mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-06-30 18:15:39 +00:00
4872eb9909
20678: DAO5 branch: Preparation for merge back to HEAD
20689: Merged DAO4 to DAO5
- Removed all 'dbscripts/create/3.x/SomeDialect' and replaced with 'dbscripts/create/SomeDialect'
DB create scripts are taken from latest DAO4
- TODO: FixAuthoritiesCrcValuesPatch needs query implementation in PatchDAO
Merged DAO3 to DAO4
- Reapplied fixes for ALF-713 (race condition on Usages)
19350: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-2 to BRANCHES/DEV/V3.3-DAO-REFACTOR-3:
18939: SAIL-4 :2nd stage branch for DAO refactor off HEAD rev 18898
18948: Merged V3.3-DAO-REFACTOR to V3.3-DAO-REFACTOR-2
18202: Dev branch for DAO refactor
18252: SAIL-233: QName.hbm.xml
18295: Added missing CREATE TABLE statements for QName-related code
18324: SAIL-234: Node.hbm.xml: Node aspects initial integration
18355: Added 'setValue' method to manually update the cached value
18356: MV property stressing lowered to speed test up
18357: SAIL-234: Node.hbm.xml
18376: Pulled all Alfresco-related create SQL into script
18389: SAIL-234: Permissions DAO refactor - initial checkpoint
18390: Formatting only (line-endings)
18400: SAIL-234: Node.hbm.xml
18418: SAIL-234: Node.hbm.xml: 'alf_node_assoc' CRUD
18429: SAIL-234: Node.hbm.xml: Cleaned out all Hibernate references to NodeAssocImpl
18457: SAIL-234: Permissions DAO refactor
18959: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18479: SAIL-234: Node.hbm.xml - fix updateNode (missing id when saving oldDummyNode)
18482: SAIL-235: remove Permissions.hbm.xml
18517: SAIL-235: Permissions DAO refactor
18523: SAIL-234: Node.hbm.xml
18524: SAIL-235: Permissions DAO refactor
18960: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18533: Flipped back to Windows line endings
18535: Formatting-only (eol)
18540: Formatting-only (eol)
18541: SAIL-235: Permissions DAO refactor
18543: SAIL-234: Node.hbm.xml: Start alf_store changes
18567: SAIL-235: Permissions DAO refactor
18596: SAIL-305: Alfresco DDL - formatted/rationalized and added missing indexes & fk constraints
18603: SAIL-311: Minor cleanup for schema upgrade scripts (V3.3)
18604: SAIL-311: Remove empty dirs
18619: SAIL-274: Locale.hbm.xml
18621: Added method to create default ACL
18622: SAIL-234: Node.hbm.xml: Store, Transaction, Server and some node
18624: Formatting only (eol)
18631: SAIL-235: Permissions DAO refactor
18633: SAIL-235: Permissions DAO refactor - do not expose CRUD for AceContext (or AuthorityAlias) since currently unused
18639: getLocale(Locale) should return null if it doesn't exist
18640: SAIL-234 NodeDAO: More replacement of node queries and updates
18648: SAIL-310: Create SQL script for core repo tables (All DB ports)
18651: SAIL-234 NodeDAO: Moves across stores handle presence of target deleted nodes
18961: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18658: SAIL-274 Locale DAO: Missing getValueKey() method
18662: SAIL-235: Permissions DAO refactor - further cleanup (of DbAccessControlList usage, including copyACLs)
18664: DB scripts porting for PostgreSQL finished.
18668: SAIL-234 Node DAO: Note in case Transaction Change ID is dropped from indexes
18669: SAIL-234 Node DAO: deleteNode and archive (store move) fixes
18672: DB scripts porting for Oracle finished.
18675: SAIL-235: Permissions DAO refactor
18677: DB scripts porting for DB2 finished.
