mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-07 18:25:23 +00:00
477cd0583e
22215: Fix compilation error
22240: ALF-4207: Download servlets show error page with permissions error rather than login page when non-guest user has insufficient permissions
22241: ALF-4469: External Access Servlet should also show status 403 errors to non-guest users, as in ALF-4207
22244: ALF-4599: CIFS access to alfresco with Kerberos authentication creates wrong users with domain suffix
ALF-4395: recognize Kerberos machine accounts with lower case names
22247: ALF-4397: Properly handle null values in SortableSelectItem.compareTo()
22248: Merged DEV/TEMPORARY to V3.3-BUG-FIX
21963: ALF-4390: ModuleManagementTool is not returning error code in case of failure
Error code constants and appropriate System.exit(code) invokations were added.
22260: ALF-4597: InviteContentUsersWizard was caching permissions in a non-type-specific cache
- removed the cache - didn't allow for dynamic model updates either
22269: Merged V3.3 to V3.3-BUG-FIX (RECORD ONLY)
22268: Merged V3.3-BUG-FIX to V3.3
- Merged across all differences from V3.3-BUG-FIX
22270: Incremented revision number
22467: Merge from V3.3 to V3.3BUG-FIX. Fix for ALF-4741.
V3.3: 22466 Merge from V3.2 to V3.3. Fix for ALF-4741.
V3.2: 22465 Fix for ALF-4741. Repository Web Scripts can produce a corrupted response after a transaction collision/retry.
22667: Merged DEV/TEMPORARY to V3.3-BUG-FIX
22665: ALF-4825: Unlocking checked out content cause both original & working copy un-usable.
Do not include unlock in the actions list when a node has a working copy.
22691: Add missing "logAbandoned" (= false) prop to config - follow on to r15133 (related to ALF-4020 / ETWOTWO-562)
22710: ALF-3948 - from time to time we have exception "Failed to init dictionaryRegistry"
22718: Merge from V3.3 to V3.3-BUG-FIX
r 22715 Merge from V3.2 to V3.3
r 22713 Fix for ALF-4946 Possible NullPointerException during creation of thumbnails whose names are null-valued.
22722: Merged V3.3 to V3.3-BUG-FIX
22271: ALF-3712: Merged HEAD to V3.3
22249: Bin contents were not being packaged.
22272: Merged DEV/TEMPORARY to V3.3
22067: ALF-4479: when using webdav inline edit on webdav + MS Word 2003 +IE6, one gets: Unable to check in Content Node due to system error. Access Denied. You do not have the appropriate permissions to perform this operation.
- Do not unlock a working copy.
22273: Merged DEV/TEMPORARY to V3.3
21729: ALF-3112: Property parameterTemplates not resolved correctly for SimpleTemplateActionDefinition
The temporary fix for unconfigurable valueSeparator property.
https://jira.springframework.org/browse/SPR-7429
22274: Merged DEV/TEMPORARY to V3.3
21993: ALF-4396: webdav "supportedlock" propfind request returns malformed response
WebDAV supported lock elements were wrapped by “lockentry” elements according to the WebDAV specification.
22276: ALF-3890: FTP Change Working Directory (CWD) command works with root-relative paths with more than one component
22277: Merged DEV/TEMPORARY to V3.3
22076: ALF-3579: Open the Details Page URL removes the header, navigation bar etc
The identifiers for modify action tag and details' actions tag should be different in the details pages. For documents:
in the filelink-details.jsp and document-details.jsp. For spaces: in the space-details.jsp and spacelink-details.jsp.
22285: Merged HEAD to V3.3
22284: Fix for ALF-3063 "Incorrect behaviour on filtering by tag in Repository". Labels updated to more accurately reflect behaviour.
22299: Fix for ALF-3893: lucene.indexer.mergerTargetIndexCount is redundant
- this property is now used to control the merging of indexes as was intended
22309: Merged DEV/TEMPORARY to V3.3 (Approved by Roy)
21035: ALF-2588: RM: Export and import of file plan causes disposition errors
When content is imported from acp the actionId that points to the action NodeRef is old in the imported content and NullPointerExcepption appears.
To avoid this we changed DispositionScheduleImpl. Now it stores the action that has different name and ID (when action is create it name equals id) in a separate map. And when getDispositionActionDefinition(String id) method is called it tries to retrieve the action from this map, if it hasn’t been found earlier.
22325: Fix for ALF-4428: Incorrect behaviour of Consumer and Contributor permissions with Quickr
- unit test pass
22334: Merged HEAD to V3.3
22331: Fixes: ALF-3558: Input and variable encoding issues in Share Calendar & API JSON data.
22355: ALF-4489: Special Characters Create Stack Overflow Exception in the Group Admin Console for Share in Internet Explorer.
Fixed missing encoding and also added guard code to prevent stack overflow problem in case of future error.
22356: Fix for ALF-4384 - missing JSP page directive
22360: Fix for ALF-4428: Incorrect behaviour of Consumer and Contributor permissions with Quickr
- unit test pass
- no abstain allowed
22365: Merged DEV/TEMPORARY to V3.3
21874: ALF-2641: WebDav Permission Issues - MAC OSX Finder
The createExclusive field was introduced instead of m_scope. New algorithm of lockscope determination was added.
Also ALF-4008 compliant fix provided with this.
21812: ALF-4008: save a MS Word change over webdav after a 2-3 minutes delay causes the error 'XXX.doc is currently in use. Please try again later.'
Modified LOCK method, it gets a scope from NodeRef property if m_scope field is not defined.
22367: Merged DEV/TEMPORARY to V3.3
21442: ALF-2587: WEBDAV error in Windows 7
- variant generateLockDiscoveryXML methods were factored into a single one capable of generating a namespaced LOCK response compatible with Windows 7 when its user agent header is detected.
22368: Merged DEV/TEMPORARY to V3.3
20919: ALF-2834: All day events created in Outlook not appearing in Meeting Workspace
Different date format is used by Outlook when creating all day meeting request and meeting request specifying date and time. The code was changed to handle both situations accordingly.
22369: Merged DEV/TEMPORARY to V3.3 (With simplifications)
21470: ALF-3796: Locale is not always set/reset on every request thread
- A GlobalLocalizationFilter sits in front of ALL requests and sets a default fallback locale on I18NUtil
- Moved BaseServlet.setLanguageFromRequestHeader into this filter and made sure it always falls back to a default locale
- Subsequent filters / servlets in faces chain may override this with user preferred locale after authentication
22370: ALF-3868: Fix for compatibility with Sun Directory Server
22371: Merged DEV/TEMPORARY to V3.3
21811: ALF-4067: Display Value for Action Constraint breaking a java eval in Share
When a node doesn't have a ContentModel.PROP_TITLE property it is added to AllowableValues with PROP_NAME value.
