mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-07 18:25:23 +00:00
fb887123ea
44918: Fix for ALF-14850 Opencmis getTotalNumItems doesn't return the correct result when setting MaxItemsPerPage
- correctly report the max number of items
44927: ALF-16254 ("Leave Site" behaviour for group based site membership)
44931: Merged V3.4-BUG-FIX to V4.1-BUG-FIX (RECORD ONLY)
44930: Merged V3.4 (3.4.12) to V3.4-BUG-FIX
44929: Merged V4.1-BUG-FIX to V3.4 (3.4.12)
42118: ALF-15878 ALF-15741: generate doc and src zip for web-framework-commons and jlan
44939: Remove svn:mergeinfo
44985: Merged DEV to V4.1-BUG-FIX
44981: ALF-17085 : DB2: unexpected index found in database
Correcting db structure after upgrade from 3.4. Optional statement was added.
44988: Merged DEV to V4.1-BUG-FIX
44937: ALF-16756: WebDAV: An error occurs on drag&drop content from local machine to alfresco when inbound move rule configured.
Add check for content data length during determining existence of content on node.
44989: Merged PATCHES/V4.1.3 to V4.1-BUG-FIX
44984: Merged DEV to PATCHES/V4.1.3
44983: ALF-12425: Can't launch activiti workflow console from Share when external / ntlm / kerberos authentication is used.
In activiti-admin.get.js generated an absolute URL . Use url.server + url.context instead of /alfresco.
44986: (RECORD ONLY) Merged DEV to PATCHES/V4.1.3
44937: ALF-16756: WebDAV: An error occurs on drag&drop content from local machine to alfresco when inbound move rule configured.
Add check for content data length during determining existence of content on node.
44987: ALF-17331 60k Site Performance: Admin Console | Groups | Browse Groups (include sys groups): Pagination doesn't work correctly
45008: ALF-17300 - ConcurrentModificationException
45011: BDE-103 - Timezone test fail when not run from the UK (at least from Maven build)
45054: Merged from DEV to V4.1-BUG-FIX
ALF-13312 - If the license does not exist, please specify in the error message
45055: Fix for ALF-13921. Description of the web project is not updated.
45063: Slight improvement to test code as part of ALF-15413.
Changing test code to get companyHome from repositoryHelper rather than Lucene query, which doesn't work on a dev box with ill-configured SOLR/Lucene.
45170: Merged PATCHES\V4.1.3 to BRANCHES\DEV\V4.1-BUG-FIX
45161: Fix for ALF-17341 CLONE - Hyphen not handled correctly in cmis-alfresco search for Aspects/types : " no viable alternative at character 'a' "
45192: Merged BRANCHES/DEV/V3.4-BUG-FIX to BRANCHES/DEV/V4.1-BUG-FIX:
45187: (RECORD ONLY) Fix for ALF-16997 Discrepancies between standalone and cluster ehcache config
45312: Merged V4.0.2 (4.0.2.23-24) to V4.1-BUG-FIX (4.1.4)
44912: MNT-248 - 4.0.2.22 HOT FIX: Extra version is created saving changes in OpenOffice document via CIFS
44964: Merged DEV to PATCHES/V4.0.2
44963: MNT-263 : CLONE - CIFS: Image document version history lost after saving content in Preview on Mac Mountain Lion
Fix for "Preview" shuffle scenario on Mac Mountain Lion. New ScenarioDoubleRenameShuffle scenario was added for pattern .*\.sb(-[A-Za-z0-9]*){2}. Unit test for correspomding scenario was added.
45037: Remove PID check from byte range lock list checks. MNT-266.
45286: MNT-277 - CIFS: Input/output error during saving ods file via OpenOffice. (Linux Specific)
45319: NORWEGIAN: Translation updates.
45338: Merged V4.1.3 (4.1.3) to V4.1-BUG-FIX (4.1.4)
45186: ALF-17303: fix naming mismatch when deploying alfresco-enterprise-repository artifactId to Maven
45247: Part 2: Better fix for ALF-16359 Fix SOLR logging in production and other environments
45265: ALF-17337 Read time out when browsing trash can
45298: ALF-17389: Merged: CLOUD1 to V4.1.3
45082: CLOUD-1139: Cloud feednotifier running on 2 boxes
- FeedNotifierImpl modified to use reliable lock refresh
- Added additional debug logging to AbstractUserNotifier just in case we have to prove duplicate entries are still being processed
- For full debug logging set
log4j.logger.org.alfresco.repo.activities.feed.FeedNotifier=debug
- Happy New Year!
45355: ALF-17389: Fix build error
45357: Fix for ALF-17430 CMIS valid relationships do not check the source and target are valid CMIS docs or folders.
45363: Merge CLOUD1-BUG-FIX to V4.1-BUG-FIX
42576 : Job Locking of PostLookup
45367: Build fix corrections to merge 45363
45381: ALF-17389 : Implementing Activities Job Lock.
45416: Merged V4.1.3 (4.1.3) to V4.1-BUG-FIX (4.1.4) RECORD ONLY
45415: ALF-17389: Merged V4.1-BUG-FIX to V4.1.3 (4.1.3)
<< Previous merge was to the wrong branch >>
45363: Merge CLOUD1-BUG-FIX to V4.1-BUG-FIX
42576 : Job Locking of PostLookup
45367: Build fix corrections to merge 45363
45381: ALF-17389 : Implementing Activities Job Lock.
45424: Merged BRANCHES/DEV/BELARUS/V4.1-BUG-FIX-2013_01_05 to BRANCHES/DEV/V4.1-BUG-FIX:
45235: ALF-15604 : Oracle: schema reference files missing nvarchar2 column sizes
45425: Merged BRANCHES/DEV/BELARUS/V4.1-BUG-FIX-2013_01_05 to BRANCHES/DEV/V4.1-BUG-FIX:
45236: ALF-15604 : Oracle: schema reference files missing nvarchar2 column sizes
45480: ALF-17224: There will not be a "pageList" object in the freemarker model if a wiki page does not exist in a site and the wiki dashlet will cause an error on the site
45482: Fixed ALF-11036, applied the patch, ran the tests.
45485: ALF-17224: If the wiki page which was configured in the wiki dashlet will be deleted the dashlet will cause an error. The result of the call must be checked.
45513: MNT-279: Use binary search in cached authority search to cut down search time when a group contains an astronomical number of authorities
- Experimental fix to cut down on severe profiling hit
45542: Fix for ALF-17443 - Contributors cannot edit their own discussion reply
--This line, and th se below, will be ignored--
M root/projects/remote-api/source/java/org/alfresco/repo/web/scripts/discussion/ForumPostPut.java
M root/projects/remote-api/source/java/org/alfresco/repo/web/scripts/discussion/DiscussionRestApiTest.java
45550: Merged V3.4-BUG-FIX to V4.1-BUG-FIX
44920: ALF-11315 removed date localisation on blogpost.lib.ftl dates and corrected date format on pubDate within postlist-rss.get.rss.ftl (iso8601 was being used instead of the required RFC822)
44936: Fix build
44967: Merged V3.4 to V3.4-BUG-FIX
44966: Merged PATCHES/V3.4.11 to V3.4 (3.4.12)
44891: ALF-17339: Merged DEV to V3.4.11 (3.4.11.2)
44877: MNT-265: possible improvement to Alfresco SQL query?
- Add getOneTxnsByCommitTimeDescending function that makes efficient query to find most recent transaction in time range.
44951: ALF-17325 / MNT-274: Merged HEAD to PATCHES/V3.4.11
33015: ALF-11837 - Alfresco 4.0 SMTP Inbound does not work with messages without From and To Headers.
45191: Merged BRANCHES/V3.4 to BRANCHES/DEV/V3.4-BUG-FIX:
45172: Fixed ALF-16140: Blank filetype icon is displayed for tiff image
45436: Merged HEAD to BRANCHES/DEV/V3.4-BUG-FIX:
31107: Google Docs SSL error
* Fixed SSL required error that has appeared recently.
* Google seemingly no longer supports non secure access to GDoc API.
* Default URL's fixed up.
45547: Merged V3.4 to V3.4-BUG-FIX
45166: ALF-17339: Merged V3.4.11 (3.4.11.4) to V3.4 (3.4.12)
45162: Merged DEV to V3.4.11 (3.4.11.4)
44877: MNT-275 Possible issue with MNT-265 fix
- SQL from original HF should have used < rather than <= for upper time limit.
45230: Merged DEV to V3.4 (3.4.12)
45203: ALF-16992 : patch.fixAclInheritance is failing on sharedAclsThatDoNotInheritCorrectlyFromThePrimaryParent
Ignoring of repeated ACL added
45233: Mark the NFS server as active during startup. ALF-16228.
45287: ALF-12145 Calendar autocomplete for advanced search form incorrectly handles zeros
45380: ALF-17461: There is different size of wcm-bootstrap-context.xml file from installer and archive
- Replicated changes from ALF-11644 to Bitrock-installed copy of wcm-bootstrap-context.xml
45454: ALF-17396, ALF-13805: Merged V4.1-BUG-FIX (4.1.4) to V3.4 (3.4.12)
Revision: 45452
Author: kroast
Date: 16 January 2013 09:59:45
Message:
Corrected config check for ALF-16413 - Share asks for Basic-Auth while not needed trying to access RSS feeds (thus breaking SSO).
----
Modified : /alfresco/BRANCHES/DEV/V4.1-BUG-FIX/root/projects/slingshot/source/java/org/alfresco/web/site/servlet/SlingshotFeedController.java
45491: Merge DEV to V3.4 (V3.4.12)
45473: ALF-11956: WCM accessibility
DOJO time picker has been fixed to allow selection of hours and minutes, using keyboard. Missing JavaScript key event handlers have been added.
CSS class checking has been fixed in 'alfresco.xforms.FocusResolver' in 'xforms.js' to support all versions of IE. Some other minor changes...
45543: Merged V4.1 to V3.4
44743: ALF-17533 / ALF-17117: Created article or publication cant be viewed on WQS site
- Further corrections to locking to avoid deadlocks
44682: ALF-17512 / ALF-17118 WQS: Impossible to upload document to publications space
- Only first part to do with the transformation failure has been committed.
44653: ALF-17533 / ALF-17117: Created article or publication cant be viewed on WQS site
- Missed file from previous checkin
44652: ALF-17533/ ALF-17117: Created article or publication cant be viewed on WQS site
- Fixes by Dmitry Vaserin
- Removed unnecessary outer read locks from getRelatedAssets and getRelatedAsset to prevent deadlock
- Correct markup error when node doesn't have tags
45546: ALF-17512: Corrections to property names by Pavel
45548: Merged V3.4 to V3.4-BUG-FIX (RECORD ONLY)
44977: Merged V3.4-BUG-FIX to V3.4
44936: Fix build
45553: Merged V3.4-BUG-FIX to V4.1-BUG-FIX (RECORD ONLY)
45523: Merged BRANCHES/DEV/V4.1-BUG-FIX to BRANCHES/DEV/V3.4-BUG-FIX:
45482: Fixed ALF-11036, applied the patch, ran the tests.
45557: Merged V3.4-BUG-FIX to V4.1-BUG-FIX (RECORD ONLY)
45556: Merged V3.4 to V3.4-BUG-FIX
45554: Latest translations from Gloria for revision 45205
45568: Merged PATCHES/V4.1.3 to V4.1-BUG-FIX
45421: Merged HEAD to PATCHES\V4.1.3
44243: Merged BRANCHES\DEV\AUTH_BRIDGE to HEAD
43735: Final part of ALF-14861 SOLR to scale for non-admin users in 100k sites and a subgroup of each of 1000 independent groupings with 1000 subgroups
ALF-17489 ALF-17456
45428: ALF-17455 : BM-0013: SOAK01_04: Activities Feed Cleaner query runs for minutes
45489: ALF-17455 : BM-0013: SOAK01_04: Activities Feed Cleaner query runs for minutes
45569: Merged PATCHES/V4.1.3 to V4.1-BUG-FIX (RECORD ONLY)
45564: ALF-17492: WebScript errors must contain useful information
- So doth Derek decree
- Copied in Surf revision 1217 changes as class local to share.war to avoid pulling in any more untested Surf changes
45591: ALF-17465 (Document "social buttons/actions" not showing in document library page while document is being edited (locked))
45601: ALF-17433 (Document detail version display incorrect document version when clicking on edit off line)
45611: ALF-17478 - MailMetadataExtracter does not store all Message-Recipient-Address
45622: Merged HEAD to BRANCHES/DEV/V4.1-BUG-FIX:
35614: ALF-17598: CLONE - Add range header support to the webDAV servlet
45633: ALF-17469: JSON message sent back to a client after a category creation is only partially JSON
--This line, and th se below, will be ignored--
M category.post.json.ftl
45641: Fix non-ASCII character in source comment
45649: ALF-17556 (Share not redering URL correctly in description field)
45650: Manually merged HEAD to BRANCHES/DEV/V4.1-BUG-FIX:
- Changes to StreamContent from merge of THOR1_SPRINTS to HEAD in r34698
45651: Merged HEAD to BRANCHES/DEV/V4.1-BUG-FIX:
45222: ALF-17599: CLONE - Support For HTTP Range Requests in Repository WebScripts
- Added HttpRangeProcessor.processRange which takes a WebScriptResponse parameter instead of HttpServletResponse
- Changed HttpRangeProcessor.processSingeRange and HttpRangeProcessor.processMultiRange to accept a generic Object parameter then cast to the appropriate WebScriptResponse or HttpServletResponse
- Added Javadoc to HttpRangeProcessor.processRange
- Changed StreamContent.streamContentImpl to add code from BaseDownloadContentServlet which does the work of processing the range header from the request
- Changed StreamContent.streamContentImpl method signature to accept nodeRef and propertyQName parameters needed for multi-range requests
- Modified methods which override or call StreamContent.streamContentImpl for new method signature, passing in nodeRef and propertyQName or nulls where appropriate
45655: Merged DEV to V4.1-BUG-FIX (4.1.4)
45565: ALF-17503 : Lucene search with skipcount > hits fails when RM is installed
Return a length=0 if a difference of values (count of finded results and results, that need to skip) is < 0
45672: ALF-17452 (Status can't be updated with a blank status)
45682: ALF-17444: Transformation of Outlook files (.msg) doesn't work ootb
45751: Merged DEV to VC4.1-BUG-FIX (4.1.4)
45748: ALF-17517: Document does not revert to previous version if certain rule is applied to the parent folder.
Check node existance on ActionExecuterAbstractBase execution. Add unit test for case when inbound rule executed on node that was checked in.
45758: ALF-12264: Fixed issue with pooled-tasks for groups with same name across tenants
45761: Block r45756 from being merged to V4.1-BUG-FIX
45765: Fix for ALF-17153 FTS query parser FTSQueryParser is not debuggable
45810: ALF-17520: Open Document templates are not tranformed properly for thumbnail and preview generation
45828: Additional fix for ALF-17153 FTS query parser FTSQueryParser is not debuggable
45857: ALF-17516 (SHARE: Admin console of users and groups)
45873: Remove so-called intermittent test category, so that only RepositoryStartupTest remains as a gatekeeper
45903: ALF-16611 (When opening My Pages filter, a link to the renamed document becomes red)
45906: ALF-17515: Wrong mimetype name in mimetype-map.xml
- Changed macroEnabled to macroenabled
45913: ALF-17462 (In Alfresco explorer invitation to a site does not show the correct options)
45921: Fix for ALF-17421 If a property is both multi-valued and multilingual a ClassCastException is thrown when Solr tries to index the property
- support multi-valued ML text but not content
45926: Fix for ALF-17602 lucene.defaultAnalyserResourceBundleName is not injected anywhere in the spring config
46024: Merged V4.1.3 (4.1.3) to V4.1-BUG-FIX (4.1.4)
45585: ALF-17303: alfresco-platform-distribution was not deployed properly to Maven repo
45621: Removed svn:mergeinfo. A 1.7 client should do this automatically.
45669: Fix ALF-17582 - BM-0013: JMeter: Run 02: MT ContentStore caching is not thread safe
45670: Fix ALF-17589 - BM-0013: JMeter: Run 02: CMISAbstractDictionaryService caching of DictionaryRegistry is not thread safe
45692: Config option for ALF-17526 BM-0013: JMeter: Run 02: Improve efficiency of services for SOLRAPIClient.getNodesMetaData
- preloading can be controlled + removed incorrect use of the secondary cache that could pull in stale data
45705: Reverted Config option for ALF-17526 BM-0013: JMeter: Run 02: Improve efficiency of services for SOLRAPIClient.getNodesMetaData
- preloading can be controlled + removed incorrect use of the secondary cache that could pull in stale data
45716: Fix for ALF-17594 SolrTracker: CMIS model diff (show 1 repeated diff) => CMIS dictionary re-init x2 (every 15 sec)
- only refresh the CMIS dictionary if there was an actual model put
45755: Extra support to make clear what causes any difference between SOLR reports ALF-17588 BM-0013: JMeter: Run 02: Deviation was detected in full index check reports for SOLR nodes.
- also added RETRY command to retry indexing any nodes that failed with errors.
