ALF-15869 - "Site Content" dashlet shows all documents from all the sites in Alfresco Share
    - mistakenly did a record-only merge of this from 4.1->4.1.1
   41363: Fix for ALF-14875 - Manage permissions shows the permission 'No privileges' for All Other Users
    - reworked the permissions dialog and permissions panels to correctly handle multiple permissions on a special permissions group such as GROUP_EVERYONE
    - now correctly gets/sets permissions for GROUP_EVERYONE
    - this also fixes ALF-12014 - in that it allows custom SiteXYZ permissions to work correctly again also (will need manual backport for 3.4.X though)
    - removed hacks related to previous attempts to fix the above issue
    - added lots of comments around relevant sections to add in future refactoring or understanding
   41371: Merged BRANCHES/DEV/V3.4-BUG-FIX to BRANCHES/DEV/V4.1-BUG-FIX (RECORD ONLY)
      41370: Fix for ALF-12014 - Share - Custom role causes incorrect display of permissions
   Manual merge of changes to 4.1.2
   41399: ALF-13438: java.lang.OutOfMemoryError appears in alfresco log when trying to create few thousands of sites consistently. 
   - The v4.0 parent assocs cache used to store every verion of every node's parent assocs, so as we added a node to 60,000 sites, we retained all previous versions of the user's parent association map
   - After creating 10,000 sites, the cache size was about 4GB, containing about 2 million parents
   - Now we use a specialized class that allows an upper limit to be set on the total number of cached parents as well as children.
   - Because the cache is keyed by node transaction ID, the cache can be non-clustered and non-transactional
   - Once the average number of parents is more than 8, the cache will drop its oldest entries
   - ParentAssocsInfo also now uses a compact TreeMap instead of a HashMap
   41401: ALF-13438: Small correction
   41406: ALF-13438: Fix failing unit tests
   - Removed unused node.parentAssocsSharedCache and corrected node.childByNameCache not to reference it!
   - Because parent assocs are cached by transaction ID, we must always invalidate them on an in-transaction version increment
   41409: Logging of unexepected errors on FTP
   41411: Fix possible FTP data session leak if client mixes PORT and PASV commands. ALF-15126
   41412: ALF-15845 : Clone for Hotfix: Word document on Windows via CIFS becomes locked (Read Only) when network drops temporarily
   41415: Fixes: ALF-15649: Removes country locale from files with it hard coded.
   41419: ALF-14599: Removed ftp.ipv6.enabled from enterprise overlay and bundles
   41426: ALF-15845 Clone for Hotfix: Word document on Windows via CIFS becomes locked (Read Only) when network drops temporarily
     Roll back changes to DiskDriver interface in favour of hacking NetworkFile.
   41440: JAPANESE: Translation update based on EN r41099
   41446: ALF-13091: Remove unecessary bean post processors from sub ssytem context and remove CXF's Jsr250BeanPostProcessor.
   41458: RUSSIAN: Further translation updates following linguistic review.
   41459: ALF-15897: Revert revision 41446, an attempted fix for ALF-13091
   41487: Fix for ALF-15910 SOLR - Add index warming and filter pointless entries from the filter cache
   Fix for ALF-15851
   Too many live instances of SolrIndexSearcher at one time resulting in OOM - Alfresco 4.1.1 - build 151
   41506: Merged DEV to V4.1-BUG-FIX
      41505: ALF-15879: PostgreSQL: upgrade 2.2.8 (577) -> 3.4.10 (703) -> 4.1.1 (159) failed.
             - Make dropping "store_id" index and "alf_node_store_id_key" constraint optional in 4.1.1 upgrade script
               because clean 3.4 has "store_id" index and doesn't have "alf_node_store_id_key" constraint,
               but 3.4 upgraded from 2.2  has "alf_node_store_id_key" constraint and doesn't have "store_id" index.
   41531: Fixed ALF-15687, so that any user (except for Admin) won’t be able to retrieve any other user’s preferences via REST API. Also, updated the preferences controllers for the Post and Delete.
   41539: ALF-15899: Inbound email does not support multiple recipient folders
   - Fix by Dmitry Vaserin
   41540: Merged V3.4-BUG-FIX to V4.1-BUG-FIX
      40794: Merged DEV to V3.4-BUG-FIX
         40793: ALF-13752 Saving Word (mac 2011) documents via CIFS into a folder with Versionable rules on Mac OS X Lion (Fix for 3.4)
            In ContentDiskDriver.renameFile() was added a check whether a node in the archive.