18964: Merged DEV/V3.3-DAO-REFACTOR to DEV/V3.3-DAO-REFACTOR-2
18687: Execute a callback with retries
18688: SAIL-234 Node DAO: Child association creation
18690: SAIL-234 Node DAO: Comment out raw creation of stores as it breaks subsequent bootstrap checks
18691: SAIL-234 Node DAO: More replacement of alf_child_assoc handling
18713: Commented about needing a more efficient removeChildAssociation method
18714: SAIL-234 Node DAO: Replaced queries on alf_child_assoc
18715: SAIL-234 Node DAO: More alf_child_assoc query replacement
18727: SAIL-234 Node DAO: alf_child_assoc queries complete
18737: SAIL-234 Node DAO: Tweaks to newNode and implemented prependPaths
18741: SAIL-234 and SAIL-334: Moved UsageDelta Hibernate code and queries over to UsageDeltaDAO
18748: SAIL-234 Node DAO: fix NPE (EditionServiceImplTest)
18769: SAIL-234 Node DAO: alf_node_properties ground work
18786: SAIL-234 Node DAO: alf_node_properties and cm:auditable properties
18810: Added EqualsHelper.getMapComparison
18813: TransactionalCache propagates cache clears and removals during rollback
18826: SAIL-234 Node DAO: Moved over sundry references to NodeDaoService to NodeDAO
18849: SAIL-237: UsageDelta.hbm.xml - eol formatting only (including removal of unwanted svn:eol-style=native property)
18869: SAIL-234 NodeDAO: Fixed more references to 'nodeDaoService'
18895: SAIL-234 NodeDAO: Queries for alf_transaction
18899: SAIL-234 Node DAO: Fixed bean fetching for 'nodeDAO'
18909: SAIL-234 NodeDAO: Fixes to getNodeRefStatus and various txn queries
18916: SAIL-234 NodeDAO: Fixed moveNode alf_child_assoc updates
18922: SAIL-235: DAO refactoring: Permission.hbm.xml
18930: SAIL-235: DAO refactoring: Permission.hbm.xml
18932: SAIL-234 NodeDAO: Fixing up gotchas, javadocs and some naming
18933: SAIL-234 NodeDAO: Minor neatening
18935: SAIL-234 Node DAO: Caches for ID to NodeRef and StoreRef
18936: EHCache config files line endings
18938: SAIL-237: Usage DAO refactor - initial checkpoint
18945: SAIL-235: DAO refactoring: Permission.hbm.xml. Move Node.
18975: Fix for move-node ACL jiggery-pokery
19067: SAIL-4: fix VersionHistoryImpl.getSuccessors (causing VersionServiceImplTest.testGetVersionHistorySameWorkspace failure)
19068: SAIL-234: fix VersionMigratorTest.testMigrateOneVersion
19074: SAIL-237: Usage DAO - update to common iBatis mapping pattern(s) to ease DB porting
19076: SAIL-231: Activities DAO - update to common iBatis mapping pattern(s)
19077: SAIL-232: AppliedPatch DAO - minor cleanup (comments & formatting only)
19092: Merging HEAD to DEV/V3.3-DAO-REFACTOR-2
18973: Temporarily comment out AVMTestSuite and run AVM tests individually
19056: AVM unit test improvements
19097: SAIL-235: DAO refactoring: Permission.hbm.xml: Additional index to support queries to find the id and acl id for the primary children of a node.