45803: Fix for ALF-17490 Solr indexation problem with certain acls on a customer environment
- AclsGet respects the maximum acls requested and does not silently truncate toe 1024
45829: GERMAN: Translation updates based on EN r45262
45830: SPANISH: Translation updates based on EN r45262
45831: FRENCH: Translation updates based on EN r45262
45832: ITALIAN: Translation updates based on EN r45262
45833: JAPANESE: Translation updates based on EN r45262
45834: DUTCH: Translation updates based on EN r45262
45835: RUSSIAN: Translation updates based on EN r45262
45836: CHINESE: Translation updates based on EN r45262
45858: Fix ALF-17634 -on startup FeedNotifier fetches all people slowly
- switch from GetChildren CQ -> GetPeople CQ
45859: Fix ALF-17634 -on startup FeedNotifier fetches all people slowly
- reverse fix for this test ... for now, until we re-implement the deprecated method and fix the test case ;-)
45951: Fix for ALF-17687 BM-0013: Soak: Run 02: SolrJSONResultSet must preload nodes
- added node preload
45952: SiteServiceImplTest: Added check that size limiting of results is working (and other minor cleanup)
45953: Fixed ALF-17702: BM-0013: Soak: Run 02: getCachedChildAuthorities is not caching results
- getChildAssocs specifically checks for 'members' associations (was eliminated by code)
- Cache negative results i.e. when there are no children
45969: Part fix for ALF-17526 BM-0013: Soak: Run 02: SOLRAPIClient.getNodesMetaData does N+1 calls to NodeDAO
- prependPaths caches nodes for the next layer
45998: Part 2 ALF-17526 BM-0013: Soak: Run 02: SOLRAPIClient.getNodesMetaData does N+1 calls to NodeDAO
- make sure bulk node load works and that assocs are cached
45999: Alternative implementation for ALF-17719 BM-0013: Soak: Run 03: Contained authorities cache warmup times are restrictive
- bridge table is the default for hasAuthority() - configurable on AuthorityServiceImpl
46000: ALF-17574 BM-0013: JMeter: Run 02: Blocked threads on PDFParser.parse
- Found two blocking points in PdfBox to do with loading fonts from the class path (this was the main cause) and
the PDFOperator access to a Synchronised map (identified above by Derek).
- Note in 1.7.0 of PDFBox generally no font was loaded, but under 1.6.0 it was.
This may be a bug in 1.7.0
46001: ALF-17722: Merged V3.4 (3.4.12) to V4.1.3 (4.1.3)
45629: ALF-17536: Stack Specific: Can't transform pdf to jpg
- Added TRACE to log env properties using
log4j.logger.org.alfresco.util.exec.RuntimeExec=trace
45667: ALF-17536 Can't transform multi page pdf to jpg
- issue was introduced by ALF-15436 Alfresco 3.4c + Share + TIFF preview only shows the first page
46018: Merged HEAD to PATCHES/V4.1.3
41904: Fixes bugs uncovered by JDK 7 upgrade
- nodeService's interceptors depended on nodeService, resulting in some 'interesting' interceptor ordering in the chain (3 * the normal number in a random order). Now we use a lazy interceptor to break the cycle.
- When the Content Language was en_GB and an MLText property contained {en_US, en_GB} it would return the en_US one, not taking country codes into account when available
46023: Follow on to previous check in. Fix up evil cloud sync override of "nodeService" to also not suffer from a cyclic dependency!
46034: Merged V3.4-BUG-FIX (3.4.13) to V4.1-BUG-FIX (4.1.4)
45745: Merge V3.4 (3.4.12) to V3.4-BUG-FIX (3.4.13)
45629: ALF-17536: Stack Specific: Can't transform pdf to jpg
- Added TRACE to log env properties using
log4j.logger.org.alfresco.util.exec.RuntimeExec=trace
45667: ALF-17536 Can't transform multi page pdf to jpg
- issue was introduced by ALF-15436 Alfresco 3.4c + Share + TIFF preview only shows the first page
45724: ALF-17533 CLONE - Created article or publication cant be viewed on WQS site
- Further change required to avoid deadlock
45743: Correction to AuditComponentTest
- Test was reporting "Incorrect number of audit entries after failed login expected:<1000> but was:<XXX>"
where XXX was less than 1000. This was because results was being cleared if all all audit failures were
not available in the first loop. The results needed to cleared before the first loop rather than in every
loop. For example an XXX value of 830 would simply indicate that the first loop had received 170 audit
results and that a second loop was required to get the rest.
45754: Merged V3.4 (3.4.12) to V3.4-BUG-FIX (3.4.13)
45747: Correction to AuditComponentTest
- Okay last commit did not work. Try just waiting a bit longer than a second if we don't have all records.
45976: Merged DEV to V3.4-BUG-FIX
45925: ALF-16992 : patch.fixAclInheritance is failing on sharedAclsThatDoNotInheritCorrectlyFromThePrimaryParent
Added a detection on cyclic loop for "inherits from" field.
46037: Merged V4.1.3 (4.1.3) to V4.1-BUG-FIX (4.1.4)
46033: Build fixes
46032: ALF-17628 (No information is displayed in My Activities and Site Activities dashlets for content creation)
46095:
46100: ALF-17773, ALF-17774, ALF-17775, ALF-17776: Merged V4.0.2 (4.0.2.26) to V4.1-BUG-FIX (4.1.4)
45469: MNT-280: Merge from HEAD to V4.0.2 (4.0.2.25)
43617: Fix for ALF-16795 CMIS 0.8 TCK - load of large content fails
45875: Merged DEV to V4.0.2 (4.0.2.26)
45874: MNT-282: Mbean error stemming from cmis create.
Synchronize initiating ContentStore.
Add tenant name to object name of ContentStore MBean for preventing overriding of tenant MBeans.
45904: MNT-285 Content Stream Errors during CMIS load test (Continuation of MNT-280)
- Added 'advice' above retrying transactions to supply a ReusableContentStream
45910: MNT-285 Content Stream Errors during CMIS load test (Continuation of MNT-280)
- Added unit tests - tests both new TempFileProvider method and AlfrescoCmisStreamInterceptor
- Corrections to interceptor
46104: ALF-15843: Upgrade swftools back to 0.9.2
46109: Merged RECORD ONLY V4.1.3 (4.1.3) to V4.1-BUG-FIX (4.1.4)
46106: Merged V4.1-BUG-FIX (4.1.4) to V4.1.3 (4.1.3)
46100: ALF-17773, ALF-17774, ALF-17775, ALF-17776: Merged V4.0.2 (4.0.2.26) to V4.1-BUG-FIX (4.1.4)
45469: MNT-280: Merge from HEAD to V4.0.2 (4.0.2.25)
43617: Fix for ALF-16795 CMIS 0.8 TCK - load of large content fails
45875: Merged DEV to V4.0.2 (4.0.2.26)
45874: MNT-282: Mbean error stemming from cmis create.
Synchronize initiating ContentStore.
Add tenant name to object name of ContentStore MBean for preventing overriding of tenant MBeans.
45904: MNT-285 Content Stream Errors during CMIS load test (Continuation of MNT-280)
- Added 'advice' above retrying transactions to supply a ReusableContentStream
45910: MNT-285 Content Stream Errors during CMIS load test (Continuation of MNT-280)
- Added unit tests - tests both new TempFileProvider method and AlfrescoCmisStreamInterceptor
- Corrections to interceptor
46087: Merge V4.1-BUG-FIX (4.1.4) to V4.1.3 (4.1.3)
45480: ALF-17224: There will not be a "pageList" object in the freemarker model if a wiki page does not exist in a site and the wiki dashlet will cause an error on the site
46112: Merged (4.1.3) to V4.1-BUG-FIX (4.1.4)
46048: ALF-17727 - BM-0013: Soak: Run 03: Site creation leads to contention on sites container
- disable auditable behaviour on "sites" container (when creating a site)
46050: ALF-17727 - BM-0013: Soak: Run 03: Site creation leads to contention on sites container
- disable auditable behaviour on "sites" container (when deleting a site)
46055: ALF-17729 - BM-0013: Soak: Run 03: ADMRemoteStore optimization to reduce contention on share folders
- disable auditable behaviour on parent folder (when creating / deleting file)
46059: Fixed ALF-17756: Thumbnails are being indexed
- Add the cm:indexControl aspect to thumbnails at creation time
- Also prevent timestamp propagation when adding or removing thumbnails
46077: Following on from rev 46059 (ALF-17756): Fixed up the mock NodeService.createNode call as we now pass in indexControl properties
46078: Build fix for SiteServiceImplTest.testGroupMembership(SiteServiceImplTest.java:1308)
46079: Additional fix for out of transaction tests
46124: Reverse merge
<< Will A. did not intend to commit this >>
46095:
46159: Fixed ALF-16889, Enabled cookie support for /wcs/api/login, independent from SSOAuthenticationFilter, on by default.
46165: Fix for ALF-17787 - Site Members 'All Members' link should not run query immediately
46169: Fix for ALF-17787 - Site Members 'All Members' link should not run query immediately - missing file
46184: Refactoring a test class to use JUnit Rules - as part of attempt to reproduce ALF-17797.
Using JUnit Rules like this will make it much easier to switch users between test methods.
Checking in separately from future work as this check-in is a pure refactor.
46185: ALF-17503 : Lucene search with skipcount > hits fails when RM is installed
Fix build failures
- Correct tests which expected -ve number of rows returned in a resultset
46192: Enhancement to JUnit Rule TemporaryNodes.java as required by fix for ALF-17797.
This check-in enhances TemporaryNodes to allow for the easy creation of specific named quick files.
Previously you could only easily create a quick file selected by MIME type.
Now you can use e.g. 'quickCorrupt.pdf' to get that specific file.
46194: Fix for ALF-17797. AddFailedThumbnailActionExecuter is failing.
This check-in adds a test case that reproduces the issue and a fix.
The fix was to have the AddFailedThumbnailActionExecuter action runAs system.
This is consistent with the behaviour of the create-thumbnail action itself.
There is no way via the ActionService to run an action (in this case a compensating action)
as a nominated user, and therefore I have had to change the implementation of
AddFailedThumbnailActionExecuter.executeImpl so that it always runs-as system.
46202: ALF-17644: Document version was increased after canceling editing.
- Also a better fix for ALF-17167
46208: ALF-17517 Document does not revert to previous version if certain rule is applied to the parent folder.
- fix build failures (may still be one left) - Not all actions are node based
46230: Merged V3.4-BUG-FIX to V4.1-BUG-FIX (4.1.4)
46227: Filter repository test resources from alfresco.war
46272: ALF-17841: Upgrade 4.0 --> 4.1.4 ClassCastException from OnPropertyUpdateRuleTrigger
- Only listen for updates of single-valued content properties and cope with it previously being multi-valued (as can be the case with the devious license property)
46279: ALF-17810: Imagemagick requires installation of Visual C++ redistributables
- x86 VC++ 2008 SP1 redistributables now installed to support ImageMagick
46354: ALF-10569: Reversing r32622 as it was due to an invalid interpretation of a Microsoft spec and should be unnecessary for the correct support of WebDAV 'dead properties'.
- Correct fix about to be merged in from V3.4-BUG-FIX
46360: ALF-17697: Create proper source jars, to deploy to Maven repository
46361: Merged V3.4-BUG-FIX to V4.1-BUG-FIX
45756: ALF-14722: Repeat merge of V4.1-BUG-FIX to V3.4-BUG-FIX - previous merge in r43028 did not bring over all required changes
42902: Merged DEV to V4.1-BUG-FIX
42519: ALF-13588: Google Doc failed to authenticate after incorrect password being entered for google account
Add ability to unregister class behaviours.
Unregister googledocs behaviours when subsystem stops.
45948: Merged DEV/WABSON/V4.1-GOOGLEDOCS-BUG-FIX to DEV/V3.4-BUG_FIX
45898: ALF-17704 / ALF-16167: 'Edit Offline' checks out document in Google docs
- Edit in Google Docs action is now decoupled from Edit Offline action
- The checkout to Google Docs is only performed if a new parameter 'gdc' is set as a paramter when calling the action web script
- This paramter causes the web script to call a new method checkoutToGoogleDocs() on ScriptNode if the parameter is set
- The new method simply calls the existing checkout() method after setting a custom property on the transaction
- The Google Docs policies now check for the presence of this transaction property before sending the document to Google
45976: ALF-17876: Merged DEV to V3.4-BUG-FIX
45925: ALF-16992 : patch.fixAclInheritance is failing on sharedAclsThatDoNotInheritCorrectlyFromThePrimaryParent
Added a detection on cyclic loop for "inherits from" field.
46041: ALF-17877: Merged DEV to V3.4-BUG-FIX (with corrections)
46013: ALF-17662 : The deleted via Sharepoint document is not removed from Alfresco but hidden aspect is added for it
Documents marked with sys:hidden aspect should be invisible through SPP protocol and should be treated as nonexistent.
46054: ALF-17878 / ALF-17633 add alfresco-mmt.jar in the SDK distribution
46173: ALF-17879 / ALF-17806: Merged PATCHES/V3.4.10 to V3.4-BUG-FIX
46099: MNT-293: Merged V4.0-BUG-FIX to PATCHES/V3.4.10
37969: Fixes for:
ALF-12772 'Path not found' error in Share if user has no permissions to parent folders in breadcrumb
ALF-14527 Share - Error to display documents if user has no access to the parent folder
- Share now correctly supports accessing documents and folders (and details page actions) where the user does not have Read permissions on the parent node.
46101: MNT-293: AccessDenied using CMIS when user does not have access to parent folder
- Fix by Vasily
46125: MNT-293: Correct Kev's logic to do permission checks after resolving a path as system
46127: Merged V3.4 to PATCHES/V3.4.10
45743: Correction to AuditComponentTest
- Test was reporting "Incorrect number of audit entries after failed login expected:<1000> but was:<XXX>"
where XXX was less than 1000. This was because results was being cleared if all all audit failures were
not available in the first loop. The results needed to cleared before the first loop rather than in every
loop. For example an XXX value of 830 would simply indicate that the first loop had received 170 audit
results and that a second loop was required to get the rest.
45747: Correction to AuditComponentTest
- Okay last commit did not work. Try just waiting a bit longer than a second if we don't have all records.
46195: ALF-17880 / ALF-17378: Web content is not editable after cancelling the Edit Web Content Wizard
- Fix by Andrey
46227: Filter repository test resources from alfresco.war
46324: Merged DEV to V3.4-BUG-FIX (with improvements)
45602: ALF-10569 / ALF-17519 : SPP is setting residual properties with an unknown name space (urn:schemas-microsoft-com)
Implemented special case for handling dead webdav properties. New webdav:object aspect was introduced. It is used to
store all dead properties that may be set on resource.
46353: ALF-17881 / ALF-17272: TooManyClauses error due to syntax error in the query generated from UIComponentSelector
- Fixed typo in Lucene query generation introduced in r20310
46362: ALF-17876: Re-fix typo introduced in V3.4-BUG-FIX merge
46363: Merged V3.4-BUG-FIX to V4.1-BUG-FIX (RECORD ONLY)
46285: Merged V4.1-BUG-FIX to V3.4-BUG-FIX
46279: ALF-17810: Imagemagick requires installation of Visual C++ redistributables
- x86 VC++ 2008 SP1 redistributables now installed to support ImageMagick
46325: ALF-17863: Merged V4.1-BUG-FIX to V3.4-BUG-FIX
43649: ALF-16756: WebDAV: An error occurs on drag&drop content from local machine to alfresco when inbound move rule configured.
43651: ALF-16756: Fixed typos - I took this code in good faith!
44988: Merged DEV to V4.1-BUG-FIX
44937: ALF-16756: WebDAV: An error occurs on drag&drop content from local machine to alfresco when inbound move rule configured.
Add check for content data length during determining existence of content on node.
46395: Merged V4.1.3 (4.1.3) to V4.1-BUG-FIX (4.1.4)
46121: Fixed code warnings
46123: Further improvements on ALF-17702: BM-0013: Soak: Run 02: getCachedChildAuthorities is not caching result
- Reduced cache entry size
- Removed binary sort search for authority entries
- PS: This is one of the most heavily used code paths in the system
46153: Merged DEV to V4.1.3 (4.1.3)
<< Lots of other changes in addition to merged code>>
46093: ALF-16149 : CLONE - User search retrieves all users from the DB regardless of search criteria
- Re-implemented deprecated method PersonServiceImpl.getPeople(...) to use getPeopleCQ or FTS search
- Replaced calls to deprecated getPeople with calls to other one where it would end up being called anyway.
- Fixed PersonServiceTests
- Fixed GetPeopleCannedQuery to use totalResultCount - tests failed otherwise
- Added warning to PersonService.getPeopleFilteredByProperty(...) if PROP_FIRSTNAME, PROP_LASTNAME, PROP_USERNAME
were not being used. This was the one place that 'could' called the deprecated getPeople(...) method with
other properties. Other properties are not included in the search values.
46178: ALF-17796 - BM-0013: Soak: Run 04: Contention on folder 'user' containing users
- disable auditable behaviour on parent folders (see also ALF-17729)
46244: Fix for ALF-17801 BM-0013: Soak: Run 04: ConcurrentModificationException in AbstractLuceneQueryParser
- consistently name anonymous constraints defined on properties
46265: ALF-17799 - BM-0013: Soak: Run 04: Regular timeouts getting site memberships
- initial fix: make sure limit cut-off is also applied when processing "groups to expand"
46286: Fix for ALF-17801 BM-0013: Soak: Run 04: ConcurrentModificationException in AbstractLuceneQueryParser
- build fixes for
1) Anonymous over-ridden constraints defined to contain the wrong property definition (no matter)
2) but above causes name collision on over-ridden anonymous constraints on properties
3) fix -over ride order to set inherited property definition info before over-ridding the property
46290: ALF-17799 - BM-0013: Soak: Run 04: Regular timeouts getting site memberships
- fix SiteActivityTest fallout (and adhere to current API contract)
46315: ALF-17788: WebSphere: QueryException occurs during the clean startup
- Corrected regression where FeedNotifier tries to scroll past the end of a result set
46316: ALF-17702: Fixed regression of MNT-279 fix
- Avoid sequential search across massive user sets when evaluating ACLs
46350: Update Maven POM files
- Upgrade version to 4.1.3
- Upgrade pdfbox to 1.7.0-alfresco-20130130, to catch up after r46000 fixing ALF-17574
46370: ALF-17613: Merged V4.0.2 (4.0.2.27) to V4.1.3 (4.1.3)
46368: MNT-298 HF - Replace file by drag-and-drop over CIFS on Mac OS X and passthru/LDAP-AD gets "is in use" message and deletes the file
46421: Fix for ALF-17886. DeleteRenditionActionExecuter Acces is denied.