      40806: Fix for ALF-9787 - Hiding sites in Share with permissionsDefinitions.xml [creates a permissions error in the blog portion of the site]
      40922: Merged DEV to V3.4-BUG-FIX (reviewed by Frederik)
         40488: ALF-13357 : Empty outcome when a timer is invoked
            A check for transitionName was added to AlfrescoTimer to support custom transitions.
      40940: ALF-15696: Remove svnkit.jar - makes the build fail if the version of installed command line svn is 1.7. Using commandline binding for <svn> Ant task to be consistent with other parts of the build.
      41066: Various fixes to the database filesystem for session disconnect cleanup.
      41068: Updates to the Alfresco filesystem for session cleanup. ALF-13815
      41301: Merged PATCHES/V3.4.9 to V3.4-BUG-FIX
         40966: ALF-15846 / ALF-15709: OOM on cascading reindex
         - Avoid buffering of all the affected PATH documents in memory - used the set of 'visited' paths to delay generation to the final flush.
         41044: ALF-15847 / ALF-15748: Lucene indexer can make sub-optimal cascade reindex decisions during an LDAP sync.
         - When a user in 6 groups was removed from a massive group, the massive group was getting cascade reindexed rather than the user
         - Logic adjusted as follows:
            For nodes with 5 or less parents, we always cascade reindex the child node. For nodes with more than 5 parents, we cascade reindex the parent node if it has less children than the child has parents.
      41395: ALF-15715: Unable to edit properties whilst transformation in progress
         - Delayed all changes that would potentially lock the parent node row while the thumbnail is generating.
         - Reorganized RenditionContext to lazily instantiate its destination node.
         - Changed render destination to use temporary ContentWriter until render is complete.
      41396: ALF-15715: Fix for failing unit tests.
      41413: Fix for issue where user calendar remote api was generating invalid date searches for user dashlet calendar.
      41509: Merged DEV to V3.4-BUG-FIX
         41507: ALF-12833: Issues installing Alfresco on WebSphere when the server doesn't have internet access
            Context-param which Sets "http://apache.org/xml/features/nonvalidating/load-external-dtd" feature on the SAXParser to false if this parameter is false 
      41510: ALF-15171: After addition of a secondary parent association to a container, not all index paths were being regenerated due to a logic error
      41512: ALF-15919: Merged PATCHES/V3.4.10 to V3.4-BUG-FIX
         41091: ALF-15723:  Merged DEV to PATCHES/V3.4.10
            26579: Switch the transformer to use Tika


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@41543 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2012-09-12 19:10:54 +00:00

724 lines
24 KiB
Java

/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.tenant;
import java.util.List;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.repo.domain.tenant.TenantAdminDAO;
import org.alfresco.repo.domain.tenant.TenantEntity;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.AssociationRef;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.ParameterCheck;
import org.springframework.extensions.surf.util.I18NUtil;
/*
* MT Service implementation
*
* Adapts names to be tenant specific or vice-versa, if MT is enabled (otherwise NOOP).