19185: SAIL-238: Permissions DAO - (minor) update to common iBatis mapping pattern
19289: SAIL-234 NodeDAO: Node cache replaces NodeRef cache
19302: SAIL-234 Node DAO: Added cache for node properties
19318: SAIL-4: AVM DAO - (minor) update to common iBatis mapping pattern
20690: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-4 to BRANCHES/DEV/V3.3-DAO-REFACTOR-5:
20063: (RECORD ONLY) DAO refactor branch V4
20146: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19401: SAIL-234 Node DAO: Fix permission service tests (setPrimaryChildrenSharedAclId needs to invalidate nodesCache)
19428: Fixed TransactionalCache issue with null and NullValueMarker
19429: Took empty cm:content creation out of FileFolderService#createImpl
19430: SAIL-234 Node DAO: Tweaks around caching and cm:auditable
19431: SAIL-4 DAO Refactor: Exception thrown when attempting writes in read-only txn have changed
19436: SAIL-234 Node DAO: Fix NPE during cm:auditable update
19475: Allow debugging of code without stepping into trivial stuff
19476: Follow-up on 19429 by ensuring CIFS/FTP set a mimetype on the ContentWriter
19477: SAIL-234 Node DAO: Leverage DAO better for NodeService.addProperties
19478: SAIL-234 NodeDAO: Added toString() for ParentAssocsInfo (cache value for parent assocs)
19479: SAIL-234 Node DAO: Fixed for parent association and property caches
19480: Made TransactionAwareSingleton bind-key a GUID
19481: SAIL-234 Node DAO: Reinstated 100K collection property tests
19482: SAIL-234 Node DAO: Node and property cache fixes highlighted by unit tests
19483: SAIL-234 Node DAO: Start on NodeBulkLoader implementation
19595: SAIL-234 Node DAO: Fix moveNode to detect cyclic relationship prior to updating ACLs for moved tree FileFolderServiceImplTest.testETHREEOH_3088_MoveIntoSelf)
20147: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19602: (RECORD ONLY) Reintegrated with HEAD up to rev 19433
19621: (RECORD ONLY) SAIL-347
19683: (RECORD ONLY) Reverse-merged 19621 for SAIL-347
19722: (RECORD ONLY) Merged /alfresco/HEAD:r19434-19721
20150: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19741: Merged DEV\V3.3-DAO-REFACTOR-2 to DEV\V3.3-DAO-REFACTOR-3
19739: Extended "move" tests
19743: Fix AuditableAspectTest.testAddAspect (to allow for node modified date tolerance)
19748: Remaining part of merge from HEAD to V3.3-DAO-REFACTOR-3
19367: Merged BRANCHES/V3.2 to HEAD:
19286: Fix for ALF-626 "Using 'null' as an authority argument in clearPermissions() cause a java.lang.NullPointerException"
19755: SAIL-234 Node DAO: Fix RepoAdminServiceImplTest.testConcurrentDynamicModelDelete (handle InvalidNodeRefException after getChildAssocs)
20692: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-4 to BRANCHES/DEV/V3.3-DAO-REFACTOR-5:
- Retired all 1.3 and 1.4 upgrade scripts ... R.I.P.
- Fixed CRC patch for Authorities (only tested on MySQL)
- Fixed SQL patch revision numbers and bumped version schema number up
20158: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
19773: SQL mappings and scripts: SAIL-310, SAIL-304, SAIL-303 and SAIL-347
19774: Futher fix for SAIL-310: Sequence patch must take into account sequences created for 3.3
19851: SAIL-371 (SAIL-294) NodeDAO fallout: Fix QName and Namespace read/write handling and bean name in unit test
20183: Merged DAO3 to DAO4
19852: SAIL-370: Remove LinkValidation
19853: SAIL-239 (SAIL-294) Attributes.hbm.xml: Added ability to attach arbitrary property to unique context
19857: SAIL-373 Fallout from Permissions DAO refactor (SAIL-235)
19864: SAIL-239 (SAIL-294): Removed AttributeService RMI API
19865: More SAIL-239 (SAIL-294): Removed AttributeService RMI API
20208: DAO-refactor implementation of ALF-2712 query improvements
20209: Merged BRANCHES/DEV/V3.3-DAO-REFACTOR-3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
20060: Removal of AttributeService for SAIL-239 (SAIL-294)
20348: SAIL-371 (SAIL-294): Protect collection properties during map insert and retrieval
20547: SAIL-371 (SAIL-294) Attributes.hbm.xml: implement getAttributes + fixes