With test of course.
46438: ALF-17622 (Activities with Google Docs are not displayed in My Site Activities and Site Activities dashlets)
46445: Fix for ALF-17327 Cannot retrieve documents with a Japanese keyword.
46457: ALF-17904 (GoogleDocs action doesn't work in doclib view)
46482: Fix for ALF-17858. NPE in formService webscript.
46497: Fix for ALF-15371 Instances of java.util.Map interface cannot be accessed in JavaScript
The fix was to have getDefaultValue(Class) return the map.toString. It was previously returning null.
46533: ALF-17286: SPP (Cluster specific):Document workspace is not browseable via Share if alfresco.host is pointing to balancer host
- Ensure that concurrency conditions from AclDAO get propagagedby NodeDAO
46540: Fix for ALF-17397 searching based on property value that contains dashes doesn't work in a crossloanguage context using Solr
- fixed - also added support for query/index time analysis control for the default cross-language analyser.
- Not required to resolve the bug but may be useful to reduce query complexity (e.g. do not generate concatenated tokens for query)
which could have been used as a work around for this bug if available.
46546: Merged DEV to V4.1-BUG-FIX
46494: ALF-17899 TempFileProvider.createTempFile() is not debugable
Added debug logs.
46562: ALF-17917: Corrected internationalization of Imap Home folder
- Unfinished business from ALF-15700
46563: Fix for ALF-17572 - Grey background in 'Google Docs Theme' when uploading files with IE8
46564: Fix for ALF-17150 - Edit Online action missing in Share for some mime types (incorrect mimetype for PowerPoint files with SLDM extension)
46565: ALF-17917: Correction to previous fix
- Use distinct key spaces.imap_home.childname, because spaces.imapConfig.childname was already being used for other purposes
46568: Fix for ALF-17757 and ALF-1101
RSS Dashlet cannot display RSS feed produced by Shareӳ blog / RSS Feed Dashlet unable to read internal Alfesco Share site RSS Feeds
- Fix implementation from Will Abson
NOTE: there is a cavet, suggest SSO style config as per ALF-16413 to avoid basic auth pop-up when displaying some feeds.
46624: removed
46625: Undo last commit
46626: Merged V4.1.1 (4.1.1.21) to V4.1-BUG-FIX (4.1.4)
46602: ALF-17953: Alfresco constantly running full GCs
- Possible fix to TikaPoweredContentTransformer to make it wrap FileContentReaders as TikaInputStreams which can be cast to Files and appear not to need reading into memory in their entirety in uncompressed form!
- Fix also required to TikaOfficeDetectParser to avoid it wrapping a TikaInputStream unnecessarily
46629: RECORD ONLY Merged V4.1.3 (4.1.3) to V4.1-BUG-FIX (4.1.4)
46622: ALF-17968: Merged V4.0.2 (4.1.1.21) to V4.1.3 (4.1.3)
46602: ALF-17953: Alfresco constantly running full GCs
- Possible fix to TikaPoweredContentTransformer to make it wrap FileContentReaders as TikaInputStreams which can be cast to Files and appear not to need reading into memory in their entirety in uncompressed form!
- Fix also required to TikaOfficeDetectParser to avoid it wrapping a TikaInputStream unnecessarily
46607: ALF-17953 Alfresco constantly running full GC's - some java.lang.threads holding around 9Gb of memory
- Added transformation limits to the 8 TikaPoweredContentTransformer based transformers, so that the maxSourceSizeKBytes
can be set for each transformer and for each source mimetype used by each transformer.
- maxSourceSizeKBytes set to 40MB for the newer 2007 MS office types (4 char ext).
46619: ALF-17953 Alfresco constantly running full GC's - some java.lang.threads holding around 9Gb of memory
- Changed maxSourceSizeKBytes values from 40MB back to -1 for the newer 2007 MS office types (4 char ext).
46636: Fix for ALF-13442 Tomcat memory leak warnings occur during the shutdown
46679: Merged DEV to V4.1-BUG-FIX (4.1.4)
46659: ALF-17631 : Errors/Exception during stress tests of CMIS GET children
RetryingTransactionHelper has now ability to handle pre-configured exceptions as retriable in addition to default list of exceptions.
46683: Merge PATCHES/V4.1.3 to V4.1-BUG-FIX (4.1.4)
46637: Update the notice.txt and licenses with the latest modifications
Add Microsoft Visual C++ 2008 Redistributable Package in the notice.txt
46693: RECORD ONLY Merged V3.4-BUG-FIX (3.4.13) to V4.1-BUG-FIX (4.1.4)
46692: ALF-17984: Merged V3.4.12 (3.4.12.2) to V3.4-BUG-FIX (3.4.13)
46680: MNT-307: DEV to V3.4.12 (3.4.12.2)
46659: ALF-17631 : Errors/Exception during stress tests of CMIS GET children
RetryingTransactionHelper has now ability to handle pre-configured exceptions as retriable in addition to default list of exceptions.
- Change to opencmis-context.xml on DEV (based on 4.1.4) was made to cmis-ws-context.xml on V3.4.12
46694: Merged DEV to V4.1-BUG-FIX (4.1.4)
46686: ALF-17631 : Errors/Exception during stress tests of CMIS GET children
Unit test add for RetryingTransactionHelper to test extra exceptions are rertied correctly.
46724: create-site.css and create-site.js will be included in the header (share-config.xml) therefore there is no reason to include them in the freemarker templates.
46759: Merged DEV to V4.1-BUG-FIX (4.1.4)
46734: ALF-17873 Missing versionLabel property after Version2ServiceImpl.restore()
1. In Version2ServiceImpl.restore() to props Map was added ContentModel.PROP_VERSION_LABEL property.
2. In VersionServiceImplTest.testRestore() was added the check that ContentModel.PROP_VERSION_LABEL property is correct.
46760: Merged DEV to V4.1-BUG-FIX (4.1.4)
46433: ALF-16883: Incorrect message occurred when delete Workspace if document is locked.
Not possible to change MS Office message - have improved alfresco log message
46782: ALF-17317 4.0.2.23 HOT FIX: OpenOffice server conversion failed
46783: ALF-17546 OOXMLThumbnailContentTransformer is not registered to handle special Office document types, such as templates and macro-enabled variants of document / template
46797: Restore missing mergeinfo accidentally removed in r46562
46799: ALF-17546 OOXMLThumbnailContentTransformer is not registered to handle special Office document types, such as templates and macro-enabled variants of document / template
- typo in mimetype case
46916: ALF-17174 pdf2swf supports converting N first pages but alfresco does not support it via the pageLimit
46933: ALF-8144: Drastically improving performance using lazy-loaded WorklfowTask properties and path + improved the way share pages workflow-tasks to prevent building full model for unneeded tasks
46946: ALF-18000: Startup script depends on the working directory where it is run
- Changed vti.properties to
vti.server.ssl.keystore=${dir.keystore}/vti.ssl.keystore
46995: Improvement related to ALF-17380 Solr queries running slowly
- reader -> acl cache is built on demand (and warmed via authority warming)
- this will mean it is not eagerly built for the archive store where it would be little used, and could be configured off for this case
47032: ALF-17804: cmisatom URL (opencmis backed by Apache Chemistry OpenCMIS) does not support External authentication
- Now it supports all kinds of authentication because it sits behind Alfresco's authentication filters
- Fix researched by Alex Mukha
47033: Merged V3.4-BUG-FIX to V4.1-BUG-FIX
46453: ALF-18122 / ALF-17708: Incorrect behavior of "Show/Hide Breadcrumb" button when RM is installed
- ContentService.getReader() now triggers a transaction retry if content is found to have disappeared under its feet due to eager content cleaning
46495: ALF-18122 / ALF-17708: Incorrect behavior of "Show/Hide Breadcrumb" button when RM is installed
- lower impact fix will only throw retryable exception if stream is accessed
46822: ALF-18123: Merge Dev to V3.4-BUG-FIX
ALF-17408 : Content is not displayed in imap folder after recovering
46823: ALF-18124 / ALF-18091: Fix for MNT-311 - authentication challenge not present when users open direct links below /share/proxy/alfresco/cmis/i
46927: ALF-18124 / ALF-18091: Merged PATCHES/V3.4.10 to V3.4-BUG-FIX
46925: Merged V3.4-BUG-FIX to PATCHES/V3.4.10 (with correction)
46823: Fix for MNT-311 - authentication challenge not present when users open direct links below /share/proxy/alfresco/cmis/*/content
46942: ALF-17990: Fix security descriptors for new FileFolderService isHidden setHidden methods
47021: ALF-18125: Merged DEV to V3.4-BUG-FIX
46825: ALF-17681 : Lucene Search queries with PATH doesn't work in tenants
A JUnit test was implemented to show that the PATH Lucene indexes are not created correctly for tenants.
46968: ALF-17681 : Lucene Search queries with PATH doesn't work in tenants
The creation of PATH indexes is now made in context of multi tenant System user to run the reindexing process correctly in unauthenticated threads.
47034: Merged V3.4-BUG-FIX to V4.1-BUG-FIX (RECORD ONLY)
47030: ALF-16102: Merged PATCHES/V3.4.10 to V3.4-BUG-FIX (RECORD ONLY)
41755: ALF-16013: Merged V4.1-BUG-FIX to PATCHES/V3.4.10
41539: ALF-15899: Inbound email does not support multiple recipient folders
- Fix by Dmitry Vaserin
47031: ALF-18121: Merged PATCHES/V3.4.11 to V3.4-BUG-FIX
46978: MNT-320: Merged HEAD to PATCHES/V3.4.11:
36623: ALF-10243: form-service date-control now allows configuring only to send date-component of date-only formfields (timezone and time-component is reset server-side to prevent unnecesairy timezone-issues)
47035: Merged PATCHES/V4.1.3 to V4.1-BUG-FIX
46398: Fix for ALF-17889 Alfresco failing as constraint in extension model cannot be defined
- use the namespace from the containing model and not the over-ridden property.
46426: Merged BRANCHES/DEV/V4.1-BUG-FIX to PATCHES/V4.1.3:
46421: Fix for ALF-17886. DeleteRenditionActionExecuter Acces is denied.
46446: ALF-17864: BM-0013: Soak: Run 05: SiteService.listSites(username, size) performance (=> via listSitesImpl)
- isAuthorityContained made to prune its search drastically - it caches hits and misses speeding up the search in a deeply nested group hierarchy such as SAP's
- To avoid huge memory impact with lots of duplicate copies of authority names a pool of authority names is shared across all threads
- getContainingAuthoritesInZone reinstated for site listing as it warms the same caches as the ACLs
- Derek's latest tests with the changes applied showed a good speed up
46501: ALF-17929: BM-0013: Soak: Run 06: /api/sites/{shortname}/memberships/{authorityname} / SiteServiceImpl.getMembersRoleInfo performance poor
- Possible fix to regression caused by ALF-16254
- A very inefficient route was being taken towards checking a user's indirect site role
46502: ALF-17930: BM-0013: Soak: Run 06: ConcurrentModificationException in AuthorityDAOImpl
- Don't try to mutate the set returned by getContainingAuthorities()
46503: ALF-17929: BM-0013: Soak: Run 06: /api/sites/{shortname}/memberships/{authorityname} / SiteServiceImpl.getMembersRoleInfo performance poor
- Further optimizations to prevent unnecessary recursion in AuthorityDAOImpl.listAuthorities()
46506: ALF-17929: BM-0013: Soak: Run 06: /api/sites/{shortname}/memberships/{authorityname} / SiteServiceImpl.getMembersRoleInfo performance poor
- Fixed typo producing invalid membership results
46627: ALF-17967: Error in org.alfresco.repo.workflow.WorkflowServiceImpl.getPooledTasks on StartUp.
- Logic error in org.alfresco.repo.workflow.WorkflowServiceImpl.getPooledTasks() introduced in ALF-14861 / r45421
- Rather than fixing the screwy logic (which I think would cause a major performance hit) I'm reinstating the 4.1.2 "cut off after 100 groups" behaviour
46630: Merged 4.1-BUG-FIX to PATCHES/V4.1.3
46562: ALF-17917: Corrected internationalization of Imap Home folder
- Unfinished business from ALF-15700
46565: ALF-17917: Correction to previous fix
- Use distinct key spaces.imap_home.childname, because spaces.imapConfig.childname was already being used for other purposes
46779: ALF-17967: Error in org.alfresco.repo.workflow.WorkflowServiceImpl.getPooledTasks on StartUp.
- Improved fix that uses the bridge table cache if it is available
- Groups queried for pooled tasks still limited to 100 by default but can be configured with system.workflow.maxAuthoritiesForPooledTasks
- Overall number of results can be cut off with system.workflow.maxPooledTasks
47013: Fix HiddenAspect to NOT use permission-checking NodeService
- Should fix ALF-17605: CLONE - Severe performance problems with Group ACL checking under stress test
47018: (RECORD ONLY) Disabled EmailServiceImplTest.testEmailContributorsAuthority pending ALF-17979
47036: Merged PATCHES/V4.1.2 to V4.1-BUG-FIX
46180: Merged DEV to PATCHES/V4.1.2
46170: MNT-299 : CLONE - Activity feeds get not generated in private sites for added files if username in LDAP-AD contains uppercase letters
Improved debug logging for Activity Feed and Activity Post DAOs.
47037: ALF-17973 (Incorrect name (title.single/title.multi) for "cloud target selection" window when RM is installed)
47042: RM-601 (Copy/Move dialog causes an error in firebug console)
47047: DE: Translation update based on EN r46507
47048: SPANISH: Translation update based on EN r46507
47049: FRENCH: Translation update based on EN r46507
47050: ITALIAN: Translation update based on EN r46507
47051: NORWEGIAN: Translation update based on EN r46507
47052: JAPANESE: Translation update based on EN r46507
47089: ALF-17089 (Displaying Url Name instead of site Name in Select form)
47102: New Norwegian translations from Gloria plus Bitrock configuration to enable them
47110: ALF-10243: Merged V3.4-BUG-FIX to V4.1-BUG-FIX
47105: ALF-18121: Merged PATCHES/V3.4.11 to V3.4-BUG-FIX
47040: MNT-323: Fixed issue with passing empty due date when starting workflow
47101: MNT-320: also applied fix to wcmquickstart module
47109: ALF-18121: Merged PATCHES/V3.4.11 to V3.4-BUG-FIX
47106: MNT-320: Merged V4.1-BUG-FIX to PATCHES/V3.4.11
41010: ALF-15697: Not possible to start workflow not specifying the Due Date
- Regression caused by ALF-10243
47135: DUTCH: Translation update based on EN r46507
47137: RUSSIAN: Translation update based on EN r46507
47138: CHINESE: Translation update based on EN r46507
47141: Fix for ALF-17979 EmailServiceImplTest intermittently failing
47147: Part 2 of ALF-17979 EmailServiceImplTest intermittently failing
- fix related cache to avoid any future issue
47148: ALF-17804: Fix NPE
47171: ALF-18060: removing obsolete expensive sorting and preventing too many variable-queries to be performed when listing COMPLETED WorkflowTask
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@47186 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2597 lines
104 KiB
Java
2597 lines
104 KiB
Java
/*
|
|
* Copyright (C) 2005-2013 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.site;
|
|
|
|
import java.io.Serializable;
|
|
import java.util.ArrayList;
|
|
import java.util.Collections;
|
|
import java.util.Comparator;
|
|
import java.util.HashMap;
|
|
import java.util.HashSet;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
import java.util.SortedSet;
|
|
import java.util.StringTokenizer;
|
|
import java.util.TreeSet;
|
|
import java.util.concurrent.ConcurrentHashMap;
|
|
import java.util.regex.Matcher;
|
|
import java.util.regex.Pattern;
|
|
|
|
import org.alfresco.error.AlfrescoRuntimeException;
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.query.CannedQuery;
|
|
import org.alfresco.query.CannedQueryFactory;
|
|
import org.alfresco.query.CannedQueryResults;
|
|
import org.alfresco.query.PagingRequest;
|
|
import org.alfresco.query.PagingResults;
|
|
import org.alfresco.repo.activities.ActivityType;
|
|
import org.alfresco.repo.admin.SysAdminParams;
|
|
import org.alfresco.repo.node.NodeServicePolicies;
|
|
import org.alfresco.repo.node.NodeServicePolicies.OnRestoreNodePolicy;
|
|
import org.alfresco.repo.node.getchildren.FilterProp;
|
|
import org.alfresco.repo.node.getchildren.FilterPropString;
|
|
import org.alfresco.repo.node.getchildren.FilterPropString.FilterTypeString;
|
|
import org.alfresco.repo.node.getchildren.GetChildrenCannedQuery;
|
|
import org.alfresco.repo.node.getchildren.GetChildrenCannedQueryFactory;
|
|
import org.alfresco.repo.policy.BehaviourFilter;
|
|
import org.alfresco.repo.policy.JavaBehaviour;
|
|
import org.alfresco.repo.policy.PolicyComponent;
|
|
import org.alfresco.repo.search.impl.lucene.AbstractLuceneQueryParser;
|
|
import org.alfresco.repo.security.authentication.AuthenticationContext;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
|
import org.alfresco.repo.security.permissions.AccessDeniedException;
|
|
import org.alfresco.repo.tenant.TenantAdminService;
|
|
import org.alfresco.repo.tenant.TenantService;
|
|
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
|
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
|
import org.alfresco.service.cmr.activities.ActivityService;
|
|
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
|
import org.alfresco.service.cmr.model.FileFolderService;
|
|
import org.alfresco.service.cmr.model.FileInfo;
|
|
import org.alfresco.service.cmr.model.FileNotFoundException;
|
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.search.LimitBy;
|
|
import org.alfresco.service.cmr.search.ResultSet;
|
|
import org.alfresco.service.cmr.search.SearchParameters;
|
|
import org.alfresco.service.cmr.search.SearchService;
|
|
import org.alfresco.service.cmr.security.AccessPermission;
|
|
import org.alfresco.service.cmr.security.AccessStatus;
|
|
import org.alfresco.service.cmr.security.AuthorityService;
|
|
import org.alfresco.service.cmr.security.AuthorityService.AuthorityFilter;
|
|
import org.alfresco.service.cmr.security.AuthorityType;
|
|
import org.alfresco.service.cmr.security.NoSuchPersonException;
|
|
import org.alfresco.service.cmr.security.PermissionService;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.service.cmr.security.PublicServiceAccessService;
|
|
import org.alfresco.service.cmr.site.SiteInfo;
|
|
import org.alfresco.service.cmr.site.SiteMemberInfo;
|
|
import org.alfresco.service.cmr.site.SiteService;
|
|
import org.alfresco.service.cmr.site.SiteVisibility;
|
|
import org.alfresco.service.cmr.tagging.TaggingService;
|
|
import org.alfresco.service.namespace.NamespaceService;
|
|
import org.alfresco.service.namespace.QName;
|
|
import org.alfresco.service.transaction.TransactionService;
|
|
import org.alfresco.util.Pair;
|
|
import org.alfresco.util.PropertyCheck;
|
|
import org.alfresco.util.PropertyMap;
|
|
import org.alfresco.util.registry.NamedObjectRegistry;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.json.JSONException;
|
|
import org.json.JSONObject;
|
|
import org.springframework.context.ApplicationEvent;
|
|
import org.springframework.extensions.surf.util.AbstractLifecycleBean;
|
|
import org.springframework.extensions.surf.util.ParameterCheck;
|
|
|
|
/**
|
|
* Site Service Implementation. Also bootstraps the site AVM and DM stores.