*
* author janv
* since 3.0
*/
public class MultiTServiceImpl implements TenantService
{
private TenantAdminDAO tenantAdminDAO;
public void setTenantAdminDAO(TenantAdminDAO tenantAdminDAO)
{
this.tenantAdminDAO = tenantAdminDAO;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getName(org.alfresco.service.cmr.repository.NodeRef)
*/
public NodeRef getName(NodeRef nodeRef)
{
if (nodeRef == null) { return null; }
return new NodeRef(nodeRef.getStoreRef().getProtocol(), getName(nodeRef.getStoreRef().getIdentifier()), nodeRef.getId());
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getName(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
*/
public NodeRef getName(NodeRef inNodeRef, NodeRef nodeRef)
{
if (inNodeRef == null || nodeRef == null) { return null; }
int idx = inNodeRef.getStoreRef().getIdentifier().lastIndexOf(SEPARATOR);
if (idx != -1)
{
String tenantDomain = inNodeRef.getStoreRef().getIdentifier().substring(1, idx);
return new NodeRef(nodeRef.getStoreRef().getProtocol(), getName(nodeRef.getStoreRef().getIdentifier(), tenantDomain), nodeRef.getId());
}
return nodeRef;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getName(org.alfresco.service.cmr.repository.StoreRef)
*/
public StoreRef getName(StoreRef storeRef)
{
if (storeRef == null) { return null; }
return new StoreRef(storeRef.getProtocol(), getName(storeRef.getIdentifier()));
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getName(org.alfresco.service.cmr.repository.ChildAssociationRef)
*/
public ChildAssociationRef getName(ChildAssociationRef childAssocRef)
{
if (childAssocRef == null) { return null; }
return new ChildAssociationRef(
childAssocRef.getTypeQName(),
getName(childAssocRef.getParentRef()),
childAssocRef.getQName(),
getName(childAssocRef.getChildRef()),
childAssocRef.isPrimary(),
childAssocRef.getNthSibling());
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getName(org.alfresco.service.cmr.repository.AssociationRef)
*/
public AssociationRef getName(AssociationRef assocRef)
{
if (assocRef == null) { return null; }
return new AssociationRef(assocRef.getId(),
getName(assocRef.getSourceRef()),
assocRef.getTypeQName(),
getName(assocRef.getTargetRef()));
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getName(java.lang.String, org.alfresco.service.cmr.repository.StoreRef)
*/
public StoreRef getName(String username, StoreRef storeRef)
{
if (storeRef == null) { return null; }
if ((username != null) && (AuthenticationUtil.isMtEnabled()))
{
int idx = username.lastIndexOf(SEPARATOR);
if ((idx > 0) && (idx < (username.length()-1)))
{
String tenantDomain = username.substring(idx+1);
return new StoreRef(storeRef.getProtocol(), getName(storeRef.getIdentifier(), tenantDomain));
}
}
return storeRef;
}
protected String getName(String name, String tenantDomain)
{
ParameterCheck.mandatory("tenantDomain", tenantDomain);
if (name == null)
{
return null;
}
checkTenantEnabled(tenantDomain);
int idx1 = name.indexOf(SEPARATOR);
if (idx1 != 0)
{
// no domain, so add it as a prefix (between two domain separators)
name = SEPARATOR + tenantDomain + SEPARATOR + name;
}
else
{
int idx2 = name.indexOf(SEPARATOR, 1);
String nameDomain = name.substring(1, idx2);
if (! tenantDomain.equals(nameDomain))
{
throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
}
}
return name;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getName(org.alfresco.service.namespace.QName)
*/
public QName getName(QName name)
{
String tenantDomain = getCurrentUserDomain();
if (! tenantDomain.equals(DEFAULT_DOMAIN))
{
checkTenantEnabled(tenantDomain);
name = getName(name, tenantDomain);
}
return name;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getName(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
*/
public QName getName(NodeRef inNodeRef, QName name)
{
ParameterCheck.mandatory("InNodeRef", inNodeRef);
int idx = inNodeRef.getStoreRef().getIdentifier().lastIndexOf(SEPARATOR);
if (idx != -1)
{
String tenantDomain = inNodeRef.getStoreRef().getIdentifier().substring(1, idx);
checkTenantEnabled(tenantDomain);
return getName(name, tenantDomain);
}
return name;
}
private QName getName(QName name, String tenantDomain)
{
if (name == null)
{
return null;
}
String namespace = name.getNamespaceURI();
int idx1 = namespace.indexOf(SEPARATOR);