20573: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests and other fallout
20597: SAIL-239 Attributes.hbm.xml: WCM/AVM locking test fixes (wip)
20598: SAIL-239 Attributes.hbm.xml: WCM/AVM locking test fixes (wip) - fix AssetServiceImplTest.testSimpleLockFile NPE
20600: Fix PropertyValueDAOTest.testPropertyValue_Enum (follow-on to r20060 for SAIL-239 - which introduces ENUM prop vals)
20601: Fix UsageDAOTest.testCreateAndDeleteUsageDeltas NPE (would also affect ContentStoreCleanerScalabilityRunner)
20603: Fix CMISPropertyServiceTest.* (fallout from r20146 <- r19429 <- Took empty cm:content creation out of FileFolderService#createImpl)
20604: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - TransferServiceImplTest.*
20618: SAIL-371 (SAIL-294): NodeDAO: AuditableAspectTest (fix testCreateNodeWithAuditableProperties_ALF_2565 + add remove aspect test)
20624: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - UserUsageTest.*
20626: Fixed random keys for RuleTrigger NodeRef tracking
20635: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - PersonTest.testSplitDuplicates
20642: SAIL-371 (SAIL-294) DAO: Fixed CacheTest
20643: Removed must of the 'distribute' target's dependencies. Not for HEAD
20645: Follow-on to r20643 (Removed most of the 'distribute' target's dependencies. Not for HEAD)
20654: SAIL-371 (SAIL-294): NodeDAO: DMDeploymentTargetTest.* (do not try to remove mandatory aspects)
20655: SAIL-371 (SAIL-294): NodeDAO: Initial fix for TaggingServiceImplTest.testTagScopeUpdateViaNodePolicies (+ minor test cleanup)
20657: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - VersionMigratorTest.testMigrateOneVersion (cm:accessed not returned if null)
20658: Merged (back merge only - no merge info) BRANCHES/V3.3 to BRANCHES/DEV/V3.3-DAO-REFACTOR-4:
20090: Dynamic models: minor improvements to DictionaryModelType
20554: Improvement to model delete validation (investigating intermittent failure of RepoAdminServiceImplTest.testSimpleDynamicModelViaNodeService)
20662: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - RecordsManagementAuditServiceImplTest.* (we now ignore attempt to update 'cm:modifier' prop so update 'cm:title' prop instead)
20666: SAIL-371 (SAIL-294): NodeDAO: Fix unit tests - ADMLuceneTest.*
20668: SAIL-239 (SAIL-294) - delete WCM locks + tests (follow-on to r20060)
20674: SAIL-371 (SAIL-294) NodeDAO fallout: Cleaner and additional checks for ContentStoreCleaner
20675: SAIL-371 (SAIL-294) NodeDAO fallout: Fixed handling of ContentData
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20693 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
568 lines
20 KiB
Java
568 lines
20 KiB
Java
/*
|
|
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
package org.alfresco.repo.avm.locking;
|
|
|
|
import java.io.Serializable;
|
|
import java.util.ArrayList;
|
|
import java.util.Arrays;
|
|
import java.util.HashMap;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
|
|
import org.alfresco.model.WCMAppModel;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.service.cmr.attributes.AttributeService;
|
|
import org.alfresco.service.cmr.attributes.DuplicateAttributeException;
|
|
import org.alfresco.service.cmr.attributes.AttributeService.AttributeQueryCallback;
|
|
import org.alfresco.service.cmr.avm.AVMBadArgumentException;
|
|
import org.alfresco.service.cmr.avm.locking.AVMLockingException;
|
|
import org.alfresco.service.cmr.avm.locking.AVMLockingService;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.search.ResultSet;
|
|
import org.alfresco.service.cmr.search.SearchService;
|
|
import org.alfresco.service.cmr.security.AuthorityService;
|
|
import org.alfresco.service.cmr.security.AuthorityType;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.service.namespace.NamespaceService;
|
|
import org.alfresco.util.EqualsHelper;
|
|
import org.alfresco.util.ParameterCheck;
|
|
import org.alfresco.wcm.util.WCMUtil;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
/**
|
|
* Implementation of the lock service.