|
|
*
|
|
* @author Roy Wetherall
|
|
*/
|
|
public class SiteServiceImpl extends AbstractLifecycleBean implements SiteServiceInternal, SiteModel, NodeServicePolicies.OnRestoreNodePolicy
|
|
{
|
|
/** Logger */
|
|
private static Log logger = LogFactory.getLog(SiteServiceImpl.class);
|
|
|
|
/** The DM store where site's are kept */
|
|
public static final StoreRef SITE_STORE = new StoreRef("workspace://SpacesStore");
|
|
|
|
/** Activity tool */
|
|
private static final String ACTIVITY_TOOL = "siteService";
|
|
|
|
private static final String SITE_PREFIX = "site_";
|
|
private static final String GROUP_SITE_PREFIX = PermissionService.GROUP_PREFIX + SITE_PREFIX;
|
|
private static final int GROUP_PREFIX_LENGTH = PermissionService.GROUP_PREFIX.length();
|
|
private static final int GROUP_SITE_PREFIX_LENGTH = GROUP_SITE_PREFIX.length();
|
|
|
|
/** Site home ref cache (Tennant aware) */
|
|
private Map<String, NodeRef> siteHomeRefs = new ConcurrentHashMap<String, NodeRef>(4);
|
|
|
|
/** Site node ref cache (Tennant aware) */
|
|
private Map<String, NodeRef> siteNodeRefs = new ConcurrentHashMap<String, NodeRef>(256);
|
|
|
|
private String sitesXPath;
|
|
|
|
/** Messages */
|
|
private static final String MSG_UNABLE_TO_CREATE = "site_service.unable_to_create";
|
|
private static final String MSG_SITE_SHORT_NAME_TOO_LONG = "site_service.short_name_too_long";
|
|
private static final String MSG_VISIBILITY_GROUP_MISSING = "site_service.visibility_group_missing";
|
|
private static final String MSG_CAN_NOT_UPDATE = "site_service.can_not_update";
|
|
private static final String MSG_CAN_NOT_DELETE = "site_service.can_not_delete";
|
|
private static final String MSG_CAN_NOT_REMOVE_MSHIP = "site_service.can_not_remove_membership";
|
|
private static final String MSG_DO_NOT_CHANGE_MGR = "site_service.do_not_change_manager";
|
|
private static final String MSG_CAN_NOT_CHANGE_MSHIP="site_service.can_not_change_membership";
|
|
private static final String MSG_SITE_CONTAINER_NOT_FOLDER = "site_service.site_container_not_folder";
|
|
private static final String MSG_INVALID_SITE_TYPE = "site_service.invalid_site_type";
|
|
|
|
/* Services */
|
|
private NodeService nodeService;
|
|
private NodeService directNodeService;
|
|
private FileFolderService fileFolderService;
|
|
private SearchService searchService;
|
|
private NamespaceService namespaceService;
|
|
private PermissionService permissionService;
|
|
private ActivityService activityService;
|
|
private PersonService personService;
|
|
private AuthenticationContext authenticationContext;
|
|
private TaggingService taggingService;
|
|
private AuthorityService authorityService;
|
|
private DictionaryService dictionaryService;
|
|
private TenantService tenantService;
|
|
private TenantAdminService tenantAdminService;
|
|
private RetryingTransactionHelper retryingTransactionHelper;
|
|
private Comparator<String> roleComparator;
|
|
private SysAdminParams sysAdminParams;
|
|
private BehaviourFilter behaviourFilter;
|
|
private SitesPermissionCleaner sitesPermissionsCleaner;
|
|
private PolicyComponent policyComponent;
|
|
private PublicServiceAccessService publicServiceAccessService;
|
|
|
|
private NamedObjectRegistry<CannedQueryFactory<NodeRef>> cannedQueryRegistry;
|
|
|
|
|
|
/**
|
|
* Set the path to the location of the sites root folder. For example:
|
|
* <pre>
|
|
* ./app:company_home/st:sites
|
|
* </pre>
|
|
* @param sitesXPath a valid XPath
|
|
*/
|
|
public void setSitesXPath(String sitesXPath)
|
|
{
|
|
this.sitesXPath = sitesXPath;
|
|
}
|
|
|
|
/**
|
|
* Set node service
|
|
*/
|
|
public void setNodeService(NodeService nodeService)
|
|
{
|
|
this.nodeService = nodeService;
|
|
}
|
|
|
|
/**
|
|
* Set the unprotected node service
|
|
*/
|
|
public void setDirectNodeService(NodeService directNodeService)
|
|
{
|
|
this.directNodeService = directNodeService;
|
|
}
|
|
|
|
/**
|
|
* Set file folder service
|
|
*/
|
|
public void setFileFolderService(FileFolderService fileFolderService)
|
|
{
|
|
this.fileFolderService = fileFolderService;
|
|
}
|
|
|
|
/**
|
|
* Set search service
|
|
*/
|
|
public void setSearchService(SearchService searchService)
|
|
{
|
|
this.searchService = searchService;
|
|
}
|
|
|
|
/**
|
|
* Set Namespace service
|
|
*/
|
|
public void setNamespaceService(NamespaceService namespaceService)
|
|
{
|
|
this.namespaceService = namespaceService;
|
|
}
|
|
|
|
/**
|
|
* Set permission service
|
|
*/
|
|
public void setPermissionService(PermissionService permissionService)
|
|
{
|
|
this.permissionService = permissionService;
|
|
}
|
|
|
|
/**
|
|
* Set activity service
|
|
*/
|
|
public void setActivityService(ActivityService activityService)
|
|
{
|
|
this.activityService = activityService;
|
|
}
|
|
|
|
/**
|
|
* Set person service
|
|
*/
|
|
public void setPersonService(PersonService personService)
|
|
{
|
|
this.personService = personService;
|
|
}
|
|
|
|
/**
|
|
* Set authentication component
|
|
*/
|
|
public void setAuthenticationContext(
|
|
AuthenticationContext authenticationContext)
|
|
{
|
|
this.authenticationContext = authenticationContext;
|
|
}
|
|
|
|
/**
|
|
* Set the tagging service
|
|
*/
|
|
public void setTaggingService(TaggingService taggingService)
|
|
{
|
|
this.taggingService = taggingService;
|
|
}
|
|
|
|
/**
|
|
* Set the authority service
|
|
*/
|
|
public void setAuthorityService(AuthorityService authorityService)
|
|
{
|
|
this.authorityService = authorityService;
|
|
}
|
|
|
|
/**
|
|
* Set the dictionary service
|
|
*
|
|
* @param dictionaryService dictionary service
|
|
*/
|
|
public void setDictionaryService(DictionaryService dictionaryService)
|
|
{
|
|
this.dictionaryService = dictionaryService;
|
|
}
|
|
|
|
/**
|
|
* Set the tenant service
|
|
*
|
|
* @param tenantService tenant service
|
|
*/
|
|
public void setTenantService(TenantService tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
/**
|
|
* Sets the tenant admin service
|
|
*/
|
|
public void setTenantAdminService(TenantAdminService tenantAdminService)
|
|
{
|
|
this.tenantAdminService = tenantAdminService;
|
|
}
|
|
|
|
/**
|
|
* Sets helper that provides transaction callbacks
|
|
*/
|
|
public void setTransactionHelper(RetryingTransactionHelper retryingTransactionHelper)
|
|
{
|
|
this.retryingTransactionHelper = retryingTransactionHelper;
|
|
}
|
|
|
|
public void setPolicyComponent(PolicyComponent policyComponent)
|
|
{
|
|
this.policyComponent = policyComponent;
|
|
}
|
|
|
|
public void setRoleComparator(Comparator<String> roleComparator)
|
|
{
|
|
this.roleComparator = roleComparator;
|
|
}
|
|
|
|
public void setSysAdminParams(SysAdminParams sysAdminParams)
|
|
{
|
|
this.sysAdminParams = sysAdminParams;
|
|
}
|
|
|
|
public void setBehaviourFilter(BehaviourFilter behaviourFilter)
|
|
{
|
|
this.behaviourFilter = behaviourFilter;
|
|
}
|
|
|
|
public void setSitesPermissionsCleaner(SitesPermissionCleaner sitesPermissionsCleaner)
|
|
{
|
|
this.sitesPermissionsCleaner = sitesPermissionsCleaner;
|
|
}
|
|
|
|
public void setPublicServiceAccessService(PublicServiceAccessService publicServiceAccessService)
|
|
{
|
|
this.publicServiceAccessService = publicServiceAccessService;
|
|
}
|
|
|
|
/**
|
|
* Set the registry of {@link CannedQueryFactory canned queries}
|
|
*/
|
|
public void setCannedQueryRegistry(NamedObjectRegistry<CannedQueryFactory<NodeRef>> cannedQueryRegistry)
|
|
{
|
|
this.cannedQueryRegistry = cannedQueryRegistry;
|
|
}
|
|
|
|
public Comparator<String> getRoleComparator()
|
|
{
|
|
return roleComparator;
|
|
}
|
|
|
|
/**
|
|
* Checks that all necessary properties and services have been provided.
|
|
*/
|
|
public void init()
|
|
{
|
|
PropertyCheck.mandatory(this, "nodeService", nodeService);
|
|
PropertyCheck.mandatory(this, "directNodeService", directNodeService);
|
|
PropertyCheck.mandatory(this, "fileFolderService", fileFolderService);
|
|
PropertyCheck.mandatory(this, "searchService", searchService);
|
|
PropertyCheck.mandatory(this, "namespaceService", namespaceService);
|
|
PropertyCheck.mandatory(this, "permissionService", permissionService);
|
|
PropertyCheck.mandatory(this, "authenticationContext", authenticationContext);
|
|
PropertyCheck.mandatory(this, "personService", personService);
|
|
PropertyCheck.mandatory(this, "activityService", activityService);
|
|
PropertyCheck.mandatory(this, "taggingService", taggingService);
|
|
PropertyCheck.mandatory(this, "authorityService", authorityService);
|
|
PropertyCheck.mandatory(this, "sitesXPath", sitesXPath);
|
|
}
|
|
|
|
/* (non-Javadoc)
|
|
* @see org.springframework.extensions.surf.util.AbstractLifecycleBean#onBootstrap(org.springframework.context.ApplicationEvent)
|
|
*/
|
|
@Override
|
|
protected void onBootstrap(ApplicationEvent event)
|
|
{
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnRestoreNodePolicy.QNAME,
|
|
SiteModel.TYPE_SITE,
|
|
new JavaBehaviour(this, "onRestoreNode"));
|
|
}
|
|
|
|
/* (non-Javadoc)
|
|
* @see org.springframework.extensions.surf.util.AbstractLifecycleBean#onShutdown(org.springframework.context.ApplicationEvent)
|
|
*/
|
|
@Override
|
|
protected void onShutdown(ApplicationEvent event)
|
|
{
|
|
}
|
|
|
|
/*
|
|
* (non-Javadoc)
|
|
* @see org.alfresco.service.cmr.site.SiteService#hasCreateSitePermissions()
|
|
*/
|
|
public boolean hasCreateSitePermissions()
|
|
{
|
|
// NOTE: see ALF-13580 - since 3.4.6 PermissionService.CONTRIBUTOR is no longer used as the default on the Sites folder
|
|
// instead the ability to call createSite() and the Spring configured ACL is the mechanism used to protect access.
|
|
return (publicServiceAccessService.hasAccess("SiteService", "createSite", "", "", "", "", true) == AccessStatus.ALLOWED);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#createSite(java.lang.String, java.lang.String, java.lang.String, java.lang.String, boolean)
|
|
*/
|
|
public SiteInfo createSite(final String sitePreset,
|
|
String passedShortName,
|
|
final String title,
|
|
final String description,
|
|
final boolean isPublic)
|
|
{
|
|
// Determine the site visibility
|
|
SiteVisibility visibility = SiteVisibility.PRIVATE;
|
|
if (isPublic == true)
|
|
{
|
|
visibility = SiteVisibility.PUBLIC;
|
|
}
|
|
|
|
// Create the site
|
|
return createSite(sitePreset, passedShortName, title, description, visibility);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#createSite(java.lang.String, java.lang.String, java.lang.String, java.lang.String, boolean)
|
|
*/
|
|
public SiteInfo createSite(final String sitePreset,
|
|
String passedShortName,
|
|
final String title,
|
|
final String description,
|
|
final SiteVisibility visibility)
|
|
{
|
|
return createSite(sitePreset, passedShortName, title, description, visibility, SiteModel.TYPE_SITE);
|
|
}
|
|
|
|
public SiteInfo createSite(final String sitePreset,
|
|
String passedShortName,
|
|
final String title,
|
|
final String description,
|
|
final SiteVisibility visibility,
|
|
final QName siteType)
|
|
{
|
|
// Check that the provided site type is a subtype of TYPE_SITE
|
|
if (SiteModel.TYPE_SITE.equals(siteType) == false &&
|
|
dictionaryService.isSubClass(siteType, TYPE_SITE) == false)
|
|
{
|
|
throw new SiteServiceException(MSG_INVALID_SITE_TYPE, new Object[]{siteType});
|
|
}
|
|
|
|
// Remove spaces from shortName
|
|
final String shortName = passedShortName.replaceAll(" ", "");
|
|
|
|
// Check to see if we already have a site of this name
|
|
NodeRef existingSite = getSiteNodeRef(shortName, false);
|
|
if (existingSite != null)
|
|
{
|
|
// Throw an exception since we have a duplicate site name
|
|
throw new SiteServiceException(MSG_UNABLE_TO_CREATE, new Object[]{shortName});
|
|
}
|
|
|
|
// Check that the site name isn't too long
|
|
// Authorities are limited to 100 characters by the PermissionService
|
|
int longestPermissionLength = 0;
|
|
for (String permission : permissionService.getSettablePermissions(siteType))
|
|
{
|
|
if (permission.length() > longestPermissionLength)
|
|
longestPermissionLength = permission.length();
|
|
}
|
|
int maximumPermisionGroupLength = 99 - longestPermissionLength;
|
|
|
|
if (getSiteGroup(shortName, true).length() > maximumPermisionGroupLength)
|
|
{
|
|
throw new SiteServiceException(MSG_SITE_SHORT_NAME_TOO_LONG, new Object[] {
|
|
shortName, maximumPermisionGroupLength - getSiteGroup("", true).length()
|
|
});
|
|
}
|
|
|
|
// Get the site parent node reference
|
|
final NodeRef siteParent = getSiteParent(shortName);
|
|
if (siteParent == null)
|
|
{
|
|
throw new SiteServiceException("No root sites folder exists");
|
|
}
|
|
|
|
// Create the site node
|
|
final PropertyMap properties = new PropertyMap(4);
|
|
properties.put(ContentModel.PROP_NAME, shortName);
|
|
properties.put(SiteModel.PROP_SITE_PRESET, sitePreset);
|
|
properties.put(SiteModel.PROP_SITE_VISIBILITY, visibility.toString());
|
|
properties.put(ContentModel.PROP_TITLE, title);
|
|
properties.put(ContentModel.PROP_DESCRIPTION, description);
|
|
|
|
final NodeRef siteNodeRef = AuthenticationUtil.runAs(new RunAsWork<NodeRef>() {
|
|
@Override
|
|
public NodeRef doWork() throws Exception {
|
|
|
|
behaviourFilter.disableBehaviour(siteParent, ContentModel.ASPECT_AUDITABLE);
|
|
try
|
|
{
|
|
return nodeService.createNode(
|
|
siteParent,
|
|
ContentModel.ASSOC_CONTAINS,
|
|
QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, shortName),
|
|
siteType,
|
|
properties
|
|
).getChildRef();
|
|
}
|
|
finally
|
|
{
|
|
behaviourFilter.enableBehaviour(siteParent, ContentModel.ASPECT_AUDITABLE);
|
|
}
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
|
|
// Make the new site a tag scope
|
|
this.taggingService.addTagScope(siteNodeRef);
|
|
|
|
// Clear the sites inherited permissions
|
|
this.permissionService.setInheritParentPermissions(siteNodeRef, false);
|
|
|
|
// Create the relevant groups and assign permissions
|
|
setupSitePermissions(siteNodeRef, shortName, visibility, null);
|
|
|
|
// Return created site information
|
|
Map<QName, Serializable> customProperties = getSiteCustomProperties(siteNodeRef);
|
|
SiteInfo siteInfo = new SiteInfoImpl(sitePreset, shortName, title, description, visibility, customProperties, siteNodeRef);
|
|
return siteInfo;
|
|
}
|
|
|
|
/**
|
|
* Setup the Site permissions.