if (idx1 == -1)
{
// no domain, so add it as a prefix (between two domain separators)
namespace = SEPARATOR + tenantDomain + SEPARATOR + namespace;
name = QName.createQName(namespace, name.getLocalName());
}
else
{
int idx2 = namespace.indexOf(SEPARATOR, 1);
String nameDomain = namespace.substring(1, idx2);
if (! tenantDomain.equals(nameDomain))
{
throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
}
}
return name;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getName(java.lang.String)
*/
public String getName(String name)
{
if (name == null)
{
return null;
}
String tenantDomain = getCurrentUserDomain();
if (! tenantDomain.equals(DEFAULT_DOMAIN))
{
int idx1 = name.indexOf(SEPARATOR);
if (idx1 != 0)
{
// no tenant domain prefix, so add it
name = SEPARATOR + tenantDomain + SEPARATOR + name;
}
else
{
int idx2 = name.indexOf(SEPARATOR, 1);
String nameDomain = name.substring(1, idx2);
if (! tenantDomain.equals(nameDomain))
{
throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
}
}
}
return name;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getBaseName(org.alfresco.service.namespace.QName, boolean)
*/
public QName getBaseName(QName name, boolean forceForNonTenant)
{
String baseNamespaceURI = getBaseName(name.getNamespaceURI(), forceForNonTenant);
return QName.createQName(baseNamespaceURI, name.getLocalName());
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getBaseName(org.alfresco.service.cmr.repository.NodeRef)
*/
public NodeRef getBaseName(NodeRef nodeRef)
{
return getBaseName(nodeRef, false);
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getBaseName(org.alfresco.service.cmr.repository.NodeRef, boolean)
*/
public NodeRef getBaseName(NodeRef nodeRef, boolean forceForNonTenant)
{
if (nodeRef == null) { return null; }
return new NodeRef(nodeRef.getStoreRef().getProtocol(), getBaseName(nodeRef.getStoreRef().getIdentifier(), forceForNonTenant), nodeRef.getId());
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getBaseName(org.alfresco.service.cmr.repository.StoreRef)
*/
public StoreRef getBaseName(StoreRef storeRef)
{
if (storeRef == null) { return null; }
return new StoreRef(storeRef.getProtocol(), getBaseName(storeRef.getIdentifier()));
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getBaseName(org.alfresco.service.cmr.repository.ChildAssociationRef)
*/
public ChildAssociationRef getBaseName(ChildAssociationRef childAssocRef)
{
return getBaseName(childAssocRef, false);
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getBaseName(org.alfresco.service.cmr.repository.ChildAssociationRef, boolean)
*/
public ChildAssociationRef getBaseName(ChildAssociationRef childAssocRef, boolean forceForNonTenant)
{
if (childAssocRef == null) { return null; }
return new ChildAssociationRef(
childAssocRef.getTypeQName(),
getBaseName(childAssocRef.getParentRef(), forceForNonTenant),
childAssocRef.getQName(),
getBaseName(childAssocRef.getChildRef(), forceForNonTenant),
childAssocRef.isPrimary(),
childAssocRef.getNthSibling());
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getBaseName(org.alfresco.service.cmr.repository.AssociationRef)
*/
public AssociationRef getBaseName(AssociationRef assocRef)
{
if (assocRef == null) { return null; }
return new AssociationRef(assocRef.getId(),
getBaseName(assocRef.getSourceRef()),
assocRef.getTypeQName(),
getBaseName(assocRef.getTargetRef()));
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getBaseName(java.lang.String)
*/
public String getBaseName(String name)
{
// get base name, but don't force for non-tenant user (e.g. super admin)
return getBaseName(name, false);
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getBaseName(java.lang.String, boolean)
*/
public String getBaseName(String name, boolean forceForNonTenant)
{
if (name == null)
{
return null;
}
String tenantDomain = getCurrentUserDomain();
int idx1 = name.indexOf(SEPARATOR);
if (idx1 == 0)
{
int idx2 = name.indexOf(SEPARATOR, 1);
String nameDomain = name.substring(1, idx2);
if ((! tenantDomain.equals(DEFAULT_DOMAIN)) && (! tenantDomain.equals(nameDomain)))
{
throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
}
if ((! tenantDomain.equals(DEFAULT_DOMAIN)) || (forceForNonTenant))
{
// remove tenant domain
name = name.substring(idx2+1);
}
}