|
|
*
|
|
* @author Derek Hulley, janv
|
|
*/
|
|
public class AVMLockingServiceImpl implements AVMLockingService
|
|
{
|
|
public static final String KEY_AVM_LOCKS = ".avm_locks";
|
|
public static final String KEY_LOCK_OWNER = "lock-owner";
|
|
|
|
private static final String ROLE_CONTENT_MANAGER = "ContentManager";
|
|
|
|
private static final Log logger = LogFactory.getLog(AVMLockingServiceImpl.class);
|
|
|
|
private String webProjectStore;
|
|
private SearchService searchService;
|
|
private AttributeService attributeService;
|
|
private AuthorityService authorityService;
|
|
private PersonService personService;
|
|
private NodeService nodeService;
|
|
|
|
/**
|
|
* @param webProjectStore The webProjectStore to set
|
|
*/
|
|
public void setWebProjectStore(String webProjectStore)
|
|
{
|
|
this.webProjectStore = webProjectStore;
|
|
}
|
|
|
|
/**
|
|
* @param attributeService the service to persist attributes
|
|
*/
|
|
public void setAttributeService(AttributeService attributeService)
|
|
{
|
|
this.attributeService = attributeService;
|
|
}
|
|
|
|
/**
|
|
* @param authorityService the service to check validity of usernames
|
|
*/
|
|
public void setAuthorityService(AuthorityService authorityService)
|
|
{
|
|
this.authorityService = authorityService;
|
|
}
|
|
|
|
/**
|
|
* @param personService checks validity of person names
|
|
*/
|
|
public void setPersonService(PersonService personService)
|
|
{
|
|
this.personService = personService;
|
|
}
|
|
|
|
public void setSearchService(SearchService searchService)
|
|
{
|
|
this.searchService = searchService;
|
|
}
|
|
|
|
public void setNodeService(NodeService nodeService)
|
|
{
|
|
this.nodeService = nodeService;
|
|
}
|
|
|
|
/**
|
|
* Appends the lock owner to the lock data.
|
|
*/
|
|
private HashMap<String, String> createLockAttributes(String lockOwner, Map<String, String> lockData)
|
|
{
|
|
HashMap<String, String> lockAttributes = new HashMap<String, String>(lockData);
|
|
lockAttributes.put(KEY_LOCK_OWNER, lockOwner);
|
|
return lockAttributes;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void lock(String avmStore, String path, String lockOwner, Map<String, String> lockData)
|
|
{
|
|
ParameterCheck.mandatoryString("avmStore", avmStore);
|
|
ParameterCheck.mandatoryString("path", path);
|
|
ParameterCheck.mandatoryString("lockOwner", lockOwner);
|
|
path = AVMLockingServiceImpl.normalizePath(path);
|
|
|
|
if (!authorityService.authorityExists(lockOwner) &&
|
|
!personService.personExists(lockOwner))
|
|
{
|
|
throw new AVMBadArgumentException("Not an Authority: " + lockOwner);
|
|
}
|
|
|
|
LockState lockState = getLockState(avmStore, path, lockOwner);
|
|
switch (lockState)
|
|
{
|
|
case LOCK_NOT_OWNER:
|
|
throw new AVMLockingException("avmlockservice.locked", path, lockOwner);
|
|
case NO_LOCK:
|
|
// Lock it, assuming that the lock doesn't exist (concurrency-safe).
|
|
try
|
|
{
|
|
HashMap<String, String> lockAttributes = createLockAttributes(lockOwner, lockData);
|
|
attributeService.createAttribute(
|
|
lockAttributes,
|
|
KEY_AVM_LOCKS, avmStore, path);
|
|
}
|
|
catch (DuplicateAttributeException e)
|
|
{
|
|
String currentLockOwner = getLockOwner(avmStore, path);
|
|
// Should trigger a retry, hence we pass the exception out
|
|
throw new AVMLockingException(e, "avmlockservice.locked", path, currentLockOwner);
|
|
}
|
|
break;
|
|
case LOCK_OWNER:
|
|
// Nothing to do
|
|
break;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean modifyLock(
|
|
String avmStore, String path, String lockOwner,
|
|
String newAvmStore, String newPath,
|
|
Map<String, String> lockData)
|
|
{
|
|
ParameterCheck.mandatoryString("avmStore", avmStore);
|
|