21795: ALF-4067: Display Value for Action Constraint breaking a java eval in Share
The fix introduces the code which doesn't add a node to AllowableValues if it doesn't have a ContentModel.PROP_TITLE property.
22378: ALF-3796: Fixed compilation error - BaseServlet.setLanguageFromRequestHeader replaced by global filter
22380: ALF-3761: War bundles + extension samples now include alfresco-global.properties in correct position in hierarchy
22386: ALF-3887: Two versions of geronimo-activation are shipped
- Removed the older version
22402: WCM - add more debug logging only
22405: Change notification handler not enabled by the server configuration bean. ALF-4715.
22407: Merged DEV/TEMPORARY to V3.3
22231: ALF-4096: Share point module is causing file descriptor leaks.
The following changes were added to VtiIfHeaderAction and GetDocumentMethod:
- code that copies data between streams was replaced by org.apache.commons.io.IOUtils.copy()
- correct stream closing was added for all cases including exceptions while copying
22411: Merged DEV/TEMPORARY to V3.3
21864: ALF-4371: Error occurs if user try to find event from meeting place
Replaced incorrect NamespaceService.CONTENT_MODEL_PREFIX with NamespaceService.CONTENT_MODEL_1_0_URI in QName creation.
22412: Merged DEV/TEMPORARY to V3.3
22018: ALF-4403: Search on users in JSF client and SHARE do not specify "cm:person" type clause in the query leading to incorrect results in user searching.
People searches in Alfresco and share are restricted by “cm:person” type.
21988: ALF-4403: Search on users in JSF client and SHARE do not specify "cm:person" type clause in the query leading to incorrect results in user searching.
People searches in Alfresco and share are restricted by “cm:person” type.
22418: ALF-4578: Avoid ConcurrentModificationException in AVMDeploymentTarget
22420: Fixed ALF-958: Target associations aren't copied
- Added CopyBehaviourCallback. getAssociationCopyAction
- Default behaviour:
- Remove existing associations of same type when copying OVER an existing node (e.g. check-in)
- Copy the association using a new target if the target is copied in the same call
- Copy the association to the original target if the target is not copied in the same call
- Abstract behaviour (for those that have implemented a CopyBehaviourCallback):
- Remove existing associations of same type when copying OVER an existing node (e.g. check-in)
- Only copy the association to a new target if the original target is copied
22421: ALF-4641: Strip ticket parameter on login page redirect to avoid endless redirect loop
22422: Merged DEV/TEMPORARY to V3.3
21201: ALF-1804: Passthru server check gets confused when a server goes offline
22423: Merged DEV/TEMPORARY to V3.3
21891: ALF-3356: Error changing own user role from coordinator to consumer
When a user changes the Roles, all Permissions are immediately deleted and new selected permissions are created. If all permissions are deleted then the user doesn't have access for permissions creation.
If the user currently has permission change permission the currently set of permissions is cleared and new permissions are added from a System User authority.
22424: Merged DEV/TEMPORARY to V3.3
21182: ALF-1786: Remote Opensearch request mimetype missing
SearchProxy was changed to provide original User-Agent header. HTTPProxy was extended to set request headers. New overridable method setRequestHeaders was added to provide ability of setting headers.
22425: Merged DEV/TEMPORARY to V3.3
22165: ALF-197: When returning to the first step of Advanced Workflow creation from second or third steps it's always Adhoc Task chosen there
The selectedWorkflow variable was reseting every time on "Choose Workflow" step
22426:Merged DEV/TEMPORARY to V3.3
21323: ALF-687: Error when invoking webservices via SSL repository location url.
Add a new overload of ContentUtils.putContent() method with the isSSL argument at the end.
If this parameter value is true then SSLSocket is used and Socket otherwise.
22428: ALF-3490: Unfriendly error messages from WebDAV when content doesn't exist
- Generalized ALF-4207 solution so that the error page instead displays a status 404 message
22429: Merged DEV/TEMPORARY to V3.3
21325: ALF-3502: Logging in FacesHelper.getManagedBean on failure to create bean
Detailed logging of the EvaluationException for ValueBinding was added.
22430: Merged DEV/TEMPORARY to V3.3
20974: ALF-2695: mimetypes-extension-context.xml.sample does not use the correct classes
Changed the type of the bean id="mimetypeConfigService" from “"org.alfresco.config.xml.XMLConfigService” to “org.springframework.extensions.config.xml.XMLConfigService”
Renamed mimetypes-extension-context.xml.sample file to file mimetypes-extension.xml.sample. The file mimetypes-extension-context.xml.sample was interpreted like spring context file. It wasn’t correct.
22431: Merged DEV/TEMPORARY to V3.3
21099: ALF-3046: UI - Import feature not available to contributor user
The fix also covers related bug ALF-2802.
Permission ‘Write’ was replaced by ‘CreateChildren’ for import action because contributor has ‘AddChildren’ (not ‘Write’) permission.
22432: Merged DEV/TEMPORARY to V3.3
20973: ALF-3244: alfresco-sample-website.war does not deploy to bundled Tomcat
The cause of the corrupted alfresco-sample-website.war deployment is the usage of the SSIFilter in the application.
Only Contexts which are marked as privileged may use SSI features. For this reason, the context has been marked as privileged in META-INF/context.xml
22433: Merged DEV/TEMPORARY to V3.3
21190: ALF-3751: Unintentional copy/remove of 'Web Forms' space removes form associations in Web Projects
Parent validation before deleting was added. Now deleted web form is removed from Web Project only if this form is located in original Web Form folder.
22434: Merged DEV/TEMPORARY to V3.3
21490: ALF-4099: Customer concern about String comparison operators == vs equals
Comparison operator was replaced by equals/EqualsHelper.nullSafeEquals in the ContentFilterLanguagesMap DocumentNavigator UIAjaxTagPicker Presence classes.
DocumentNavigator.getAttributeName() method was changed because the previous method's logic always returned escapedLocalName in any case.
22436: Merged DEV/TEMPORARY to V3.3
22063: ALF-4494 : Share show error if versionable document has no version history.
1. evaluator.lib.js was modified to prevent NPE if no version history exists for document.
2. Result was manually tested.
22437: ALF-2796: java.naming.referral is set to "follow" in the LDAP contexts to avoid PartialResultExceptions on LDAP sync
22466: Merge from V3.2 to V3.3. Fix for ALF-4741.
V3.2: 22465 Fix for ALF-4741. Repository Web Scripts can produce a corrupted response after a transaction collision/retry.
22469: Fix for CIFS long directory path results in duplicate folder displays. ALF-3938.