|
|
* <p>
|
|
* Creates the top-level site group, plus all the Role groups required for users of the site.
|
|
* <p>
|
|
* Note - Changes here likely need to be replicated to the {@link #updateSite(SiteInfo)}
|
|
* method too, as that also has to deal with Site Permissions.
|
|
*
|
|
* @param siteNodeRef
|
|
* @param shortName
|
|
* @param visibility
|
|
*/
|
|
private void setupSitePermissions(
|
|
final NodeRef siteNodeRef, final String shortName, final SiteVisibility visibility, final Map<String, Set<String>> memberships)
|
|
{
|
|
// Get the current user
|
|
final String currentUser = authenticationContext.getCurrentUserName();
|
|
|
|
// Create the relevant groups and assign permissions
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
public String doWork() throws Exception
|
|
{
|
|
Set<String> shareZones = new HashSet<String>(2, 1.0f);
|
|
shareZones.add(AuthorityService.ZONE_APP_SHARE);
|
|
shareZones.add(AuthorityService.ZONE_AUTH_ALFRESCO);
|
|
|
|
// From Alfresco 3.4 the 'site public' group is configurable. Out of the box it is
|
|
// GROUP_EVERYONE so unconfigured behaviour is unchanged. But from 3.4, admins
|
|
// can change the value of property site.public.group via JMX/properties files
|
|
// to be another group of their choosing.
|
|
// This then is the group that is given SiteConsumer access to newly created
|
|
// public and moderated sites.
|
|
final String sitePublicGroup = sysAdminParams.getSitePublicGroup();
|
|
boolean publicGroupExists = authorityService.authorityExists(sitePublicGroup);
|
|
if (!PermissionService.ALL_AUTHORITIES.equals(sitePublicGroup) && !publicGroupExists
|
|
&& !SiteVisibility.PRIVATE.equals(visibility))
|
|
{
|
|
// If the group specified in the settings does not exist, we cannot create the site.
|
|
throw new SiteServiceException(MSG_VISIBILITY_GROUP_MISSING, new Object[]{sitePublicGroup});
|
|
}
|
|
|
|
// Create the site's groups
|
|
String siteGroupShortName = getSiteGroup(shortName, false);
|
|
String siteGroup = authorityService.createAuthority(AuthorityType.GROUP, siteGroupShortName,
|
|
siteGroupShortName, shareZones);
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
Set<String> permissions = permissionService.getSettablePermissions(siteType);
|
|
for (String permission : permissions)
|
|
{
|
|
// Create a group for the permission
|
|
String permissionGroupShortName = getSiteRoleGroup(shortName, permission, false);
|
|
String permissionGroup = authorityService.createAuthority(AuthorityType.GROUP,
|
|
permissionGroupShortName, permissionGroupShortName, shareZones);
|
|
authorityService.addAuthority(siteGroup, permissionGroup);
|
|
|
|
// add any supplied memberships to it
|
|
String siteRoleGroup = getSiteRoleGroup(shortName, permission, true);
|
|
if (memberships != null && memberships.containsKey(siteRoleGroup))
|
|
{
|
|
for (String authority : memberships.get(siteRoleGroup))
|
|
{
|
|
authorityService.addAuthority(siteRoleGroup, authority);
|
|
}
|
|
}
|
|
|
|
// Assign the group the relevant permission on the site
|
|
permissionService.setPermission(siteNodeRef, permissionGroup, permission, true);
|
|
}
|
|
|
|
// Set the memberships details
|
|
// - give all authorities site consumer if site is public
|
|
// - give all authorities read properties if site is moderated
|
|
// - give all authorities read permission on permissions so
|
|
// memberships can be calculated
|
|
// - add the current user to the site manager group
|
|
if (SiteVisibility.PUBLIC.equals(visibility) == true &&
|
|
permissions.contains(SITE_CONSUMER))
|
|
{
|
|
// The public site group becomes the consumer
|
|
permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
|
|
}
|
|
else if (SiteVisibility.MODERATED.equals(visibility) == true &&
|
|
permissions.contains(SITE_CONSUMER))
|
|
{
|
|
// For moderated sites, the Public Group has consumer access to the
|
|
// site root, but not to site components.
|
|
permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
|
|
|
|
// Permissions will be set on the site components as they get created
|
|
}
|
|
|
|
// No matter what, everyone must be able to read permissions on
|
|
// the site, so they can check to see if they're a member or not
|
|
permissionService.setPermission(siteNodeRef,
|
|
PermissionService.ALL_AUTHORITIES,
|
|
PermissionService.READ_PERMISSIONS, true);
|
|
if (memberships == null)
|
|
{
|
|
// add the default site manager authority
|
|
authorityService.addAuthority(getSiteRoleGroup(shortName,
|
|
SiteModel.SITE_MANAGER, true), currentUser);
|
|
}
|
|
|
|
// Return nothing
|
|
return null;
|
|
}
|
|
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
}
|
|
|
|
/**
|
|
* Gets a map containing the site's custom properties
|
|
*
|
|
* @return Map<QName, Serializable> map containing the custom properties of the site
|
|
*/
|
|
private Map<QName, Serializable> getSiteCustomProperties(Map<QName, Serializable> properties)
|
|
{
|
|
Map<QName, Serializable> customProperties = new HashMap<QName, Serializable>(4);
|
|
|
|
for (Map.Entry<QName, Serializable> entry : properties.entrySet())
|
|
{
|
|
if (entry.getKey().getNamespaceURI().equals(SITE_CUSTOM_PROPERTY_URL) == true)
|
|
{
|
|
customProperties.put(entry.getKey(), entry.getValue());
|
|
}
|
|
}
|
|
|
|
return customProperties;
|
|
}
|
|
|
|
/**
|
|
* Gets a map containing the site's custom properties
|
|
*
|
|
* @return Map<QName, Serializable> map containing the custom properties of the site
|
|
*/
|
|
private Map<QName, Serializable> getSiteCustomProperties(NodeRef siteNodeRef)
|
|
{
|
|
Map<QName, Serializable> customProperties = new HashMap<QName, Serializable>(4);
|
|
Map<QName, Serializable> properties = directNodeService.getProperties(siteNodeRef);
|
|
|
|
for (Map.Entry<QName, Serializable> entry : properties.entrySet())
|
|
{
|
|
if (entry.getKey().getNamespaceURI().equals(SITE_CUSTOM_PROPERTY_URL) == true)
|
|
{
|
|
customProperties.put(entry.getKey(), entry.getValue());
|
|
}
|
|
}
|
|
|
|
return customProperties;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteGroup(java.lang.String)
|
|
*/
|
|
public String getSiteGroup(String shortName)
|
|
{
|
|
return getSiteGroup(shortName, true);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteRoleGroup(java.lang.String,
|
|
* java.lang.String)
|
|
*/
|
|
public String getSiteRoleGroup(String shortName, String role)
|
|
{
|
|
return getSiteRoleGroup(shortName, role, true);
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the name of the site group
|
|
*
|
|
* @param shortName site short name
|
|
* @return String site group name
|
|
*/
|
|
public String getSiteGroup(String shortName, boolean withGroupPrefix)
|
|
{
|
|
StringBuffer sb = new StringBuffer(64);
|
|
if (withGroupPrefix == true)
|
|
{
|
|
sb.append(PermissionService.GROUP_PREFIX);
|
|
}
|
|
sb.append(SITE_PREFIX);
|
|
sb.append(shortName);
|
|
return sb.toString();
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the name of the site permission group
|
|
*
|
|
* @param shortName site short name
|
|
* @param permission permission name
|
|
* @param withGroupPrefix - should the name have the GROUP_ prefix?
|
|
* @return String site permission group name
|
|
*/
|
|
public String getSiteRoleGroup(String shortName, String permission, boolean withGroupPrefix)
|
|
{
|
|
return getSiteGroup(shortName, withGroupPrefix) + '_' + permission;
|
|
}
|
|
|
|
/**
|
|
* Gets a sites parent folder based on it's short name
|
|
*
|
|
* @param shortName site short name
|
|
* @return NodeRef the site's parent
|
|
*/
|
|
private NodeRef getSiteParent(String shortName)
|
|
{
|
|
// TODO: For now just return the site root, later we may build folder
|
|
// structure based on the shortname to spread the sites about
|
|
return getSiteRoot();
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getSiteRoot()
|
|
{
|
|
String tenantDomain = tenantAdminService.getCurrentUserDomain();
|
|
NodeRef siteHomeRef = siteHomeRefs.get(tenantDomain);
|
|
if (siteHomeRef == null)
|
|
{
|
|
siteHomeRef = AuthenticationUtil.runAs(new RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
|
|
{
|
|
public NodeRef execute() throws Exception
|
|
{
|
|
NodeRef result = null;
|
|
|
|
// Get the root 'sites' folder
|
|
NodeRef rootNodeRef = directNodeService.getRootNode(SITE_STORE);
|
|
List<NodeRef> results = searchService.selectNodes(
|
|
rootNodeRef,
|
|
sitesXPath,
|
|
null,
|
|
namespaceService,
|
|
false,
|
|
SearchService.LANGUAGE_XPATH);
|
|
if (results.size() != 0)
|
|
{
|
|
result = results.get(0);
|
|
}
|
|
|
|
return result;
|
|
}
|
|
}, true);
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
|
|
// There may be domains with no sites (e.g. JSF-only clients).
|
|
if (siteHomeRef != null)
|
|
{
|
|
siteHomeRefs.put(tenantDomain, siteHomeRef);
|
|
}
|
|
}
|
|
return siteHomeRef;
|
|
}
|
|
|
|
/*
|
|
* (non-Javadoc)
|
|
* @see org.alfresco.service.cmr.site.SiteService#findSites(java.lang.String, java.lang.String, int)
|
|
*/
|
|
@Override
|
|
public List<SiteInfo> findSites(String filter, String sitePresetFilter, int size)
|
|
{
|
|
List<SiteInfo> result;
|
|
|
|
NodeRef siteRoot = getSiteRoot();
|
|
if (siteRoot == null)
|
|
{
|
|
result = Collections.emptyList();
|
|
}
|
|
else
|
|
{
|
|
// get the sites that match the specified names
|
|
StringBuilder query = new StringBuilder(128);
|
|
query.append("+PARENT:\"").append(siteRoot.toString()).append('"');
|
|
|
|
final boolean filterIsPresent = filter != null && filter.length() > 0;
|
|
// The filter string is only used in the Lucene query if it restricts results.
|
|
// A search for name/title/description = "*" does not need to be put into the Lucene query.
|
|
// This allows users to search for "*" in the site-finder.
|
|
final boolean filterIsPresentAndNecessary = filterIsPresent && !filter.equals("*");
|
|
final boolean sitePresetFilterIsPresent = sitePresetFilter != null && sitePresetFilter.length() > 0;
|
|
|
|
if (filterIsPresentAndNecessary || sitePresetFilterIsPresent)
|
|
{
|
|
query.append(" +(");
|
|
if (filterIsPresentAndNecessary)
|
|
{
|
|
String escNameFilter = AbstractLuceneQueryParser.escape(filter.replace('"', ' '));
|
|
|
|
query.append(" @cm\\:name:\"*" + escNameFilter + "*\"")
|
|
.append(" @cm\\:title:\"" + escNameFilter + "\"")
|
|
.append(" @cm\\:description:\"" + escNameFilter + "\"");
|
|
}
|
|
if (sitePresetFilterIsPresent)
|
|
{
|
|
String escPresetFilter = AbstractLuceneQueryParser.escape(sitePresetFilter.replace('"', ' '));
|
|
query.append(" @st\\:sitePreset:\"" + escPresetFilter + "\"");
|
|
}
|
|
|
|
query.append(")");
|
|
}
|
|
|
|
SearchParameters sp = new SearchParameters();
|
|
sp.addStore(siteRoot.getStoreRef());
|
|
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
|
|
sp.setQuery(query.toString());
|
|
if (size > 0)
|
|
{
|
|
sp.setLimit(size);
|
|
sp.setLimitBy(LimitBy.FINAL_SIZE);
|
|
}
|
|
ResultSet results = this.searchService.query(sp);
|
|
try
|
|
{
|
|
result = new ArrayList<SiteInfo>(results.length());
|
|
for (NodeRef site : results.getNodeRefs())
|
|
{
|
|
// Ignore any node type that is not a "site"
|
|
QName siteClassName = this.nodeService.getType(site);
|
|
if (this.dictionaryService.isSubClass(siteClassName, SiteModel.TYPE_SITE))
|
|
{
|
|
result.add(createSiteInfo(site));
|
|
}
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
results.close();
|
|
}
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listSites(java.lang.String, java.lang.String)
|
|
*/
|
|
public List<SiteInfo> listSites(String nameFilter, String sitePresetFilter)
|
|
{
|
|
return listSites(nameFilter, sitePresetFilter, -1);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listSites(java.lang.String, java.lang.String, int)
|
|
*/
|
|
public List<SiteInfo> listSites(final String filter, final String sitePresetFilter, int size)
|
|
{
|
|
List<SiteInfo> result = Collections.emptyList();
|
|
|
|
NodeRef siteRoot = getSiteRoot();
|
|
if (siteRoot != null)
|
|
{
|
|
final boolean filterHasValue = filter != null && filter.length() != 0;
|
|
final boolean sitePresetFilterHasValue = sitePresetFilter != null && sitePresetFilter.length() > 0;
|
|
|
|
List<Pair<QName, Boolean>> sortProps = null;
|
|
|
|
PagingRequest pagingRequest = new PagingRequest(size <= 0 ? Integer.MAX_VALUE : size);
|
|
List<FilterProp> filterProps = new ArrayList<FilterProp>();
|
|
|
|
if (filterHasValue)
|
|
{
|
|
filterProps.add(new FilterPropString(ContentModel.PROP_NAME, filter, FilterTypeString.STARTSWITH_IGNORECASE));
|
|
filterProps.add(new FilterPropString(ContentModel.PROP_TITLE, filter, FilterTypeString.STARTSWITH_IGNORECASE));
|
|
filterProps.add(new FilterPropString(ContentModel.PROP_DESCRIPTION, filter, FilterTypeString.STARTSWITH_IGNORECASE));
|
|
}
|
|
if (sitePresetFilterHasValue)
|
|
{
|
|
filterProps.add(new FilterPropString(SiteModel.PROP_SITE_PRESET, sitePresetFilter, FilterTypeString.EQUALS));
|
|
}
|
|
|
|
PagingResults<SiteInfo> allSites = listSites(filterProps, sortProps, pagingRequest);
|
|
result = allSites.getPage();
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
/*
|
|
* (non-Javadoc)
|
|
* @see org.alfresco.service.cmr.site.SiteService#listSites(java.lang.String)
|
|
*/
|
|
public List<SiteInfo> listSites(final String userName)
|
|
{
|
|
return listSites(userName, 0);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listSites(java.lang.String, int)
|
|
*/
|
|
public List<SiteInfo> listSites(final String userName, final int size)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantUser(userName))
|
|
{
|
|
final String tenantDomain = tenantService.getUserDomain(userName);
|
|
|
|
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<List<SiteInfo>>()
|
|
{
|
|
public List<SiteInfo> doWork() throws Exception
|
|
{
|
|
return listSitesImpl(userName, size);
|
|
}
|
|
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
return listSitesImpl(userName, size);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* This method uses {@link CannedQuery canned queries} to retrieve {@link SiteModel#TYPE_SITE st:site} NodeRefs
|
|
* with support for {@link PagingRequest result paging}.
|
|
*/
|
|
@Override
|
|
public PagingResults<SiteInfo> listSites(List<FilterProp> filterProps, List<Pair<QName, Boolean>> sortProps, PagingRequest pagingRequest)
|
|
{
|
|
// Only search for "st:site" nodes.