ParameterCheck.mandatoryString("path", path);
|
|
ParameterCheck.mandatoryString("lockOwner", lockOwner);
|
|
ParameterCheck.mandatoryString("newAvmStore", newAvmStore);
|
|
ParameterCheck.mandatoryString("newPath", newPath);
|
|
path = AVMLockingServiceImpl.normalizePath(path);
|
|
newPath = AVMLockingServiceImpl.normalizePath(newPath);
|
|
|
|
LockState currentLockState = getLockState(avmStore, path, lockOwner);
|
|
switch (currentLockState)
|
|
{
|
|
case LOCK_NOT_OWNER:
|
|
case LOCK_OWNER:
|
|
if (currentLockState.equals(LockState.LOCK_NOT_OWNER))
|
|
{
|
|
// The lock is held by another user
|
|
if (! AuthenticationUtil.isRunAsUserTheSystemUser())
|
|
{
|
|
String currentLockOwner = getLockOwner(avmStore, path);
|
|
throw new AVMLockingException("avmlockservice.locked", path, currentLockOwner);
|
|
}
|
|
}
|
|
// Remove the lock first
|
|
attributeService.removeAttribute(KEY_AVM_LOCKS, avmStore, path);
|
|
HashMap<String, String> lockAttributes = createLockAttributes(lockOwner, lockData);
|
|
attributeService.setAttribute(
|
|
lockAttributes,
|
|
KEY_AVM_LOCKS, newAvmStore, newPath);
|
|
return true;
|
|
case NO_LOCK:
|
|
// Do nothing
|
|
return false;
|
|
default:
|
|
throw new IllegalStateException("Unexpected enum constant");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public String getLockOwner(String avmStore, String path)
|
|
{
|
|
ParameterCheck.mandatoryString("path", path);
|
|
path = AVMLockingServiceImpl.normalizePath(path);
|
|
|
|
Map<String, String> lockAttributes = getLockData(avmStore, path);
|
|
if (lockAttributes == null)
|
|
{
|
|
return null;
|
|
}
|
|
else if (!lockAttributes.containsKey(KEY_LOCK_OWNER))
|
|
{
|
|
logger.warn("AVM lock does not have a lock owner: " + avmStore + "-" + path);
|
|
return null;
|
|
}
|
|
return lockAttributes.get(KEY_LOCK_OWNER);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
@SuppressWarnings("unchecked")
|
|
public Map<String, String> getLockData(String avmStore, String path)
|
|
{
|
|
ParameterCheck.mandatoryString("avmStore", avmStore);
|
|
ParameterCheck.mandatoryString("path", path);
|
|
path = AVMLockingServiceImpl.normalizePath(path);
|
|
|
|
Map<String, String> lockAttributes = (Map<String, String>) attributeService.getAttribute(
|
|
KEY_AVM_LOCKS, avmStore, path);
|
|
return lockAttributes;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public LockState getLockState(String avmStore, String path, String lockOwner)
|
|
{
|
|
ParameterCheck.mandatoryString("avmStore", avmStore);
|
|
ParameterCheck.mandatoryString("lockOwner", lockOwner);
|
|
path = AVMLockingServiceImpl.normalizePath(path);
|
|
|
|
String currentLockOwner = getLockOwner(avmStore, path);
|
|
if (currentLockOwner == null)
|
|
{
|
|
return LockState.NO_LOCK;
|
|
}
|
|
else if (currentLockOwner.equals(lockOwner))
|
|
{
|
|
return LockState.LOCK_OWNER;
|
|
}
|
|
else
|
|
{
|
|
return LockState.LOCK_NOT_OWNER;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void removeLock(String avmStore, String path)
|
|
{
|
|
ParameterCheck.mandatoryString("avmStore", avmStore);
|
|
ParameterCheck.mandatoryString("path", path);
|
|
path = AVMLockingServiceImpl.normalizePath(path);
|
|
|
|
attributeService.removeAttribute(KEY_AVM_LOCKS, avmStore, path);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void removeLocks(String avmStore)
|
|
{
|
|
ParameterCheck.mandatoryString("avmStore", avmStore);
|
|
|
|
attributeService.removeAttributes(KEY_AVM_LOCKS, avmStore);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void removeLocks(String avmStore, String dirPath, final Map<String, String> lockDataToMatch)
|
|
{
|
|
ParameterCheck.mandatoryString("avmStore", avmStore);
|
|
ParameterCheck.mandatory("lockDataToMatch", lockDataToMatch);