return name;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getBaseNameUser(java.lang.String)
*/
public String getBaseNameUser(String name)
{
// can be null (e.g. for System user / during app ctx init)
if (name != null)
{
int idx = name.lastIndexOf(SEPARATOR);
if (idx != -1)
{
return name.substring(0, idx);
}
}
return name;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#checkDomainUser(java.lang.String)
*/
public void checkDomainUser(String username)
{
ParameterCheck.mandatory("Username", username);
String tenantDomain = getCurrentUserDomain();
if (! tenantDomain.equals(DEFAULT_DOMAIN))
{
int idx2 = username.lastIndexOf(SEPARATOR);
if ((idx2 > 0) && (idx2 < (username.length()-1)))
{
String tenantUserDomain = username.substring(idx2+1);
if ((tenantUserDomain == null) || (! tenantDomain.equals(tenantUserDomain)))
{
throw new TenantDomainMismatchException(tenantDomain, tenantUserDomain);
}
}
else
{
throw new TenantDomainMismatchException(tenantDomain, null);
}
}
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#checkDomain(java.lang.String)
*/
public void checkDomain(String name)
{
if (name == null)
{
return;
}
String nameDomain = null;
int idx1 = name.indexOf(SEPARATOR);
if (idx1 == 0)
{
int idx2 = name.indexOf(SEPARATOR, 1);
nameDomain = name.substring(1, idx2);
}
String tenantDomain = getCurrentUserDomain();
if (((nameDomain == null) && (! tenantDomain.equals(DEFAULT_DOMAIN))) ||
((nameDomain != null) && (! nameDomain.equals(tenantDomain))))
{
throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
}
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getRootNode(org.alfresco.service.cmr.repository.NodeService, org.alfresco.service.cmr.search.SearchService, org.alfresco.service.namespace.NamespaceService, java.lang.String, org.alfresco.service.cmr.repository.NodeRef)
*/
public NodeRef getRootNode(NodeService nodeService, SearchService searchService, NamespaceService namespaceService, String rootPath, NodeRef rootNodeRef)
{
ParameterCheck.mandatory("NodeService", nodeService);
ParameterCheck.mandatory("SearchService", searchService);
ParameterCheck.mandatory("NamespaceService", namespaceService);
ParameterCheck.mandatory("RootPath", rootPath);
ParameterCheck.mandatory("RootNodeRef", rootNodeRef);
String username = AuthenticationUtil.getFullyAuthenticatedUser();
StoreRef storeRef = getName(username, rootNodeRef.getStoreRef());
AuthenticationUtil.RunAsWork<NodeRef> action = new GetRootNode(nodeService, searchService, namespaceService, rootPath, rootNodeRef, storeRef);
return getBaseName(AuthenticationUtil.runAs(action, AuthenticationUtil.getSystemUserName()));
}
private class GetRootNode implements AuthenticationUtil.RunAsWork<NodeRef>
{
NodeService nodeService;
SearchService searchService;
NamespaceService namespaceService;
String rootPath;
NodeRef rootNodeRef;
StoreRef storeRef;
GetRootNode(NodeService nodeService, SearchService searchService, NamespaceService namespaceService, String rootPath, NodeRef rootNodeRef, StoreRef storeRef)
{
this.nodeService = nodeService;
this.searchService = searchService;
this.namespaceService = namespaceService;
this.rootPath = rootPath;
this.rootNodeRef = rootNodeRef;
this.storeRef = storeRef;
}
public NodeRef doWork() throws Exception
{
// Get company home / root for the tenant domain
// Do this as the System user in case the tenant user does not have permission
// Connect to the repo and ensure that the store exists
if (! nodeService.exists(storeRef))
{
throw new AlfrescoRuntimeException("Store not created prior to application startup: " + storeRef);
}
NodeRef storeRootNodeRef = nodeService.getRootNode(storeRef);
// Find the root node for this device
List<NodeRef> nodeRefs = searchService.selectNodes(storeRootNodeRef, rootPath, null, namespaceService, false);
if (nodeRefs.size() > 1)
{
throw new AlfrescoRuntimeException("Multiple possible roots for device: \n" +
" root path: " + rootPath + "\n" +
" results: " + nodeRefs);
}
else if (nodeRefs.size() == 0)
{
// nothing found
throw new AlfrescoRuntimeException("No root found for device: \n" +
" root path: " + rootPath);
}
else
{
// we found a node
rootNodeRef = nodeRefs.get(0);
}
return rootNodeRef;
}
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#isTenantUser()
*/
public boolean isTenantUser()
{