Removed (hopefully) last of the hardcoded buffer length limits.
22472: Fixed ALF-4670: XAM retainUntil value does not propagate down the space hierarchy
22473: Fixed ALF-4656: Deleted Content Backup should ignore unrecognised URLs
- Also fixes ALF-4657: Content stored on XAM is not cleaned up correctly
- Errors in the listeners are logged only
- ContentStoreCleanerListener checks and warns if the URL is unsupported
22474: Fix to web.xml to correctly validate and therefore deploy on JBoss5.1.0
22485: Fix for NFS losing contents during edit or copy. ALF-4737.
22492: ALF-4652 XAM bug fixes and improvements: Respect 0 'retentionPeriodDays'
22501: Fixed ALF-4763 XAM-enabled nodes must not go to the archive://SpacesStore
22504: Fix for MS Word mimetype is changed when editing via CIFS. ALF-3772.
22520: ALF-4768: WCM (w/ virt svr) - submit (no need to virtualize direct submit workflows)
22526: Externalised setting of BINARIES, plus added bin with jars and dlls
22561: ALF-4792: WCM virt svr - add experimental option for lazy deployment (defer startup of dependent webapps until accessed)
22611: Fixed ALF-1893: Windows 7 SSP Read-only.
Note: Relies on the patched Excel and PowerPoint mimetypes, but also falls back to file exension.
22612: Merged HEAD to BRANCHES/V3.3:
22609: Resolve ALF4822, ALF4818
22628: ALF-3239: Added encoding elements to mysql db url
22656: Fix for Solaris/Gedit problem, keep a mapping for the original file handle to the new path after a rename. ALF-4843.
22673: ALF-4845: Person and Group member deletion performance fix
- Don't batch load all a group's members when trying to delete one of them!
- Can result in infeasibly large hibernate sessions when trying to delete a person / LDAP sync in a repository with very large groups
- Switched off batch loading in NodeService.removeChild()
- Avoided unnecessary use of removeAuthority in PersonService.deletePerson()
22674: Merged DEV/TEMPORARY to V3.3
22653: ALF-661: There is no way to determine the protocol, hostname and port from a javascript kicked off by JBPM
These variables are now available for use in workflow and action javascript and they are wired to the corresponding parameters that already exist in the sysAdmin subsystem.
urls.alfresco.protocol
urls.alfresco.host
urls.alfresco.port
urls.alfresco.context
urls.share.protocol
urls.share.host
urls.share.port
urls.share.context
See bug for example usage
22676: Merged HEAD to V3.3:
20306: Google Doc integration fixes:
- Fixed up inconsistancies in powerpoint and excel mimetypes set throughout the code
- Unit tests failures for excel sheets fixed
- Able to now create and checkout docs, sheets and presentations successfullly
- Docs, sheets and presentations downloadable and viewable
- Fixed ALF-2700
(See ALF-4827)
22715: Merge from V3.2 to V3.3.
r. 22713. Fix for ALF-4946 Possible NullPointerException during creation of thumbnails whose names are null-valued.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@22725 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
1076 lines
39 KiB
Java
1076 lines
39 KiB
Java
/*
|
|
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.security.person;
|
|
|
|
import java.io.Serializable;
|
|
import java.util.ArrayList;
|
|
import java.util.Collections;
|
|
import java.util.Comparator;
|
|
import java.util.HashMap;
|
|
import java.util.HashSet;
|
|
import java.util.LinkedHashSet;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
import java.util.concurrent.ConcurrentHashMap;
|
|
|
|
import org.alfresco.error.AlfrescoRuntimeException;
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.repo.cache.SimpleCache;
|
|
import org.alfresco.repo.domain.permissions.AclDAO;
|
|
import org.alfresco.repo.node.NodeServicePolicies;
|
|
import org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.OnCreateNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy;
|
|
import org.alfresco.repo.policy.BehaviourFilter;
|
|
import org.alfresco.repo.policy.JavaBehaviour;
|
|
import org.alfresco.repo.policy.PolicyComponent;
|
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
|
|
import org.alfresco.repo.tenant.TenantService;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
|
|
import org.alfresco.repo.transaction.TransactionListenerAdapter;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
|
|
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
|
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
|
|
import org.alfresco.service.cmr.search.ResultSet;
|
|
import org.alfresco.service.cmr.search.ResultSetRow;
|
|
import org.alfresco.service.cmr.search.SearchParameters;
|
|
import org.alfresco.service.cmr.search.SearchService;
|
|
import org.alfresco.service.cmr.security.AuthorityService;
|
|
import org.alfresco.service.cmr.security.AuthorityType;
|
|
import org.alfresco.service.cmr.security.MutableAuthenticationService;
|
|
import org.alfresco.service.cmr.security.NoSuchPersonException;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.service.namespace.NamespacePrefixResolver;
|
|
import org.alfresco.service.namespace.NamespaceService;
|
|
import org.alfresco.service.namespace.QName;
|
|
import org.alfresco.service.namespace.RegexQNamePattern;
|
|
import org.alfresco.service.transaction.TransactionService;
|
|
import org.alfresco.util.EqualsHelper;
|
|
import org.alfresco.util.GUID;
|
|
import org.alfresco.util.PropertyCheck;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
public class PersonServiceImpl extends TransactionListenerAdapter implements PersonService, NodeServicePolicies.OnCreateNodePolicy, NodeServicePolicies.BeforeDeleteNodePolicy,
|
|
NodeServicePolicies.OnUpdatePropertiesPolicy
|
|
{
|
|
private static Log s_logger = LogFactory.getLog(PersonServiceImpl.class);
|
|
|
|
private static final String DELETE = "DELETE";