|
|
|
|
final String dirPathStart;
|
|
if (dirPath == null)
|
|
{
|
|
dirPathStart = null;
|
|
}
|
|
else
|
|
{
|
|
dirPath = normalizePath(dirPath);
|
|
if (! dirPath.endsWith("/"))
|
|
{
|
|
dirPath = dirPath + '/';
|
|
}
|
|
|
|
dirPathStart = dirPath;
|
|
}
|
|
|
|
final List<String> pathKeys = new ArrayList<String>(10);
|
|
|
|
AttributeQueryCallback callback = new AttributeQueryCallback()
|
|
{
|
|
@SuppressWarnings("unchecked")
|
|
public boolean handleAttribute(Long id, Serializable value, Serializable[] keys)
|
|
{
|
|
if (keys.length != 3 || !EqualsHelper.nullSafeEquals(keys[0], KEY_AVM_LOCKS) || keys[1] == null || keys[2] == null || value == null)
|
|
{
|
|
logger.warn("Unexpected AVM lock attribute: \n" +
|
|
" id: " + id + "\n" +
|
|
" keys: " + Arrays.toString(keys) + "\n" +
|
|
" value: " + value);
|
|
return true;
|
|
}
|
|
|
|
Map<String, String> lockData = (Map<String, String>) value;
|
|
|
|
for (Map.Entry<String, String> entry : lockDataToMatch.entrySet())
|
|
{
|
|
String lockDataValue = lockData.get(entry.getKey());
|
|
if (lockDataValue != null)
|
|
{
|
|
if (! lockDataValue.equals(entry.getValue()))
|
|
{
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
|
|
String pathKey = (String)keys[2];
|
|
|
|
if (dirPathStart == null || pathKey.startsWith(dirPathStart))
|
|
{
|
|
pathKeys.add(pathKey);
|
|
}
|
|
|
|
// Continue
|
|
return true;
|
|
}
|
|
};
|
|
|
|
attributeService.getAttributes(callback, KEY_AVM_LOCKS, avmStore);
|
|
|
|
for (String pathKey : pathKeys)
|
|
{
|
|
attributeService.removeAttribute(KEY_AVM_LOCKS, avmStore, pathKey);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void removeLocks(String avmStore, final Map<String, String> lockDataToMatch)
|
|
{
|
|
removeLocks(avmStore, null, lockDataToMatch);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean hasAccess(String webProject, String avmPath, String lockOwner)
|
|
{
|
|
if (personService.getPerson(lockOwner) == null && !authorityService.authorityExists(lockOwner))
|
|
{
|
|
return false;
|
|
}
|
|
if (authorityService.isAdminAuthority(lockOwner))
|
|
{
|
|
return true;
|
|
}
|
|
StoreRef storeRef = new StoreRef(this.webProjectStore);
|
|
ResultSet results = searchService.query(
|
|
storeRef,
|
|
SearchService.LANGUAGE_LUCENE,
|
|
"@wca\\:avmstore:\"" + webProject + '"');
|
|
try
|
|
{
|
|
if (results.getNodeRefs().size() == 1)
|
|
{
|
|
return hasAccess(webProject, results.getNodeRefs().get(0), avmPath, lockOwner);
|
|
}
|
|
return false;
|
|
}
|
|
finally
|
|
{
|
|
results.close();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean hasAccess(NodeRef webProjectRef, String avmPath, String lockOwner)
|
|
{
|
|
if (personService.getPerson(lockOwner) == null &&
|
|
!authorityService.authorityExists(lockOwner))
|
|
{
|
|
return false;
|
|
}
|
|
if (authorityService.isAdminAuthority(lockOwner))
|
|
{
|
|
return true;
|
|
}
|
|
String webProject = (String)nodeService.getProperty(webProjectRef, WCMAppModel.PROP_AVMSTORE);
|
|
return hasAccess(webProject, webProjectRef, avmPath, lockOwner);
|
|
}
|
|
|
|
private boolean hasAccess(String webProject, NodeRef webProjectRef, String avmPath, String lockOwner)
|
|
{
|
|
String[] storePath = avmPath.split(":");
|
|
if (storePath.length != 2)
|
|
{
|
|
throw new AVMBadArgumentException("Malformed AVM Path : " + avmPath);
|
|
}
|
|
|
|
if (logger.isDebugEnabled())
|
|
logger.debug(
|
|
"Testing lock access on path: " + avmPath +
|
|
" for user: " + lockOwner + " in webproject: " + webProject);
|
|
|
|
// check if a lock exists at all for this path in the specified webproject id
|
|
String path = normalizePath(storePath[1]);
|
|
|
|
Map<String, String> lockData = getLockData(webProject, path);