|
|
final Set<QName> searchTypeQNames = new HashSet<QName>(1);
|
|
searchTypeQNames.add(SiteModel.TYPE_SITE);
|
|
// ... and all subtypes of st:site
|
|
searchTypeQNames.addAll(dictionaryService.getSubTypes(SiteModel.TYPE_SITE, true));
|
|
|
|
// get canned query
|
|
final String cQBeanName = "siteGetChildrenCannedQueryFactory";
|
|
GetChildrenCannedQueryFactory getChildrenCannedQueryFactory = (GetChildrenCannedQueryFactory)cannedQueryRegistry.getNamedObject(cQBeanName);
|
|
|
|
GetChildrenCannedQuery cq = (GetChildrenCannedQuery)getChildrenCannedQueryFactory.getCannedQuery(getSiteRoot(), null, null, searchTypeQNames,
|
|
filterProps, sortProps, pagingRequest);
|
|
|
|
// execute canned query
|
|
final CannedQueryResults<NodeRef> results = cq.execute();
|
|
|
|
// Now convert the CannedQueryResults<NodeRef> into a more useful PagingResults<SiteInfo>
|
|
List<NodeRef> nodeRefs = Collections.emptyList();
|
|
if (results.getPageCount() > 0)
|
|
{
|
|
nodeRefs = results.getPages().get(0);
|
|
}
|
|
|
|
// set total count
|
|
final Pair<Integer, Integer> totalCount;
|
|
if (pagingRequest.getRequestTotalCountMax() > 0)
|
|
{
|
|
totalCount = results.getTotalResultCount();
|
|
}
|
|
else
|
|
{
|
|
totalCount = null;
|
|
}
|
|
|
|
final List<SiteInfo> siteInfos = new ArrayList<SiteInfo>(nodeRefs.size());
|
|
for (NodeRef nodeRef : nodeRefs)
|
|
{
|
|
siteInfos.add(createSiteInfo(nodeRef));
|
|
}
|
|
|
|
return new PagingResults<SiteInfo>()
|
|
{
|
|
@Override
|
|
public String getQueryExecutionId()
|
|
{
|
|
return results.getQueryExecutionId();
|
|
}
|
|
@Override
|
|
public List<SiteInfo> getPage()
|
|
{
|
|
return siteInfos;
|
|
}
|
|
@Override
|
|
public boolean hasMoreItems()
|
|
{
|
|
return results.hasMoreItems();
|
|
}
|
|
@Override
|
|
public Pair<Integer, Integer> getTotalResultCount()
|
|
{
|
|
return totalCount;
|
|
}
|
|
};
|
|
}
|
|
|
|
/**
|
|
* This method returns the {@link SiteInfo siteInfos} for sites to which the specified user has access.
|
|
* Note that if the user has access to more than 1000 sites, the list will be truncated to 1000 entries.
|
|
*
|
|
* @param userName the username
|
|
* @return a list of {@link SiteInfo site infos}.
|
|
*/
|
|
private String resolveSite(String group)
|
|
{
|
|
// purge non Site related Groups and strip the group name down to the site "shortName" it relates too
|
|
if (group.startsWith(GROUP_SITE_PREFIX))
|
|
{
|
|
int roleIndex = group.lastIndexOf('_');
|
|
if (roleIndex + 1 <= GROUP_SITE_PREFIX_LENGTH)
|
|
{
|
|
// There is no role associated
|
|
return group.substring(GROUP_SITE_PREFIX_LENGTH);
|
|
}
|
|
else
|
|
{
|
|
return group.substring(GROUP_SITE_PREFIX_LENGTH, roleIndex);
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
private List<SiteInfo> listSitesImpl(final String userName, int size)
|
|
{
|
|
final int maxResults = size > 0 ? size : 1000;
|
|
final Set<String> siteNames = new TreeSet<String>();
|
|
authorityService.getContainingAuthoritiesInZone(AuthorityType.GROUP, userName, AuthorityService.ZONE_APP_SHARE, new AuthorityFilter(){
|
|
@Override
|
|
public boolean includeAuthority(String authority)
|
|
{
|
|
if (siteNames.size() < maxResults)
|
|
{
|
|
String siteName = resolveSite(authority);
|
|
if (siteName == null)
|
|
{
|
|
return false;
|
|
}
|
|
return siteNames.add(siteName);
|
|
}
|
|
return false;
|
|
}}, maxResults);
|
|
if (siteNames.isEmpty())
|
|
{
|
|
return Collections.emptyList();
|
|
}
|
|
List<ChildAssociationRef> assocs = this.nodeService.getChildrenByName(
|
|
getSiteRoot(),
|
|
ContentModel.ASSOC_CONTAINS,
|
|
siteNames);
|
|
List<SiteInfo> result = new ArrayList<SiteInfo>(assocs.size());
|
|
for (ChildAssociationRef assoc : assocs)
|
|
{
|
|
// Ignore any node that is not a "site" type
|
|
NodeRef site = assoc.getChildRef();
|
|
QName siteClassName = this.directNodeService.getType(site);
|
|
if (this.dictionaryService.isSubClass(siteClassName, SiteModel.TYPE_SITE))
|
|
{
|
|
result.add(createSiteInfo(site));
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
/**
|
|
* Creates a site information object given a site node reference
|
|
*
|
|
* @param siteNodeRef
|
|
* site node reference
|
|
* @return SiteInfo site information object
|
|
*/
|
|
private SiteInfo createSiteInfo(NodeRef siteNodeRef)
|
|
{
|
|
SiteInfo siteInfo = null;
|
|
|
|
// Get the properties
|
|
Map<QName, Serializable> properties = this.directNodeService.getProperties(siteNodeRef);
|
|
String shortName = (String) properties.get(ContentModel.PROP_NAME);
|
|
String sitePreset = (String) properties.get(PROP_SITE_PRESET);
|
|
String title = (String) properties.get(ContentModel.PROP_TITLE);
|
|
String description = (String) properties.get(ContentModel.PROP_DESCRIPTION);
|
|
|
|
// Get the visibility of the site
|
|
SiteVisibility visibility = getSiteVisibility(siteNodeRef);
|
|
|
|
// Create and return the site information
|
|
Map<QName, Serializable> customProperties = getSiteCustomProperties(properties);
|
|
siteInfo = new SiteInfoImpl(sitePreset, shortName, title, description, visibility, customProperties, siteNodeRef);
|
|
|
|
return siteInfo;
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the visibility of the site. If no value is present in the repository then it is calculated from the
|
|
* set permissions. This will maintain backwards compatibility with earlier versions of the service implementation.
|
|
*
|
|
* @param siteNodeRef site node reference
|
|
* @return SiteVisibility site visibility
|
|
*/
|
|
private SiteVisibility getSiteVisibility(NodeRef siteNodeRef)
|
|
{
|
|
SiteVisibility visibility = SiteVisibility.PRIVATE;
|
|
|
|
// Get the visibility value stored in the repo
|
|
String visibilityValue = (String)this.directNodeService.getProperty(siteNodeRef, SiteModel.PROP_SITE_VISIBILITY);
|
|
|
|
// To maintain backwards compatibility calculate the visibility from the permissions
|
|
// if there is no value specified on the site node
|
|
if (visibilityValue == null)
|
|
{
|
|
// Examine each permission to see if this is a public site or not
|
|
Set<AccessPermission> permissions;
|
|
try {
|
|
permissions = this.permissionService.getAllSetPermissions(siteNodeRef);
|
|
} catch (AccessDeniedException ae){
|
|
// We might not have permission to examine the permissions
|
|
return visibility;
|
|
}
|
|
for (AccessPermission permission : permissions)
|
|
{
|
|
if (permission.getAuthority().equals(PermissionService.ALL_AUTHORITIES) == true &&
|
|
permission.getPermission().equals(SITE_CONSUMER) == true)
|
|
{
|
|
visibility = SiteVisibility.PUBLIC;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Create the enum value from the string
|
|
visibility = SiteVisibility.valueOf(visibilityValue);
|
|
}
|
|
|
|
return visibility;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSite(java.lang.String)
|
|
*/
|
|
public SiteInfo getSite(final String shortName)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantName(shortName))
|
|
{
|
|
final String tenantDomain = tenantService.getDomain(shortName);
|
|
final String sName = tenantService.getBaseName(shortName, true);
|
|
|
|
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<SiteInfo>()
|
|
{
|
|
public SiteInfo doWork() throws Exception
|
|
{
|
|
SiteInfo site = getSiteImpl(sName);
|
|
return new SiteInfoImpl(site.getSitePreset(), shortName, site.getTitle(), site.getDescription(), site.getVisibility(), site.getCustomProperties(), site.getNodeRef());
|
|
}
|
|
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
return getSiteImpl(shortName);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get the site implementation given a short name
|
|
*
|
|
* @param shortName
|
|
* @return
|
|
*/
|
|
private SiteInfo getSiteImpl(String shortName)
|
|
{
|
|
SiteInfo result = null;
|
|
|
|
// Get the site node
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef != null)
|
|
{
|
|
// Create the site info
|
|
result = createSiteInfo(siteNodeRef);
|
|
}
|
|
|
|
// Return the site information
|
|
return result;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSite(org.alfresco.service.cmr.repository.NodeRef)
|
|
*/
|
|
public SiteInfo getSite(NodeRef nodeRef)
|
|
{
|
|
SiteInfo siteInfo = null;
|
|
NodeRef siteNodeRef = getSiteNodeRef(nodeRef);
|
|
if (siteNodeRef != null)
|
|
{
|
|
siteInfo = createSiteInfo(siteNodeRef);
|
|
}
|
|
return siteInfo;
|
|
}
|
|
|
|
/**
|
|
* This method gets the <code>st:site</code> NodeRef for the Share Site which contains the given NodeRef.
|
|
* If the given NodeRef is not contained within a Share Site, then <code>null</code> is returned.
|
|
*
|
|
* @param nodeRef the node whose containing site is to be found.
|
|
* @return NodeRef site node reference or null if node is not in a site
|
|
*/
|
|
private NodeRef getSiteNodeRef(NodeRef nodeRef)
|
|
{
|
|
NodeRef siteNodeRef = null;
|
|
QName nodeRefType = directNodeService.getType(nodeRef);
|
|
if (dictionaryService.isSubClass(nodeRefType, TYPE_SITE) == true)
|
|
{
|
|
siteNodeRef = nodeRef;
|
|
}
|
|
else
|
|
{
|
|
ChildAssociationRef primaryParent = nodeService.getPrimaryParent(nodeRef);
|
|
if (primaryParent != null && primaryParent.getParentRef() != null)
|
|
{
|
|
siteNodeRef = getSiteNodeRef(primaryParent.getParentRef());
|
|
}
|
|
}
|
|
return siteNodeRef;
|
|
}
|
|
|
|
/**
|
|
* Gets the site's node reference based on its short name
|
|
*
|
|
* @param shortName short name
|
|
*
|
|
* @return NodeRef node reference
|
|
*/
|
|
private NodeRef getSiteNodeRef(final String shortName)
|
|
{
|
|
return getSiteNodeRef(shortName, true);
|
|
}
|
|
|
|
/**
|
|
* Gets the site's node reference based on its short name
|
|
*
|
|
* @param shortName short name
|
|
* @param enforcePermissions should we ensure that we have access to this node?
|
|
*
|
|
* @return NodeRef node reference
|
|
*/
|
|
private NodeRef getSiteNodeRef(final String shortName, boolean enforcePermissions)
|
|
{
|
|
final String cacheKey = this.tenantAdminService.getCurrentUserDomain() + '_' + shortName;
|
|
NodeRef siteNodeRef = this.siteNodeRefs.get(cacheKey);
|
|
if (siteNodeRef != null)
|
|
{
|
|
// test for existance - and remove from cache if no longer exists
|
|
if (!this.directNodeService.exists(siteNodeRef))
|
|
{
|
|
this.siteNodeRefs.remove(cacheKey);
|
|
siteNodeRef = null;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// not in cache - find and store
|
|
final NodeRef siteRoot = getSiteParent(shortName);
|
|
|
|
siteNodeRef = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
// the site "short name" directly maps to the cm:name property
|
|
NodeRef siteNode = directNodeService.getChildByName(siteRoot, ContentModel.ASSOC_CONTAINS, shortName);
|
|
|
|
// cache the result if found - null results will be required to ensure new sites are found later
|
|
if (siteNode != null)
|
|
{
|
|
siteNodeRefs.put(cacheKey, siteNode);
|
|
}
|
|
return siteNode;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
}
|
|
if (enforcePermissions)
|
|
{
|
|
return siteNodeRef == null
|
|
|| !this.permissionService.hasPermission(siteNodeRef, PermissionService.READ_PROPERTIES).equals(
|
|
AccessStatus.ALLOWED) ? null : siteNodeRef;
|
|
}
|
|
else
|
|
{
|
|
return siteNodeRef;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#updateSite(org.alfresco.service.cmr.site.SiteInfo)
|
|
*/
|
|
public void updateSite(SiteInfo siteInfo)
|
|
{
|
|
String shortName = siteInfo.getShortName();
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteServiceException(MSG_CAN_NOT_UPDATE, new Object[]{siteInfo.getShortName()});
|
|
}
|
|
|
|
// Get the sites properties
|
|
Map<QName, Serializable> properties = this.directNodeService.getProperties(siteNodeRef);
|
|
|
|
// Update the properties of the site
|
|
// Note: the site preset and short name should never be updated!
|
|
properties.put(ContentModel.PROP_TITLE, siteInfo.getTitle());
|
|
properties.put(ContentModel.PROP_DESCRIPTION, siteInfo.getDescription());
|
|
|
|
// Update the permissions based on the visibility
|
|
SiteVisibility currentVisibility = getSiteVisibility(siteNodeRef);
|
|
SiteVisibility updatedVisibility = siteInfo.getVisibility();
|
|
if (currentVisibility.equals(updatedVisibility) == false)
|
|
{
|
|
// visibility has changed
|
|
logger.debug("site:" + shortName + " visibility has changed from: " + currentVisibility + "to: " + updatedVisibility);
|
|
|
|
// Grab the Public Site Group and validate
|
|
final String sitePublicGroup = sysAdminParams.getSitePublicGroup();
|
|
boolean publicGroupExists = authorityService.authorityExists(sitePublicGroup);
|
|
if (!PermissionService.ALL_AUTHORITIES.equals(sitePublicGroup) && !publicGroupExists)
|
|
{
|
|
// If the group specified in the settings does not exist, we cannot update the site.
|
|
throw new SiteServiceException(MSG_VISIBILITY_GROUP_MISSING, new Object[]{sitePublicGroup});
|
|
}
|
|
|
|
// The site Visibility has changed.
|
|
// Remove current visibility permissions
|
|
if (SiteVisibility.PUBLIC.equals(currentVisibility) == true ||
|
|
SiteVisibility.MODERATED.equals(currentVisibility) == true)
|
|
{
|
|
// Remove the old Consumer permissions
|
|
// (Always remove both EVERYONE and the Publci Site Group, just to be safe)
|
|
this.permissionService.deletePermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER);
|
|
if (sitePublicGroup.equals(PermissionService.ALL_AUTHORITIES))
|
|
{
|
|
this.permissionService.deletePermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, SITE_CONSUMER);
|
|
}
|
|
}
|
|
|
|
// If the site was moderated before, undo the work of #setModeratedPermissions
|
|
// by restoring inherited permissions on the containers
|
|
// (Leaving the old extra permissions on containers is fine)
|
|
if (SiteVisibility.MODERATED.equals(currentVisibility) == true)
|
|
{
|
|
List<FileInfo> folders = fileFolderService.listFolders(siteNodeRef);
|
|
for(FileInfo folder : folders)
|
|
{
|
|
NodeRef containerNodeRef = folder.getNodeRef();
|
|
this.permissionService.setInheritParentPermissions(containerNodeRef, true);
|
|
}
|
|
}
|
|
|
|
// Add new visibility permissions
|
|
// Note - these need to be kept in sync manually with those in #setupSitePermissions
|
|
if (SiteVisibility.PUBLIC.equals(updatedVisibility) == true)
|
|
{
|
|
this.permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
|
|
}
|
|
else if (SiteVisibility.MODERATED.equals(updatedVisibility) == true)
|
|
{
|
|
this.permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
|
|
|
|
// Set the moderated permissions on all the containers the site already has
|
|
List<FileInfo> folders = fileFolderService.listFolders(siteNodeRef);
|
|
for(FileInfo folder : folders)
|
|
{
|
|
NodeRef containerNodeRef = folder.getNodeRef();
|
|
setModeratedPermissions(shortName, containerNodeRef);
|
|
}
|
|
}
|
|
else if (SiteVisibility.PRIVATE.equals(updatedVisibility))
|
|
{
|
|
// No additional permissions need to be granted for a site become private
|
|
}
|
|
|
|
// Update the site node reference with the updated visibility value
|
|
properties.put(SiteModel.PROP_SITE_VISIBILITY, siteInfo.getVisibility().toString());
|
|
}
|
|
|
|
// Set the updated properties back onto the site node reference
|
|
this.nodeService.setProperties(siteNodeRef, properties);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#deleteSite(java.lang.String)
|
|
*/
|
|
public void deleteSite(final String shortName)
|
|
{
|
|
logger.debug("delete site :" + shortName);
|
|
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteServiceException(MSG_CAN_NOT_DELETE, new Object[]{shortName});
|
|
}
|
|
final QName siteType = this.directNodeService.getType(siteNodeRef);
|
|
|
|
// Delete the cached reference
|
|
String cacheKey = this.tenantAdminService.getCurrentUserDomain() + '_' + shortName;
|
|
this.siteNodeRefs.remove(cacheKey);
|
|
|
|
// Collection for recording the group memberships present on the site
|
|
final Map<String, Set<String>> groupsMemberships = new HashMap<String, Set<String>>();
|
|
|
|
// Save the group memberships so we can use them later
|
|
this.nodeService.setProperty(siteNodeRef, QName.createQName(null, "memberships"), (Serializable)groupsMemberships);
|
|
|
|
// The default behaviour is that sites cannot be deleted. But we disable that behaviour here
|
|
// in order to allow site deletion only via this service. Share calls this service for deletion.