|
|
|
|
private static final String SPLIT = "SPLIT";
|
|
|
|
private static final String LEAVE = "LEAVE";
|
|
|
|
public static final String SYSTEM_FOLDER_SHORT_QNAME = "sys:system";
|
|
|
|
public static final String PEOPLE_FOLDER_SHORT_QNAME = "sys:people";
|
|
|
|
// IOC
|
|
|
|
private StoreRef storeRef;
|
|
|
|
private TransactionService transactionService;
|
|
|
|
private NodeService nodeService;
|
|
|
|
private TenantService tenantService;
|
|
|
|
private SearchService searchService;
|
|
|
|
private AuthorityService authorityService;
|
|
|
|
private MutableAuthenticationService authenticationService;
|
|
|
|
private DictionaryService dictionaryService;
|
|
|
|
private PermissionServiceSPI permissionServiceSPI;
|
|
|
|
private NamespacePrefixResolver namespacePrefixResolver;
|
|
|
|
private HomeFolderManager homeFolderManager;
|
|
|
|
private PolicyComponent policyComponent;
|
|
|
|
private BehaviourFilter policyBehaviourFilter;
|
|
|
|
private boolean createMissingPeople;
|
|
|
|
private static Set<QName> mutableProperties;
|
|
|
|
private String defaultHomeFolderProvider;
|
|
|
|
private boolean processDuplicates = true;
|
|
|
|
private String duplicateMode = LEAVE;
|
|
|
|
private boolean lastIsBest = true;
|
|
|
|
private boolean includeAutoCreated = false;
|
|
|
|
private AclDAO aclDao;
|
|
|
|
private PermissionsManager permissionsManager;
|
|
|
|
/** a transactionally-safe cache to be injected */
|
|
private SimpleCache<String, Set<NodeRef>> personCache;
|
|
|
|
/** People Container ref cache (Tennant aware) */
|
|
private Map<String, NodeRef> peopleContainerRefs = new ConcurrentHashMap<String, NodeRef>(4);
|
|
|
|
private UserNameMatcher userNameMatcher;
|
|
|
|
static
|
|
{
|
|
Set<QName> props = new HashSet<QName>();
|
|
props.add(ContentModel.PROP_HOMEFOLDER);
|
|
props.add(ContentModel.PROP_FIRSTNAME);
|
|
// Middle Name
|
|
props.add(ContentModel.PROP_LASTNAME);
|
|
props.add(ContentModel.PROP_EMAIL);
|
|
props.add(ContentModel.PROP_ORGID);
|
|
mutableProperties = Collections.unmodifiableSet(props);
|
|
}
|
|
|
|
@Override
|
|
public boolean equals(Object obj)
|
|
{
|
|
return this == obj;
|
|
}
|
|
|
|
@Override
|
|
public int hashCode()
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
/**
|
|
* Spring bean init method
|
|
*/
|
|
public void init()
|
|
{
|
|
PropertyCheck.mandatory(this, "storeUrl", storeRef);
|
|
PropertyCheck.mandatory(this, "transactionService", transactionService);
|
|
PropertyCheck.mandatory(this, "nodeService", nodeService);
|
|
PropertyCheck.mandatory(this, "searchService", searchService);
|
|
PropertyCheck.mandatory(this, "permissionServiceSPI", permissionServiceSPI);
|
|
PropertyCheck.mandatory(this, "authorityService", authorityService);
|
|
PropertyCheck.mandatory(this, "authenticationService", authenticationService);
|
|
PropertyCheck.mandatory(this, "namespacePrefixResolver", namespacePrefixResolver);
|
|
PropertyCheck.mandatory(this, "policyComponent", policyComponent);
|
|
PropertyCheck.mandatory(this, "personCache", personCache);
|
|
PropertyCheck.mandatory(this, "aclDao", aclDao);
|
|
PropertyCheck.mandatory(this, "homeFolderManager", homeFolderManager);
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnCreateNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "onCreateNode"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
BeforeDeleteNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "beforeDeleteNode"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnUpdatePropertiesPolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "onUpdateProperties"));
|
|
}
|
|
|
|
public UserNameMatcher getUserNameMatcher()
|
|
{
|
|
return userNameMatcher;
|
|
}
|
|
|
|
public void setUserNameMatcher(UserNameMatcher userNameMatcher)
|
|
{
|
|
this.userNameMatcher = userNameMatcher;
|
|
}
|
|
|
|
void setDefaultHomeFolderProvider(String defaultHomeFolderProvider)
|
|
{
|
|
this.defaultHomeFolderProvider = defaultHomeFolderProvider;
|
|
}
|
|
|
|
public void setDuplicateMode(String duplicateMode)
|
|
{
|
|
this.duplicateMode = duplicateMode;
|
|
}
|
|
|
|
public void setIncludeAutoCreated(boolean includeAutoCreated)
|
|
{
|
|
this.includeAutoCreated = includeAutoCreated;
|
|
}
|
|
|
|
public void setLastIsBest(boolean lastIsBest)
|
|
{
|
|
this.lastIsBest = lastIsBest;
|
|
}
|
|
|
|
public void setProcessDuplicates(boolean processDuplicates)
|
|
{
|
|
this.processDuplicates = processDuplicates;
|
|
}
|
|
|
|
public void setHomeFolderManager(HomeFolderManager homeFolderManager)
|
|
{
|
|
this.homeFolderManager = homeFolderManager;
|
|
}
|
|
|
|
public void setAclDAO(AclDAO aclDao)
|
|
{
|
|
this.aclDao = aclDao;
|
|
}
|
|
|
|
public void setPermissionsManager(PermissionsManager permissionsManager)
|
|
{
|
|
this.permissionsManager = permissionsManager;
|
|
}
|
|
|
|
/**
|
|
* Set the username to person cache.
|
|
*
|
|
* @param personCache
|
|
* a transactionally safe cache
|
|
*/
|
|
public void setPersonCache(SimpleCache<String, Set<NodeRef>> personCache)
|
|
{
|
|
this.personCache = personCache;
|
|
}
|
|
|
|
/**
|
|
* Retrieve the person NodeRef for a username key. Depending on configuration missing people will be created if not
|
|
* found, else a NoSuchPersonException exception will be thrown.
|
|
*
|
|
* @param userName
|
|
* of the person NodeRef to retrieve
|
|
* @return NodeRef of the person as specified by the username
|
|
* @throws NoSuchPersonException
|
|
*/
|
|
public NodeRef getPerson(String userName)
|
|
{
|
|
return getPerson(userName, true);
|
|
}
|
|
|
|
/**
|
|
* Retrieve the person NodeRef for a username key. Depending on the <code>autoCreate</code> parameter and
|
|
* configuration missing people will be created if not found, else a NoSuchPersonException exception will be thrown.