return isTenantUser(AuthenticationUtil.getRunAsUser());
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#isTenantUser(java.lang.String)
*/
public boolean isTenantUser(String username)
{
// can be null (e.g. for System user / during app ctx init)
if (username != null) {
int idx = username.lastIndexOf(SEPARATOR);
if ((idx > 0) && (idx < (username.length()-1)))
{
return true;
}
}
return false;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#isTenantName(java.lang.String)
*/
public boolean isTenantName(String name)
{
ParameterCheck.mandatory("name", name);
int idx1 = name.indexOf(SEPARATOR);
if (idx1 == 0)
{
int idx2 = name.indexOf(SEPARATOR, 1);
if (idx2 != -1)
{
return true;
}
}
return false;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getUserDomain(java.lang.String)
*/
// TODO review usages (re: cloud external user => more than one domain)
public String getUserDomain(String username)
{
// can be null (e.g. for System user / during app ctx init)
if ((username != null) && AuthenticationUtil.isMtEnabled())
{
int idx = username.lastIndexOf(SEPARATOR);
if ((idx > 0) && (idx < (username.length()-1)))
{
String tenantDomain = getTenantDomain(username.substring(idx+1));
checkTenantEnabled(tenantDomain);
return tenantDomain;
}
}
return DEFAULT_DOMAIN; // default domain - non-tenant user
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantUserService#getCurrentUserDomain()
*/
public String getCurrentUserDomain()
{
String tenantDomain = TenantUtil.getCurrentDomain();
if (! tenantDomain.equals(TenantService.DEFAULT_DOMAIN))
{
checkTenantEnabled(tenantDomain);
}
return tenantDomain;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantUserService#getDomain(java.lang.String)
*/
public String getDomain(String name)
{
return getDomain(name, false);
}
public String getDomain(String name, boolean checkCurrentDomain)
{
ParameterCheck.mandatory("name", name);
String nameDomain = DEFAULT_DOMAIN;
int idx1 = name.indexOf(SEPARATOR);
if (idx1 == 0)
{
int idx2 = name.indexOf(SEPARATOR, 1);
nameDomain = getTenantDomain(name.substring(1, idx2));
if (checkCurrentDomain)
{
String tenantDomain = getCurrentUserDomain();
if ((! tenantDomain.equals(DEFAULT_DOMAIN)) && (! tenantDomain.equals(nameDomain)))
{
throw new AlfrescoRuntimeException("domain mismatch: expected = " + tenantDomain + ", actual = " + nameDomain);
}
}
}
return nameDomain;
}
public static String getMultiTenantDomainName(String name)
{
// Check that all the passed values are not null
ParameterCheck.mandatory("name", name);
int idx1 = name.indexOf(SEPARATOR);
if (idx1 == 0)
{
int idx2 = name.indexOf(SEPARATOR, 1);
if (idx2 != -1)
{
return name.substring(1, idx2);
}
}
return DEFAULT_DOMAIN;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantUserService#getDomainUser(java.lang.String, java.lang.String)
*/
public String getDomainUser(String baseUsername, String tenantDomain)
{
ParameterCheck.mandatory("baseUsername", baseUsername);
if ((tenantDomain == null) || (tenantDomain.equals(DEFAULT_DOMAIN)))
{
return baseUsername;
}
else
{
if (baseUsername.contains(SEPARATOR))
{
throw new AlfrescoRuntimeException("Invalid base username: " + baseUsername);
}
if (tenantDomain.contains(SEPARATOR))
{
throw new AlfrescoRuntimeException("Invalid tenant domain: " + tenantDomain);
}
tenantDomain = getTenantDomain(tenantDomain);
return baseUsername + SEPARATOR + tenantDomain;
}
}
protected void checkTenantEnabled(String tenantDomain)
{
// note: System user can access disabled tenants
if (!AuthenticationUtil.isRunAsUserTheSystemUser() && !(getTenant(tenantDomain).isEnabled()))
{
throw new TenantDisabledException(tenantDomain);
}
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantService#getTenant(java.lang.String)
*/
public Tenant getTenant(String tenantDomain)
{
TenantEntity tenantEntity = tenantAdminDAO.getTenant(tenantDomain);
Tenant tenant = null;
if (tenantEntity != null)
{
tenant = new Tenant(tenantEntity.getTenantDomain(), tenantEntity.getEnabled(), tenantEntity.getContentRoot());
}
return tenant;
}
/* (non-Javadoc)
* @see org.alfresco.repo.tenant.TenantUserService#isEnabled()
*/
public boolean isEnabled()
{
return AuthenticationUtil.isMtEnabled();
}
private String getTenantDomain(String tenantDomain)
{
return tenantDomain.toLowerCase(I18NUtil.getLocale());
}
}