|
|
//
|
|
// See ALF-7888 for some background on this issue
|
|
this.behaviourFilter.disableBehaviour(siteNodeRef, ContentModel.ASPECT_UNDELETABLE);
|
|
|
|
NodeRef siteParent = getSiteParent(shortName);
|
|
this.behaviourFilter.disableBehaviour(siteParent, ContentModel.ASPECT_AUDITABLE);
|
|
|
|
try
|
|
{
|
|
this.nodeService.deleteNode(siteNodeRef);
|
|
}
|
|
finally
|
|
{
|
|
this.behaviourFilter.enableBehaviour(siteNodeRef, ContentModel.ASPECT_UNDELETABLE);
|
|
this.behaviourFilter.enableBehaviour(siteParent, ContentModel.ASPECT_AUDITABLE);
|
|
}
|
|
|
|
// Delete the associated groups
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
public Object doWork() throws Exception
|
|
{
|
|
// Delete the master site group
|
|
final String siteGroup = getSiteGroup(shortName, true);
|
|
if (authorityService.authorityExists(siteGroup))
|
|
{
|
|
authorityService.deleteAuthority(siteGroup, false);
|
|
|
|
// Iterate over the role related groups and delete then
|
|
Set<String> permissions = permissionService.getSettablePermissions(siteType);
|
|
for (String permission : permissions)
|
|
{
|
|
String siteRoleGroup = getSiteRoleGroup(shortName, permission, true);
|
|
|
|
// Collect up the memberships so we can potentially restore them later
|
|
Set<String> groupUsers = authorityService.getContainedAuthorities(null, siteRoleGroup, true);
|
|
groupsMemberships.put(siteRoleGroup, groupUsers);
|
|
|
|
// Delete the site role group
|
|
authorityService.deleteAuthority(siteRoleGroup);
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
|
|
logger.debug("site deleted :" + shortName);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.repo.node.NodeServicePolicies.OnRestoreNodePolicy#onRestoreNode(org.alfresco.service.cmr.repository.ChildAssociationRef)
|
|
*/
|
|
@SuppressWarnings("unchecked")
|
|
@Override
|
|
public void onRestoreNode(ChildAssociationRef childAssocRef)
|
|
{
|
|
// regenerate the groups for the site when it is restored from the Archive store
|
|
NodeRef siteRef = childAssocRef.getChildRef();
|
|
setupSitePermissions(
|
|
siteRef,
|
|
(String)directNodeService.getProperty(siteRef, ContentModel.PROP_NAME),
|
|
getSiteVisibility(siteRef),
|
|
(Map<String, Set<String>>)directNodeService.getProperty(siteRef, QName.createQName(null, "memberships")));
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listMembers(java.lang.String, java.lang.String, java.lang.String, int)
|
|
*/
|
|
public Map<String, String> listMembers(String shortName, String nameFilter, String roleFilter, int size)
|
|
{
|
|
return listMembers(shortName, nameFilter, roleFilter, size, false);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listMembers(String, String, String, int, boolean)
|
|
*/
|
|
public Map<String, String> listMembers(String shortName, final String nameFilter, final String roleFilter, final int size, final boolean collapseGroups)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantName(shortName))
|
|
{
|
|
final String tenantDomain = tenantService.getDomain(shortName);
|
|
final String sName = tenantService.getBaseName(shortName, true);
|
|
|
|
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Map<String, String>>()
|
|
{
|
|
public Map<String, String> doWork() throws Exception
|
|
{
|
|
return listMembersImpl(sName, nameFilter, roleFilter, size, collapseGroups);
|
|
}
|
|
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
return listMembersImpl(shortName, nameFilter, roleFilter, size, collapseGroups);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listMembersInfo(String,
|
|
* String, String, int, boolean)
|
|
*/
|
|
public List<SiteMemberInfo> listMembersInfo(String shortName, final String nameFilter, final String roleFilter, final int size, final boolean collapseGroups)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled()
|
|
&& (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil
|
|
.getRunAsUser())) && tenantService.isTenantName(shortName))
|
|
{
|
|
final String tenantDomain = tenantService.getDomain(shortName);
|
|
final String sName = tenantService.getBaseName(shortName, true);
|
|
|
|
return AuthenticationUtil.runAs(
|
|
new AuthenticationUtil.RunAsWork<List<SiteMemberInfo>>()
|
|
{
|
|
public List<SiteMemberInfo> doWork() throws Exception
|
|
{
|
|
return listMembersInfoImpl(sName, nameFilter, roleFilter, size,
|
|
collapseGroups);
|
|
}
|
|
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(),
|
|
tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
return listMembersInfoImpl(shortName, nameFilter, roleFilter, size, collapseGroups);
|
|
}
|
|
}
|
|
|
|
private Map<String, String> listMembersImpl(String shortName, String nameFilter, String roleFilter, int size, boolean collapseGroups)
|
|
{
|
|
Map<String, String> members = new HashMap<String, String>(32);
|
|
|
|
List<SiteMemberInfo> list = listMembersInfoImpl(shortName, nameFilter, roleFilter, size,
|
|
collapseGroups);
|
|
for (SiteMemberInfo info : list)
|
|
members.put(info.getMemberName(), info.getMemberRole());
|
|
|
|
return members;
|
|
}
|
|
|
|
private List<SiteMemberInfo> listMembersInfoImpl(String shortName, String nameFilter,
|
|
String roleFilter, int size, boolean collapseGroups)
|
|
{
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// max size limit
|
|
if (size <= 0)
|
|
{
|
|
size = Integer.MAX_VALUE;
|
|
}
|
|
|
|
// Build an array of name filter tokens pre lowercased to test against person properties
|
|
// We require that matching people have at least one match against one of these on
|
|
// either their firstname or last name
|
|
String nameFilterLower = null;
|
|
String[] nameFilters = new String[0];
|
|
if (nameFilter != null && nameFilter.length() != 0)
|
|
{
|
|
StringTokenizer t = new StringTokenizer(nameFilter, " ");
|
|
nameFilters = new String[t.countTokens()];
|
|
for (int i = 0; t.hasMoreTokens(); i++)
|
|
{
|
|
nameFilters[i] = t.nextToken().toLowerCase();
|
|
}
|
|
nameFilterLower = nameFilter.toLowerCase();
|
|
}
|
|
|
|
List<SiteMemberInfo> members = new ArrayList<SiteMemberInfo>(32);
|
|
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
Set<String> permissions = this.permissionService.getSettablePermissions(siteType);
|
|
Map<String, String> groupsToExpand = new HashMap<String, String>(32);
|
|
|
|
AUTHORITY_FIND: for (String permission : permissions)
|
|
{
|
|
if (roleFilter == null || roleFilter.length() == 0 || roleFilter.equals(permission))
|
|
{
|
|
String groupName = getSiteRoleGroup(shortName, permission, true);
|
|
Set<String> authorities = this.authorityService.getContainedAuthorities(null, groupName, true);
|
|
for (String authority : authorities)
|
|
{
|
|
switch (AuthorityType.getAuthorityType(authority))
|
|
{
|
|
case USER:
|
|
boolean addUser = true;
|
|
if (nameFilter != null && nameFilter.length() != 0 && !nameFilter.equals(authority))
|
|
{
|
|
// found a filter - does it match person first/last name?
|
|
addUser = matchPerson(nameFilters, authority);
|
|
}
|
|
if (addUser)
|
|
{
|
|
// Add the user and their permission to the returned map
|
|
members.add(new SiteMemberInfoImpl(authority, permission, false));
|
|
|
|
// break on max size limit reached
|
|
if (members.size() >= size)
|
|
{
|
|
break AUTHORITY_FIND;
|
|
}
|
|
}
|
|
break;
|
|
case GROUP:
|
|
if (collapseGroups)
|
|
{
|
|
if (!groupsToExpand.containsKey(authority))
|
|
{
|
|
groupsToExpand.put(authority, permission);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (nameFilter != null && nameFilter.length() != 0)
|
|
{
|
|
// found a filter - does it match Group name part?
|
|
if (matchByFilter(authority.substring(GROUP_PREFIX_LENGTH).toLowerCase(), nameFilterLower))
|
|
{
|
|
members.add(new SiteMemberInfoImpl(authority, permission, false));
|
|
}
|
|
else
|
|
{
|
|
// Does it match on the Group Display Name part instead?
|
|
String displayName = authorityService.getAuthorityDisplayName(authority);
|
|
if (displayName != null && matchByFilter(displayName.toLowerCase(), nameFilterLower))
|
|
{
|
|
members.add(new SiteMemberInfoImpl(authority, permission, false));
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// No name filter add this group
|
|
members.add(new SiteMemberInfoImpl(authority, permission, false));
|
|
}
|
|
|
|
// break on max size limit reached
|
|
if (members.size() >= size)
|
|
{
|
|
break AUTHORITY_FIND;
|
|
}
|
|
}
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if ((collapseGroups) && (members.size() < size))
|
|
{
|
|
GROUP_EXPAND: for (Map.Entry<String, String> entry : groupsToExpand.entrySet())
|
|
{
|
|
Set<String> subUsers = this.authorityService.getContainedAuthorities(AuthorityType.USER, entry.getKey(), false);
|
|
for (String subUser : subUsers)
|
|
{
|
|
boolean addUser = true;
|
|
if (nameFilter != null && nameFilter.length() != 0 && !nameFilter.equals(subUser))
|
|
{
|
|
// found a filter - does it match person first/last name?
|
|
addUser = matchPerson(nameFilters, subUser);
|
|
}
|
|
|
|
if (addUser)
|
|
{
|
|
SiteMemberInfo memberInfo = new SiteMemberInfoImpl(subUser,entry.getValue(), true);
|
|
// Add the collapsed user into the members list if they do not already appear in the list
|
|
if (members.contains(memberInfo) == false)
|
|
{
|
|
members.add(memberInfo);
|
|
}
|
|
|
|
// break on max size limit reached
|
|
if (members.size() >= size)
|
|
{
|
|
break GROUP_EXPAND;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return members;
|
|
}
|
|
|
|
/**
|
|
* Helper to match name filters to Person properties.
|
|
*
|
|
* One of the user's firstname or lastname must match at least
|
|
* one of the filters given.
|
|
*
|
|
* @param filter
|
|
* @param username
|
|
* @return
|
|
*/
|
|
private boolean matchPerson(final String[] nameFilters, final String username)
|
|
{
|
|
boolean addUser = false;
|
|
|
|
try
|
|
{
|
|
NodeRef person = personService.getPerson(username, false);
|
|
String firstName = (String)directNodeService.getProperty(person, ContentModel.PROP_FIRSTNAME);
|
|
String lastName = (String)directNodeService.getProperty(person, ContentModel.PROP_LASTNAME);
|
|
String userName = (String)directNodeService.getProperty(person, ContentModel.PROP_USERNAME);
|
|
|
|
final String lowFirstName = (firstName != null ? firstName.toLowerCase() : "");
|
|
final String lowLastName = (lastName != null ? lastName.toLowerCase() : "");
|
|
final String lowUserName = (userName != null ? userName.toLowerCase() : "");
|
|
for (int i=0; i<nameFilters.length; i++)
|
|
{
|
|
if (matchByFilter(lowUserName, nameFilters[i]) ||
|
|
matchByFilter(lowFirstName, nameFilters[i]) ||
|
|
matchByFilter(lowLastName, nameFilters[i]))
|
|
{
|
|
addUser = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
catch(NoSuchPersonException e)
|
|
{
|
|
// Group references a deleted user, shouldn't normally happen
|
|
}
|
|
|
|
return addUser;
|
|
}
|
|
|
|
private boolean matchByFilter(String compareString, String patternString)
|
|
{
|
|
if (compareString==null || compareString.isEmpty())
|
|
{
|
|
return false;
|
|
}
|
|
if (patternString==null || patternString.isEmpty())
|
|
{
|
|
return true;
|
|
}
|
|
StringBuilder paternStr=new StringBuilder();
|
|
for (char c: patternString.toCharArray())
|
|
{
|
|
if (c=='*')
|
|
{
|
|
paternStr.append(".*");
|
|
}
|
|
else if (c=='(' || c==')')
|
|
{
|
|
paternStr.append("\\"+c);
|
|
}
|
|
else if (Character.isLetterOrDigit(c) || c=='*')
|
|
{
|
|
paternStr.append(c);
|
|
}
|
|
else paternStr.append("\\"+c);
|
|
|
|
}
|
|
Pattern p=Pattern.compile(paternStr.toString(), Pattern.CASE_INSENSITIVE);
|
|
Matcher matcher=p.matcher(compareString);
|
|
return matcher.matches();
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getMembersRoleInfo(java.lang.String, java.lang.String)
|
|
*/
|
|
public SiteMemberInfo getMembersRoleInfo(String shortName, String authorityName)
|
|
{
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
Set<String> permissions = this.permissionService.getSettablePermissions(siteType);
|
|
// This set is a lazily evaluated one, so merely getting it in advance as we do here is not expensive
|
|
Set<String> userAuthoritySet = this.authorityService.getAuthoritiesForUser(authorityName);
|
|
for (String role : permissions)
|
|
{
|
|
String roleGroup = getSiteRoleGroup(shortName, role, true);
|
|
Set<String> authorities = this.authorityService.getContainedAuthorities(null, roleGroup, true);
|
|
if (authorities.contains(authorityName))
|
|
{
|
|
// found a direct membership for this user - return this role info
|
|
return new SiteMemberInfoImpl(authorityName, role, false);
|
|
}
|
|
// crawl the cache from the role group down to find the authority
|
|
else if (userAuthoritySet.contains(roleGroup))
|
|
{
|
|
return new SiteMemberInfoImpl(authorityName, role, true);
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getMembersRole(java.lang.String,
|
|
* java.lang.String)
|
|
*/
|
|
public String getMembersRole(String shortName, String authorityName)
|
|
{
|
|
String result = null;
|
|
List<String> roles = getMembersRoles(shortName, authorityName);
|
|
if (roles.size() != 0)
|
|
{
|
|
if (roles.size() > 1 && roleComparator != null)
|
|
{
|
|
// Need to sort the roles into the most important first.
|
|
SortedSet<String> sortedRoles = new TreeSet<String>(roleComparator);
|
|
for (String role : roles)
|
|
{
|
|
sortedRoles.add(role);
|
|
}
|
|
result = sortedRoles.first();
|
|
}
|
|
else
|
|
{
|
|
// don't search on precedence or only one result
|
|
result = roles.get(0);
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
public List<String> getMembersRoles(String shortName, String authorityName)
|
|
{
|
|
List<String> result = new ArrayList<String>(5);
|
|
List<String> groups = getPermissionGroups(shortName, authorityName);
|
|
for (String group : groups)
|
|
{
|
|
int index = group.lastIndexOf('_');
|
|
if (index != -1)
|
|
{
|
|
result.add(group.substring(index + 1));
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the permission groups for a given authority on a site.
|
|
* Returns empty List if the user does not have a explicit membership to the site.
|
|
*
|
|
* A user permission will take precedence over a permission obtained via a group.
|
|
*
|
|
* @param siteShortName site short name
|
|
* @param authorityName authority name
|
|
* @return List<String> Permission groups, empty list if no explicit membership set
|
|
*/
|
|
private List<String> getPermissionGroups(String siteShortName, String authorityName)
|
|
{
|
|
NodeRef siteNodeRef = getSiteNodeRef(siteShortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(siteShortName);
|
|
}
|
|
|
|
List<String> fullResult = new ArrayList<String>(5);
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
Set<String> roles = this.permissionService.getSettablePermissions(siteType);
|
|
|
|
// First use the authority's cached recursive group memberships to answer the question quickly
|
|
Set<String> authorities = authorityService.getAuthoritiesForUser(authorityName);
|
|
for (String role : roles)
|
|
{
|
|
String roleGroup = getSiteRoleGroup(siteShortName, role, true);
|
|
if (authorities.contains(roleGroup))
|
|
{
|
|
fullResult.add(roleGroup);
|
|
}
|
|
}
|
|
|
|
// Unfortunately, due to direct membership taking precedence, we can't answer the question quickly if more than one role has been inherited
|
|
if (fullResult.size() <= 1)
|
|
{
|
|
return fullResult;
|
|
}
|
|
|
|
// Check direct group memberships
|
|
List<String> result = new ArrayList<String>(5);
|
|
Set <String> authorityGroups = this.authorityService.getContainingAuthorities(AuthorityType.GROUP,
|
|
authorityName, true);
|
|
for (String role : roles)
|
|
{
|
|
String roleGroup = getSiteRoleGroup(siteShortName, role, true);
|
|
if (authorityGroups.contains(roleGroup))
|
|
{
|
|
result.add(roleGroup);
|
|
}
|
|
}
|
|
|
|
// If there are user permissions then they take priority
|
|
return result.size() > 0 ? result : fullResult;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteRoles()
|
|
*/
|
|
public List<String> getSiteRoles()
|
|
{
|
|
return getSiteRoles(SiteModel.TYPE_SITE);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteRoles(String)
|
|
*/
|
|
public List<String> getSiteRoles(String shortName)
|
|
{
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
return getSiteRoles(siteType);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteRoles()
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteRoles(String)
|
|
*/
|
|
public List<String> getSiteRoles(QName type)
|
|
{
|
|
Set<String> permissions = permissionService.getSettablePermissions(type);
|
|
return new ArrayList<String>(permissions);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#isMember(java.lang.String, java.lang.String)
|
|
*/
|
|
public boolean isMember(String shortName, String authorityName)
|
|
{
|
|
return (!getPermissionGroups(shortName, authorityName).isEmpty());
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#removeMembership(java.lang.String, java.lang.String)
|
|
*/
|
|
public void removeMembership(final String shortName, final String authorityName)
|
|
{
|
|
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// TODO what do we do about the user if they are in a group that has
|
|
// rights to the site?