|
|
*
|
|
* @param userName
|
|
* of the person NodeRef to retrieve
|
|
* @param autoCreate
|
|
* should we auto-create the person node and home folder if they don't exist? (and configuration allows
|
|
* us to)
|
|
* @return NodeRef of the person as specified by the username
|
|
* @throws NoSuchPersonException
|
|
* if the person doesn't exist and can't be created
|
|
*/
|
|
public NodeRef getPerson(final String userName, final boolean autoCreate)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantUser(userName))
|
|
{
|
|
final String tenantDomain = tenantService.getUserDomain(userName);
|
|
|
|
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
return getPersonImpl(userName, autoCreate);
|
|
}
|
|
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
return getPersonImpl(userName, autoCreate);
|
|
}
|
|
}
|
|
|
|
private NodeRef getPersonImpl(String userName, boolean autoCreate)
|
|
{
|
|
if(userName == null)
|
|
{
|
|
return null;
|
|
}
|
|
if(userName.length() == 0)
|
|
{
|
|
return null;
|
|
}
|
|
NodeRef personNode = getPersonOrNull(userName);
|
|
if (personNode == null)
|
|
{
|
|
TxnReadState txnReadState = AlfrescoTransactionSupport.getTransactionReadState();
|
|
if (autoCreate && createMissingPeople() && txnReadState == TxnReadState.TXN_READ_WRITE)
|
|
{
|
|
// We create missing people AND are in a read-write txn
|
|
return createMissingPerson(userName);
|
|
}
|
|
else
|
|
{
|
|
throw new NoSuchPersonException(userName);
|
|
}
|
|
}
|
|
else if (autoCreate)
|
|
{
|
|
makeHomeFolderIfRequired(personNode);
|
|
}
|
|
return personNode;
|
|
}
|
|
|
|
public boolean personExists(String caseSensitiveUserName)
|
|
{
|
|
return getPersonOrNull(caseSensitiveUserName) != null;
|
|
}
|
|
|
|
private NodeRef getPersonOrNull(String searchUserName)
|
|
{
|
|
String cacheKey = searchUserName.toLowerCase();
|
|
Set<NodeRef> allRefs = this.personCache.get(cacheKey);
|
|
if (allRefs == null)
|
|
{
|
|
List<ChildAssociationRef> childRefs = nodeService.getChildAssocs(
|
|
getPeopleContainer(),
|
|
ContentModel.ASSOC_CHILDREN,
|
|
QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, searchUserName.toLowerCase()),
|
|
false);
|
|
allRefs = new LinkedHashSet<NodeRef>(childRefs.size() * 2);
|
|
|
|
for (ChildAssociationRef childRef : childRefs)
|
|
{
|
|
NodeRef nodeRef = childRef.getChildRef();
|
|
allRefs.add(nodeRef);
|
|
}
|
|
}
|
|
List<NodeRef> refs = new ArrayList<NodeRef>(allRefs.size());
|
|
for (NodeRef nodeRef : allRefs)
|
|
{
|
|
Serializable value = nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, value);
|
|
if (userNameMatcher.matches(searchUserName, realUserName))
|
|
{
|
|
refs.add(nodeRef);
|
|
}
|
|
}
|
|
NodeRef returnRef = null;
|
|
if (refs.size() > 1)
|
|
{
|
|
returnRef = handleDuplicates(refs, searchUserName);
|
|
}
|
|
else if (refs.size() == 1)
|
|
{
|
|
returnRef = refs.get(0);
|
|
|
|
// Don't bother caching unless we get a result that doesn't need duplicate processing
|
|
personCache.put(cacheKey, allRefs);
|
|
}
|
|
return returnRef;
|
|
}
|
|
|
|
private NodeRef handleDuplicates(List<NodeRef> refs, String searchUserName)
|
|
{
|
|
if (processDuplicates)
|
|
{
|
|
NodeRef best = findBest(refs);
|
|
HashSet<NodeRef> toHandle = new HashSet<NodeRef>();
|
|
toHandle.addAll(refs);
|
|
toHandle.remove(best);
|
|
addDuplicateNodeRefsToHandle(toHandle);
|
|
return best;
|
|
}
|
|
else
|
|
{
|
|
String userNameSensitivity = " (user name is case-" + (userNameMatcher.getUserNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
|
|
String domainNameSensitivity = "";
|
|
if (!userNameMatcher.getDomainSeparator().equals(""))
|
|
{
|
|
domainNameSensitivity = " (domain name is case-" + (userNameMatcher.getDomainNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
|
|
}
|
|
|
|
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName + userNameSensitivity + domainNameSensitivity);
|
|
}
|
|
}
|
|
|
|
private static final String KEY_POST_TXN_DUPLICATES = "PersonServiceImpl.KEY_POST_TXN_DUPLICATES";
|
|
private static final String KEY_ALLOW_UID_UPDATE = "PersonServiceImpl.KEY_ALLOW_UID_UPDATE";
|
|
|
|
/**
|
|
* Get the txn-bound usernames that need cleaning up
|
|
*/
|
|
private Set<NodeRef> getPostTxnDuplicates()
|
|
{
|
|
@SuppressWarnings("unchecked")
|
|
Set<NodeRef> postTxnDuplicates = (Set<NodeRef>) AlfrescoTransactionSupport.getResource(KEY_POST_TXN_DUPLICATES);
|
|
if (postTxnDuplicates == null)
|
|
{
|
|
postTxnDuplicates = new HashSet<NodeRef>();
|
|
AlfrescoTransactionSupport.bindResource(KEY_POST_TXN_DUPLICATES, postTxnDuplicates);
|
|
}
|
|
return postTxnDuplicates;
|
|
}
|
|
|
|
/**
|
|
* Flag a username for cleanup after the transaction.
|
|
*/
|
|
private void addDuplicateNodeRefsToHandle(Set<NodeRef> refs)
|
|
{
|
|
// Firstly, bind this service to the transaction
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
// Now get the post txn duplicate list
|
|
Set<NodeRef> postTxnDuplicates = getPostTxnDuplicates();
|
|
postTxnDuplicates.addAll(refs);
|
|
}
|
|
|
|
/**
|
|
* Process clean up any duplicates that were flagged during the transaction.