|
|
|
|
if (lockData == null)
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
logger.debug(" GRANTED: No lock found.");
|
|
return true;
|
|
}
|
|
|
|
String currentLockOwner = lockData.get(KEY_LOCK_OWNER);
|
|
String currentLockStore = lockData.get(WCMUtil.LOCK_KEY_STORE_NAME);
|
|
|
|
|
|
// locks are ignored in a workflow store
|
|
if (storePath[0].contains("--workflow"))
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
logger.debug(" GRANTED: Workflow store path.");
|
|
return true;
|
|
}
|
|
|
|
// locks are specific to a store - no access if the stores are different
|
|
if (! ((currentLockStore != null) && (currentLockStore.equals(storePath[0]))))
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
logger.debug(" DENIED: Store on path and lock (" + currentLockStore + ") do not match.");
|
|
return false;
|
|
}
|
|
|
|
// check for content manager role - we allow access to all managers within the same store
|
|
// TODO as part of WCM refactor, consolidate with WebProject.getWebProjectUserRole
|
|
StringBuilder query = new StringBuilder(128);
|
|
query.append("+PARENT:\"").append(webProjectRef).append("\" ");
|
|
query.append("+TYPE:\"").append(WCMAppModel.TYPE_WEBUSER).append("\" ");
|
|
query.append("+@").append(NamespaceService.WCMAPP_MODEL_PREFIX).append("\\:username:\"");
|
|
query.append(lockOwner);
|
|
query.append("\"");
|
|
ResultSet resultSet = searchService.query(
|
|
new StoreRef(this.webProjectStore),
|
|
SearchService.LANGUAGE_LUCENE,
|
|
query.toString());
|
|
List<NodeRef> nodes = resultSet.getNodeRefs();
|
|
resultSet.close();
|
|
|
|
if (nodes.size() == 1)
|
|
{
|
|
String userrole = (String)nodeService.getProperty(nodes.get(0), WCMAppModel.PROP_WEBUSERROLE);
|
|
if (ROLE_CONTENT_MANAGER.equals(userrole))
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("GRANTED: Store match and user is ContentManager role in webproject.");
|
|
}
|
|
return true;
|
|
}
|
|
}
|
|
else if (nodes.size() == 0)
|
|
{
|
|
logger.warn("hasAccess: user role not found for " + lockOwner);
|
|
}
|
|
else
|
|
{
|
|
logger.warn("hasAccess: more than one user role found for " + lockOwner);
|
|
}
|
|
|
|
// finally check the owner of the lock against the specified authority
|
|
if (AuthorityType.getAuthorityType(currentLockOwner) == AuthorityType.EVERYONE)
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
logger.debug(" GRANTED: Authority EVERYONE matched lock owner.");
|
|
return true;
|
|
}
|
|
|
|
if (checkAgainstAuthority(lockOwner, currentLockOwner))
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
logger.debug(" GRANTED: User matched as lock owner.");
|
|
return true;
|
|
}
|
|
|
|
if (logger.isDebugEnabled())
|
|
logger.debug(" DENIED: User did not match as lock owner.");
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Helper function that checks the transitive closure of authorities for user.
|
|
*/
|
|
private boolean checkAgainstAuthority(String user, String authority)
|
|
{
|
|
if (user.equalsIgnoreCase(authority))
|
|
{
|
|
return true;
|
|
}
|
|
Set<String> containing = authorityService.getContainingAuthorities(null, user, false);
|
|
for (String parent : containing)
|
|
{
|
|
if (parent.equalsIgnoreCase(authority))
|
|
{
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Utility to get relative paths into canonical form.
|
|
*
|
|
* @param path The incoming path.
|
|
* @return The normalized path.
|
|
*/
|
|
public static String normalizePath(String path)
|
|
{
|
|
while (path.startsWith("/"))
|
|
{
|
|
path = path.substring(1);
|
|
}
|
|
while (path.endsWith("/"))
|
|
{
|
|
path = path.substring(0, path.length() - 1);
|
|
}
|
|
return path.replaceAll("/+", "/");
|
|
}
|
|
}
|