|
|
*/
|
|
@Override
|
|
public void afterCommit()
|
|
{
|
|
// Get the duplicates in a form that can be read by the transaction work anonymous instance
|
|
final Set<NodeRef> postTxnDuplicates = getPostTxnDuplicates();
|
|
|
|
RetryingTransactionCallback<Object> processDuplicateWork = new RetryingTransactionCallback<Object>()
|
|
{
|
|
public Object execute() throws Throwable
|
|
{
|
|
try
|
|
{
|
|
policyBehaviourFilter.disableBehaviour(ContentModel.TYPE_PERSON);
|
|
|
|
if (duplicateMode.equalsIgnoreCase(SPLIT))
|
|
{
|
|
// Allow UIDs to be updated in this transaction
|
|
AlfrescoTransactionSupport.bindResource(KEY_ALLOW_UID_UPDATE, Boolean.TRUE);
|
|
split(postTxnDuplicates);
|
|
s_logger.info("Split duplicate person objects");
|
|
}
|
|
else if (duplicateMode.equalsIgnoreCase(DELETE))
|
|
{
|
|
delete(postTxnDuplicates);
|
|
s_logger.info("Deleted duplicate person objects");
|
|
}
|
|
else
|
|
{
|
|
if (s_logger.isDebugEnabled())
|
|
{
|
|
s_logger.debug("Duplicate person objects exist");
|
|
}
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
policyBehaviourFilter.enableBehaviour(ContentModel.TYPE_PERSON);
|
|
}
|
|
|
|
// Done
|
|
return null;
|
|
}
|
|
};
|
|
transactionService.getRetryingTransactionHelper().doInTransaction(processDuplicateWork, false, true);
|
|
}
|
|
|
|
private void delete(Set<NodeRef> toDelete)
|
|
{
|
|
for (NodeRef nodeRef : toDelete)
|
|
{
|
|
nodeService.deleteNode(nodeRef);
|
|
}
|
|
}
|
|
|
|
private void split(Set<NodeRef> toSplit)
|
|
{
|
|
for (NodeRef nodeRef : toSplit)
|
|
{
|
|
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME));
|
|
nodeService.setProperty(nodeRef, ContentModel.PROP_USERNAME, userName + GUID.generate());
|
|
}
|
|
}
|
|
|
|
private NodeRef findBest(List<NodeRef> refs)
|
|
{
|
|
// Given that we might not have audit attributes, use the assumption that the node ID increases to sort the
|
|
// nodes
|
|
if (lastIsBest)
|
|
{
|
|
Collections.sort(refs, new NodeIdComparator(nodeService, false));
|
|
}
|
|
else
|
|
{
|
|
Collections.sort(refs, new NodeIdComparator(nodeService, true));
|
|
}
|
|
|
|
NodeRef fallBack = null;
|
|
|
|
for (NodeRef nodeRef : refs)
|
|
{
|
|
if (fallBack == null)
|
|
{
|
|
fallBack = nodeRef;
|
|
}
|
|
|
|
if (includeAutoCreated || !wasAutoCreated(nodeRef))
|
|
{
|
|
return nodeRef;
|
|
}
|
|
}
|
|
|
|
return fallBack;
|
|
}
|
|
|
|
private boolean wasAutoCreated(NodeRef nodeRef)
|
|
{
|
|
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME));
|
|
|
|
String testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_FIRSTNAME));
|
|
if ((testString == null) || !testString.equals(userName))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_LASTNAME));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_EMAIL));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_ORGID));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_HOME_FOLDER_PROVIDER));
|
|
if ((testString == null) || !testString.equals(defaultHomeFolderProvider))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
public boolean createMissingPeople()
|
|
{
|
|
return createMissingPeople;
|
|
}
|
|
|
|
public Set<QName> getMutableProperties()
|
|
{
|
|
return mutableProperties;
|
|
}
|
|
|
|
public void setPersonProperties(String userName, Map<QName, Serializable> properties)
|
|
{
|
|
setPersonProperties(userName, properties, true);
|
|
}
|
|
|
|
public void setPersonProperties(String userName, Map<QName, Serializable> properties, boolean autoCreate)
|
|
{
|
|
NodeRef personNode = getPersonOrNull(userName);
|
|
if (personNode == null)
|
|
{
|
|
if (createMissingPeople())
|
|
{
|
|
personNode = createMissingPerson(userName);
|
|
}
|
|
else
|
|
{
|
|
throw new PersonException("No person found for user name " + userName);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (autoCreate)
|
|
{
|
|
makeHomeFolderIfRequired(personNode);
|
|
}
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode, ContentModel.PROP_USERNAME));
|
|
String suggestedUserName;
|
|
|
|
// LDAP sync: allow change of case if we have case insensitive user names and the same name in a different case
|
|
if (getUserNamesAreCaseSensitive()
|
|
|| (suggestedUserName = (String) properties.get(ContentModel.PROP_USERNAME)) == null
|
|
|| !suggestedUserName.equalsIgnoreCase(realUserName))
|
|
{
|
|
properties.put(ContentModel.PROP_USERNAME, realUserName);
|
|
}
|
|
}
|
|
Map<QName, Serializable> update = nodeService.getProperties(personNode);
|
|
update.putAll(properties);
|
|
|
|
nodeService.setProperties(personNode, update);
|
|
}
|
|
|
|
public boolean isMutable()
|
|
{
|
|
return true;
|
|
}
|
|
|
|
private NodeRef createMissingPerson(String userName)
|
|
{
|
|
HashMap<QName, Serializable> properties = getDefaultProperties(userName);
|
|
NodeRef person = createPerson(properties);
|
|
return person;
|
|
}
|
|
|
|
private void makeHomeFolderIfRequired(NodeRef person)
|
|
{
|
|
if (person != null)
|
|
{
|
|
NodeRef homeFolder = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER));
|
|
if (homeFolder == null)
|
|
{
|
|
final ChildAssociationRef ref = nodeService.getPrimaryParent(person);
|
|
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Object>()
|
|
{
|
|
public Object execute() throws Throwable
|
|
{
|
|
homeFolderManager.makeHomeFolder(ref);
|
|
return null;
|
|
}
|
|
}, transactionService.isReadOnly(), transactionService.isReadOnly() ? false : AlfrescoTransactionSupport.getTransactionReadState() == TxnReadState.TXN_READ_ONLY);
|
|
//homeFolder = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER));
|
|
//assert(homeFolder != null);
|
|
}
|
|
}
|
|
}
|
|
|
|
private HashMap<QName, Serializable> getDefaultProperties(String userName)
|
|
{
|
|
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
properties.put(ContentModel.PROP_FIRSTNAME, tenantService.getBaseNameUser(userName));
|
|
properties.put(ContentModel.PROP_LASTNAME, "");
|
|
properties.put(ContentModel.PROP_EMAIL, "");
|
|
properties.put(ContentModel.PROP_ORGID, "");
|
|
properties.put(ContentModel.PROP_HOME_FOLDER_PROVIDER, defaultHomeFolderProvider);
|
|
|
|
properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
|
|
properties.put(ContentModel.PROP_SIZE_QUOTA, -1L); // no quota
|
|
|
|
return properties;
|
|
}
|
|
|
|
public NodeRef createPerson(Map<QName, Serializable> properties)
|
|
{
|
|
return createPerson(properties, authorityService.getDefaultZones());
|
|
}
|
|
|
|
public NodeRef createPerson(Map<QName, Serializable> properties, Set<String> zones)
|
|
{
|
|
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_USERNAME));
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(userName);
|
|
if (authorityType != AuthorityType.USER)
|
|
{
|
|
throw new AlfrescoRuntimeException("Attempt to create person for an authority which is not a user");
|
|
}
|
|
|
|
tenantService.checkDomainUser(userName);
|
|
|
|
if (personExists(userName))
|
|
{
|
|
throw new AlfrescoRuntimeException("Person '" + userName + "' already exists.");
|
|
}
|
|
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
|
|
|
|
NodeRef personRef = nodeService.createNode(
|
|
getPeopleContainer(),
|
|
ContentModel.ASSOC_CHILDREN,
|
|
QName.createQName("cm", userName.toLowerCase(), namespacePrefixResolver), // Lowercase:
|
|
ContentModel.TYPE_PERSON, properties).getChildRef();
|
|
|
|
if (zones != null)
|
|
{
|
|
for (String zone : zones)
|
|
{
|
|
// Add the person to an authentication zone (corresponding to an external user registry)
|
|
// Let's preserve case on this child association
|
|
nodeService.addChild(authorityService.getOrCreateZone(zone), personRef, ContentModel.ASSOC_IN_ZONE, QName.createQName("cm", userName, namespacePrefixResolver));
|
|
}
|
|
}
|
|
|
|
personCache.remove(userName.toLowerCase());
|
|
return personRef;
|
|
}
|
|
|
|
public NodeRef getPeopleContainer()
|
|
{
|
|
String cacheKey = tenantService.getCurrentUserDomain();
|
|
NodeRef peopleNodeRef = peopleContainerRefs.get(cacheKey);
|
|
if (peopleNodeRef == null)
|
|
{
|
|
NodeRef rootNodeRef = nodeService.getRootNode(tenantService.getName(storeRef));
|
|
List<ChildAssociationRef> children = nodeService.getChildAssocs(rootNodeRef, RegexQNamePattern.MATCH_ALL,
|
|
QName.createQName(SYSTEM_FOLDER_SHORT_QNAME, namespacePrefixResolver), false);
|
|
|
|
if (children.size() == 0)
|
|
{
|
|
throw new AlfrescoRuntimeException("Required people system path not found: "
|
|
+ SYSTEM_FOLDER_SHORT_QNAME);
|
|
}
|
|
|
|
NodeRef systemNodeRef = children.get(0).getChildRef();
|
|
|
|
children = nodeService.getChildAssocs(systemNodeRef, RegexQNamePattern.MATCH_ALL, QName.createQName(
|
|
PEOPLE_FOLDER_SHORT_QNAME, namespacePrefixResolver), false);
|
|
|
|
if (children.size() == 0)
|
|
{
|
|
throw new AlfrescoRuntimeException("Required people system path not found: "
|
|
+ PEOPLE_FOLDER_SHORT_QNAME);
|
|
}
|
|
|
|
peopleNodeRef = children.get(0).getChildRef();
|
|
peopleContainerRefs.put(cacheKey, peopleNodeRef);
|
|
}
|
|
return peopleNodeRef;
|
|
}
|
|
|
|
public void deletePerson(String userName)
|
|
{
|
|
// Normalize the username to avoid case sensitivity issues
|
|
userName = getUserIdentifier(userName);
|
|
if (userName == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
// Remove internally-stored password information, if any
|
|
try
|
|
{
|
|
authenticationService.deleteAuthentication(userName);
|
|
}
|
|
catch (AuthenticationException e)
|
|
{
|
|
// Ignore this - externally authenticated user
|
|
}
|
|
|
|
// Invalidate all that user's tickets
|
|
try
|
|
{
|
|
authenticationService.invalidateUserSession(userName);
|
|
}
|
|
catch (AuthenticationException e)
|
|
{
|
|
// Ignore this
|
|
}
|
|
|
|
// remove any user permissions
|
|
permissionServiceSPI.deletePermissions(userName);
|
|
|
|
// delete the person
|
|
NodeRef personNodeRef = getPersonOrNull(userName);
|
|
if (personNodeRef != null)
|
|
{
|
|
nodeService.deleteNode(personNodeRef);
|
|
}
|
|
personCache.remove(userName.toLowerCase());
|
|
}
|
|
|
|
public Set<NodeRef> getAllPeople()
|
|
{
|
|
List<ChildAssociationRef> childRefs = nodeService.getChildAssocs(getPeopleContainer(),
|
|
ContentModel.ASSOC_CHILDREN, RegexQNamePattern.MATCH_ALL, false);
|
|
Set<NodeRef> refs = new HashSet<NodeRef>(childRefs.size()*2);
|
|
for (ChildAssociationRef childRef : childRefs)
|
|
{
|
|
refs.add(childRef.getChildRef());
|
|
}
|
|
return refs;
|
|
}
|
|
|
|
public Set<NodeRef> getPeopleFilteredByProperty(QName propertyKey, Serializable propertyValue)
|
|
{
|
|
// check that given property key is defined for content model type 'cm:person'
|
|
// and throw exception if it isn't
|
|
if (this.dictionaryService.getProperty(ContentModel.TYPE_PERSON, propertyKey) == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Property '" + propertyKey + "' is not defined " + "for content model type cm:person");
|
|
}
|
|
|
|
LinkedHashSet<NodeRef> people = new LinkedHashSet<NodeRef>();
|
|
|
|
//
|
|
// Search for people using the given property
|
|
//
|
|
|
|
SearchParameters sp = new SearchParameters();
|
|
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
|
|
sp.setQuery("@cm\\:" + propertyKey.getLocalName() + ":\"" + propertyValue + "\"");
|
|
sp.addStore(tenantService.getName(storeRef));
|
|
sp.excludeDataInTheCurrentTransaction(false);
|
|
|
|
ResultSet rs = null;
|
|
|
|
try
|
|
{
|
|
rs = searchService.query(sp);
|
|
|
|
for (ResultSetRow row : rs)
|
|
{
|
|
NodeRef nodeRef = row.getNodeRef();
|
|
if (nodeService.exists(nodeRef))
|
|
{
|
|
people.add(nodeRef);
|
|
}
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
if (rs != null)
|
|
{
|
|
rs.close();
|
|
}
|
|
}
|
|
|
|
return people;
|
|
}
|
|
|
|
// Policies
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void onCreateNode(ChildAssociationRef childAssocRef)
|
|
{
|
|
NodeRef personRef = childAssocRef.getChildRef();
|
|
String username = (String) this.nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
|
|
personCache.remove(username.toLowerCase());
|
|
permissionsManager.setPermissions(personRef, username, username);
|
|
|
|
// Make sure there is an authority entry - with a DB constraint for uniqueness
|
|
// aclDao.createAuthority(username);
|
|
|
|
// work around for policy bug ...
|
|
homeFolderManager.onCreateNode(childAssocRef);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void beforeDeleteNode(NodeRef nodeRef)
|
|
{
|
|
String username = (String) this.nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
if (this.authorityService.isGuestAuthority(username))
|
|
{
|
|
throw new AlfrescoRuntimeException("The " + username + " user cannot be deleted.");
|
|
}
|
|
this.personCache.remove(username.toLowerCase());
|
|
}
|
|
|
|
// IOC Setters
|
|
|
|
public void setCreateMissingPeople(boolean createMissingPeople)
|
|
{
|
|
this.createMissingPeople = createMissingPeople;
|
|
}
|
|
|
|
public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver)
|
|
{
|
|
this.namespacePrefixResolver = namespacePrefixResolver;
|
|
}
|
|
|
|
public void setAuthorityService(AuthorityService authorityService)
|
|
{
|
|
this.authorityService = authorityService;
|
|
}
|
|
|
|
public void setAuthenticationService(MutableAuthenticationService authenticationService)
|
|
{
|
|
this.authenticationService = authenticationService;
|
|
}
|
|
|
|
public void setDictionaryService(DictionaryService dictionaryService)
|
|
{
|
|
this.dictionaryService = dictionaryService;
|
|
}
|
|
|
|
public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)
|
|
{
|
|
this.permissionServiceSPI = permissionServiceSPI;
|
|
}
|
|
|
|
public void setTransactionService(TransactionService transactionService)
|
|
{
|
|
this.transactionService = transactionService;
|
|
}
|
|
|
|
public void setNodeService(NodeService nodeService)
|
|
{
|
|
this.nodeService = nodeService;
|
|
}
|
|
|
|
public void setTenantService(TenantService tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
public void setSearchService(SearchService searchService)
|
|
{
|
|
this.searchService = searchService;
|
|
}
|
|
|
|
public void setPolicyComponent(PolicyComponent policyComponent)
|
|
{
|
|
this.policyComponent = policyComponent;
|
|
}
|
|
|
|
public void setPolicyBehaviourFilter(BehaviourFilter policyBehaviourFilter)
|
|
{
|
|
this.policyBehaviourFilter = policyBehaviourFilter;
|
|
}
|
|
|
|
public void setStoreUrl(String storeUrl)
|
|
{
|
|
this.storeRef = new StoreRef(storeUrl);
|
|
}
|
|
|
|
public String getUserIdentifier(String caseSensitiveUserName)
|
|
{
|
|
NodeRef nodeRef = getPersonOrNull(caseSensitiveUserName);
|
|
if ((nodeRef != null) && nodeService.exists(nodeRef))
|
|
{
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME));
|
|
return realUserName;
|
|
}
|
|
return null;
|
|
}
|
|
|
|
public static class NodeIdComparator implements Comparator<NodeRef>
|
|
{
|
|
private NodeService nodeService;
|
|
|
|
boolean ascending;
|
|
|
|
NodeIdComparator(NodeService nodeService, boolean ascending)
|
|
{
|
|
this.nodeService = nodeService;
|
|
this.ascending = ascending;
|
|
}
|
|
|
|
public int compare(NodeRef first, NodeRef second)
|
|
{
|
|
Long firstId = DefaultTypeConverter.INSTANCE.convert(Long.class, nodeService.getProperty(first, ContentModel.PROP_NODE_DBID));
|
|
Long secondId = DefaultTypeConverter.INSTANCE.convert(Long.class, nodeService.getProperty(second, ContentModel.PROP_NODE_DBID));
|
|
|
|
if (firstId != null)
|
|
{
|
|
if (secondId != null)
|
|
{
|
|
return firstId.compareTo(secondId) * (ascending ? 1 : -1);
|
|
}
|
|
else
|
|
{
|
|
return ascending ? -1 : 1;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (secondId != null)
|
|
{
|
|
return ascending ? 1 : -1;
|
|
}
|
|
else
|
|
{
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
public boolean getUserNamesAreCaseSensitive()
|
|
{
|
|
return userNameMatcher.getUserNamesAreCaseSensitive();
|
|
}
|
|
|
|
/*
|
|
* When a uid is changed we need to create an alias for the old uid so permissions are not broken. This can happen
|
|
* when an already existing user is updated via LDAP e.g. migration to LDAP, or when a user is auto created and then
|
|
* updated by LDAP This is probably less likely after 3.2 and sync on missing person See
|
|
* https://issues.alfresco.com/jira/browse/ETWOTWO-389 (non-Javadoc)
|
|
*
|
|
* @see org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy#onUpdateProperties(org.alfresco.service.cmr.repository.NodeRef,
|
|
* java.util.Map, java.util.Map)
|
|
*/
|
|
public void onUpdateProperties(NodeRef nodeRef, Map<QName, Serializable> before, Map<QName, Serializable> after)
|
|
{
|
|
String uidBefore = DefaultTypeConverter.INSTANCE.convert(String.class, before.get(ContentModel.PROP_USERNAME));
|
|
if (uidBefore == null)
|
|
{
|
|
// Node has just been created; nothing to do
|
|
return;
|
|
}
|
|
String uidAfter = DefaultTypeConverter.INSTANCE.convert(String.class, after.get(ContentModel.PROP_USERNAME));
|
|
if (!EqualsHelper.nullSafeEquals(uidBefore, uidAfter))
|
|
{
|
|
// Only allow UID update if we are in the special split processing txn or we are just changing case
|
|
if (AlfrescoTransactionSupport.getResource(KEY_ALLOW_UID_UPDATE) != null || uidBefore.equalsIgnoreCase(uidAfter))
|
|
{
|
|
if (uidBefore != null)
|
|
{
|
|
// Fix any ACLs
|
|
aclDao.renameAuthority(uidBefore, uidAfter);
|
|
}
|
|
|
|
|
|
// Fix primary association local name
|
|
QName newAssocQName = QName.createQName("cm", uidAfter.toLowerCase(), namespacePrefixResolver);
|
|
ChildAssociationRef assoc = nodeService.getPrimaryParent(nodeRef);
|
|
nodeService.moveNode(nodeRef, assoc.getParentRef(), assoc.getTypeQName(), newAssocQName);
|
|
|
|
// Fix other non-case sensitive parent associations
|
|
QName oldAssocQName = QName.createQName("cm", uidBefore, namespacePrefixResolver);
|
|
newAssocQName = QName.createQName("cm", uidAfter, namespacePrefixResolver);
|
|
for (ChildAssociationRef parent : nodeService.getParentAssocs(nodeRef))
|
|
{
|
|
if (!parent.isPrimary() && parent.getQName().equals(oldAssocQName))
|
|
{
|
|
nodeService.removeChildAssociation(parent);
|
|
nodeService.addChild(parent.getParentRef(), parent.getChildRef(), parent.getTypeQName(), newAssocQName);
|
|
}
|
|
}
|
|
|
|
// Fix cache
|
|
personCache.remove(uidBefore.toLowerCase());
|
|
}
|
|
else
|
|
{
|
|
throw new UnsupportedOperationException("The user name on a person can not be changed");
|
|
}
|
|
}
|
|
}
|
|
}
|