|
|
|
|
// Get the current user
|
|
String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
|
|
|
|
// Get the user current role
|
|
final String role = getMembersRole(shortName, authorityName);
|
|
if (role != null)
|
|
{
|
|
// Check that we are not about to remove the last site manager
|
|
checkLastManagerRemoval(shortName, authorityName, role);
|
|
|
|
// If ...
|
|
// -- the current user has change permissions rights on the site
|
|
// or
|
|
// -- the user is ourselves
|
|
if ((currentUserName.equals(authorityName) == true) ||
|
|
(permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED))
|
|
{
|
|
// Run as system user
|
|
AuthenticationUtil.runAs(
|
|
new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
public Object doWork() throws Exception
|
|
{
|
|
// Remove the user from the current permission
|
|
// group
|
|
String currentGroup = getSiteRoleGroup(shortName, role, true);
|
|
authorityService.removeAuthority(currentGroup, authorityName);
|
|
|
|
return null;
|
|
}
|
|
}, AuthenticationUtil.SYSTEM_USER_NAME);
|
|
|
|
// Raise events
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
|
|
if (authorityType == AuthorityType.USER)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_USER_REMOVED, shortName,
|
|
ACTIVITY_TOOL, getActivityUserData(authorityName, ""));
|
|
}
|
|
else if (authorityType == AuthorityType.GROUP)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_GROUP_REMOVED, shortName,
|
|
ACTIVITY_TOOL, getActivityGroupData(authorityName, ""));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Throw an exception
|
|
throw new SiteServiceException(MSG_CAN_NOT_REMOVE_MSHIP, new Object[]{shortName});
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Throw an exception
|
|
throw new SiteServiceException(MSG_CAN_NOT_REMOVE_MSHIP, new Object[]{shortName});
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#setMembership(java.lang.String,
|
|
* java.lang.String, java.lang.String)
|
|
*/
|
|
public void setMembership(final String shortName,
|
|
final String authorityName,
|
|
final String role)
|
|
{
|
|
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// Get the user's current role
|
|
final String currentRole = getMembersRole(shortName, authorityName);
|
|
|
|
// Do nothing if the role of the user is not being changed
|
|
if (currentRole == null || role.equals(currentRole) == false)
|
|
{
|
|
// TODO if this is the only site manager do not down grade their
|
|
// permissions
|
|
|
|
// Get the visibility of the site
|
|
SiteVisibility visibility = getSiteVisibility(siteNodeRef);
|
|
|
|
// If we are ...
|
|
// -- the current user has change permissions rights on the site
|
|
// or we are ...
|
|
// -- referring to a public site and
|
|
// -- the role being set is consumer and
|
|
// -- the user being added is ourselves and
|
|
// -- the member does not already have permissions
|
|
// ... then we can set the permissions as system user
|
|
final String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
|
|
if ((permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED) ||
|
|
(SiteVisibility.PUBLIC.equals(visibility) == true &&
|
|
role.equals(SiteModel.SITE_CONSUMER) == true &&
|
|
authorityName.equals(currentUserName) == true &&
|
|
currentRole == null))
|
|
{
|
|
// Check that we are not about to remove the last site manager
|
|
checkLastManagerRemoval(shortName, authorityName, currentRole);
|
|
|
|
// Run as system user
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
public Object doWork() throws Exception
|
|
{
|
|
if (currentRole != null)
|
|
{
|
|
// Remove the user from the current
|
|
// permission group
|
|
String currentGroup = getSiteRoleGroup(shortName, currentRole, true);
|
|
authorityService.removeAuthority(currentGroup, authorityName);
|
|
}
|
|
|
|
// Add the user to the new permission group
|
|
String newGroup = getSiteRoleGroup(shortName, role, true);
|
|
authorityService.addAuthority(newGroup, authorityName);
|
|
|
|
return null;
|
|
}
|
|
|
|
}, AuthenticationUtil.SYSTEM_USER_NAME);
|
|
|
|
if (currentRole == null)
|
|
{
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
|
|
if (authorityType == AuthorityType.USER)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_USER_JOINED, shortName,
|
|
ACTIVITY_TOOL, getActivityUserData(authorityName, role), authorityName);
|
|
}
|
|
else if (authorityType == AuthorityType.GROUP)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_GROUP_ADDED, shortName,
|
|
ACTIVITY_TOOL, getActivityGroupData(authorityName, role));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
|
|
if (authorityType == AuthorityType.USER)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_USER_ROLE_UPDATE, shortName,
|
|
ACTIVITY_TOOL, getActivityUserData(authorityName, role));
|
|
}
|
|
else if (authorityType == AuthorityType.GROUP)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_GROUP_ROLE_UPDATE, shortName,
|
|
ACTIVITY_TOOL, getActivityGroupData(authorityName, role));
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Raise a permission exception
|
|
throw new SiteServiceException(MSG_CAN_NOT_CHANGE_MSHIP, new Object[]{shortName});
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#createContainer(java.lang.String,
|
|
* java.lang.String, org.alfresco.service.namespace.QName,
|
|
* java.util.Map)
|
|
*/
|
|
public NodeRef createContainer(String shortName,
|
|
String componentId,
|
|
QName containerType,
|
|
Map<QName, Serializable> containerProperties)
|
|
{
|
|
// Check for the component id
|
|
ParameterCheck.mandatoryString("componentId", componentId);
|
|
|
|
// retrieve site
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// Update the isPublic flag
|
|
SiteVisibility siteVisibility = getSiteVisibility(siteNodeRef);
|
|
|
|
// retrieve component folder within site
|
|
NodeRef containerNodeRef = null;
|
|
try
|
|
{
|
|
containerNodeRef = findContainer(siteNodeRef, componentId);
|
|
}
|
|
catch (FileNotFoundException e)
|
|
{
|
|
//NOOP
|
|
}
|
|
|
|
// create the container node reference
|
|
if (containerNodeRef == null)
|
|
{
|
|
if (containerType == null)
|
|
{
|
|
containerType = ContentModel.TYPE_FOLDER;
|
|
}
|
|
|
|
// create component folder
|
|
FileInfo fileInfo = fileFolderService.create(siteNodeRef,
|
|
componentId, containerType);
|
|
|
|
// Get the created container
|
|
containerNodeRef = fileInfo.getNodeRef();
|
|
|
|
// Set the properties if they have been provided
|
|
if (containerProperties != null)
|
|
{
|
|
Map<QName, Serializable> props = this.directNodeService
|
|
.getProperties(containerNodeRef);
|
|
props.putAll(containerProperties);
|
|
this.nodeService.setProperties(containerNodeRef, props);
|
|
}
|
|
|
|
// Add the container aspect
|
|
Map<QName, Serializable> aspectProps = new HashMap<QName, Serializable>(1, 1.0f);
|
|
aspectProps.put(SiteModel.PROP_COMPONENT_ID, componentId);
|
|
this.nodeService.addAspect(containerNodeRef, ASPECT_SITE_CONTAINER,
|
|
aspectProps);
|
|
|
|
// Set permissions on the container
|
|
if(SiteVisibility.MODERATED.equals(siteVisibility))
|
|
{
|
|
setModeratedPermissions(shortName, containerNodeRef);
|
|
}
|
|
|
|
// Make the container a tag scope
|
|
this.taggingService.addTagScope(containerNodeRef);
|
|
}
|
|
|
|
return containerNodeRef;
|
|
}
|
|
|
|
/**
|
|
* This method recursively cleans the site permissions on the specified NodeRef and all its primary
|
|
* descendants. This consists of
|
|
* <ul>
|
|
* <li>the removal of all site permissions pertaining to a site other than the containingSite</li>
|
|
* </ul>
|
|
* If the containingSite is <code>null</code> then the targetNode's current containing site is used.
|
|
*
|
|
* @param targetNode
|
|
* @param containingSite the site which the site is a member of. If <code>null</code>, it will be calculated.
|
|
*/
|
|
@Override
|
|
public void cleanSitePermissions(final NodeRef targetNode, SiteInfo containingSite)
|
|
{
|
|
this.sitesPermissionsCleaner.cleanSitePermissions(targetNode, containingSite);
|
|
}
|
|
|
|
/**
|
|
* Moderated sites have separate ACLs on each component and don't inherit from the
|
|
* site which has consumer role for everyone.
|
|
*/
|
|
private void setModeratedPermissions(String shortName, NodeRef containerNodeRef)
|
|
{
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
Set<String> permissions = permissionService.getSettablePermissions(siteType);
|
|
for (String permission : permissions)
|
|
{
|
|
String permissionGroup = getSiteRoleGroup(shortName, permission, true);
|
|
// Assign the group the relevant permission on the site
|
|
permissionService.setPermission(containerNodeRef, permissionGroup, permission, true);
|
|
}
|
|
permissionService.setPermission(containerNodeRef,
|
|
PermissionService.ALL_AUTHORITIES,
|
|
PermissionService.READ_PERMISSIONS, true);
|
|
|
|
this.permissionService.setInheritParentPermissions(containerNodeRef, false);
|
|
}
|
|
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getContainer(java.lang.String)
|
|
*/
|
|
public NodeRef getContainer(String shortName, String componentId)
|
|
{
|
|
ParameterCheck.mandatoryString("componentId", componentId);
|
|
|
|
// retrieve site
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// retrieve component folder within site
|
|
// NOTE: component id is used for folder name
|
|
NodeRef containerNodeRef = null;
|
|
try
|
|
{
|
|
containerNodeRef = findContainer(siteNodeRef, componentId);
|
|
}
|
|
catch (FileNotFoundException e)
|
|
{
|
|
//NOOP
|
|
}
|
|
|
|
return containerNodeRef;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#hasContainer(java.lang.String)
|
|
*/
|
|
public boolean hasContainer(final String shortName, final String componentId)
|
|
{
|
|
ParameterCheck.mandatoryString("componentId", componentId);
|
|
|
|
// retrieve site
|
|
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// retrieve component folder within site
|
|
// NOTE: component id is used for folder name
|
|
boolean hasContainer = false;
|
|
|
|
NodeRef containerRef = AuthenticationUtil.runAs(new RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
|
|
{
|
|
public NodeRef execute() throws Exception
|
|
{
|
|
try
|
|
{
|
|
return findContainer(siteNodeRef, componentId);
|
|
}
|
|
catch (FileNotFoundException e)
|
|
{
|
|
return null;
|
|
}
|
|
}
|
|
}, true);
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
|
|
if(containerRef != null)
|
|
{
|
|
hasContainer = true;
|
|
}
|
|
|
|
return hasContainer;
|
|
}
|
|
|
|
/**
|
|
* Locate site "container" folder for component
|
|
*
|
|
* @param siteNodeRef
|
|
* site
|
|
* @param componentId
|
|
* component id
|
|
* @return "container" node ref, if it exists
|
|
* @throws FileNotFoundException
|
|
*/
|
|
private NodeRef findContainer(NodeRef siteNodeRef, String componentId)
|
|
throws FileNotFoundException
|
|
{
|
|
List<String> paths = new ArrayList<String>(1);
|
|
paths.add(componentId);
|
|
FileInfo fileInfo = fileFolderService.resolveNamePath(siteNodeRef,
|
|
paths);
|
|
if (!fileInfo.isFolder())
|
|
{
|
|
throw new SiteServiceException(MSG_SITE_CONTAINER_NOT_FOLDER, new Object[]{fileInfo.getName()});
|
|
}
|
|
return fileInfo.getNodeRef();
|
|
}
|
|
|
|
/**
|
|
* Helper method to create a container if missing, and mark it as a
|
|
* tag scope if it isn't already one
|
|
*/
|
|
public static NodeRef getSiteContainer(final String siteShortName,
|
|
final String componentName, final boolean create,
|
|
final SiteService siteService, final TransactionService transactionService,
|
|
final TaggingService taggingService)
|
|
{
|
|
// Does the site exist?
|
|
if(siteService.getSite(siteShortName) == null) {
|
|
// Either the site doesn't exist, or you're not allowed to see it
|
|
if(! create)
|
|
{
|
|
// Just say there's no container
|
|
return null;
|
|
}
|
|
else
|
|
{
|
|
// We can't create on a non-existant site
|
|
throw new AlfrescoRuntimeException(
|
|
"Unable to create the " + componentName + " container from a hidden or non-existant site"
|
|
);
|
|
}
|
|
}
|
|
|
|
// Check about the container
|
|
if(! siteService.hasContainer(siteShortName, componentName))
|
|
{
|
|
if(create)
|
|
{
|
|
if(transactionService.isReadOnly())
|
|
{
|
|
throw new AlfrescoRuntimeException(
|
|
"Unable to create the " + componentName + " container from a read only transaction"
|
|
);
|
|
}
|
|
|
|
// Have the site container created
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Creating " + componentName + " container in site " + siteShortName);
|
|
}
|
|
|
|
NodeRef container = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
// Create the site container
|
|
NodeRef container = siteService.createContainer(
|
|
siteShortName, componentName, null, null
|
|
);
|
|
|
|
// Done
|
|
return container;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName()
|
|
);
|
|
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Created " + componentName + " as " + container + " for " + siteShortName);
|
|
}
|
|
|
|
// Container is setup and ready to use
|
|
return container;
|
|
}
|
|
else
|
|
{
|
|
// No container for this site, and not allowed to create
|
|
// Have the site container created
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("No " + componentName + " component in " + siteShortName + " and not creating");
|
|
}
|
|
return null;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Container is already there
|
|
NodeRef containerTmp = null;
|
|
try
|
|
{
|
|
containerTmp = siteService.getContainer(siteShortName, componentName);
|
|
}
|
|
catch(AccessDeniedException e)
|
|
{
|
|
if(!create)
|
|
{
|
|
// Just pretend it isn't there, as they can't see it
|
|
return null;
|
|
}
|
|
else
|
|
{
|
|
// It's there, they can't see it, and they need it
|
|
throw e;
|
|
}
|
|
}
|
|
final NodeRef container = containerTmp;
|
|
|
|
// Ensure the calendar container has the tag scope aspect applied to it
|
|
if(! taggingService.isTagScope(container))
|
|
{
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Attaching tag scope to " + componentName + " " + container.toString() + " for " + siteShortName);
|
|
}
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>() {
|
|
public Void doWork() throws Exception
|
|
{
|
|
transactionService.getRetryingTransactionHelper().doInTransaction(
|
|
new RetryingTransactionCallback<Void>() {
|
|
public Void execute() throws Throwable {
|
|
// Add the tag scope aspect
|
|
taggingService.addTagScope(container);
|
|
return null;
|
|
}
|
|
}, false, true
|
|
);
|
|
return null;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
}
|
|
|
|
// Container is appropriately setup and configured
|
|
return container;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the activity data for a user
|
|
*
|
|
* @param userName user name
|
|
* @param role role
|
|
* @return
|
|
*/
|
|
private String getActivityUserData(String userName, String role)
|
|
{
|
|
String memberFN = "";
|
|
String memberLN = "";
|
|
NodeRef person = personService.getPerson(userName);
|
|
if (person != null)
|
|
{
|
|
memberFN = (String) directNodeService.getProperty(person,
|
|
ContentModel.PROP_FIRSTNAME);
|
|
memberLN = (String) directNodeService.getProperty(person,
|
|
ContentModel.PROP_LASTNAME);
|
|
}
|
|
|
|
try
|
|
{
|
|
JSONObject activityData = new JSONObject();
|
|
activityData.put("role", role);
|
|
activityData.put("memberUserName", userName);
|
|
activityData.put("memberFirstName", memberFN);
|
|
activityData.put("memberLastName", memberLN);
|
|
activityData.put("title", (memberFN + " " + memberLN + " ("
|
|
+ userName + ")").trim());
|
|
return activityData.toString();
|
|
} catch (JSONException je)
|
|
{
|
|
// log error, subsume exception
|
|
logger.error("Failed to get activity data: " + je);
|
|
return "";
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the activity data for a group
|
|
*
|
|
* @param groupName user name
|
|
* @param role role
|
|
* @return Activity data in JSON format
|
|
*/
|
|
private String getActivityGroupData(String groupName, String role)
|
|
{
|
|
try
|
|
{
|
|
JSONObject activityData = new JSONObject();
|
|
activityData.put("role", role);
|
|
activityData.put("groupName", groupName);
|
|
|
|
return activityData.toString();
|
|
}
|
|
catch (JSONException je)
|
|
{
|
|
// log error, subsume exception
|
|
logger.error("Failed to get activity data: " + je);
|
|
return "";
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Helper to check that we are not removing the last Site Manager from a site
|
|
*
|
|
* @param shortName
|
|
* @param authorityName
|
|
* @param role
|
|
*/
|
|
private void checkLastManagerRemoval(final String shortName, final String authorityName, final String role)
|
|
{
|
|
// Check that we are not about to remove the last site manager
|
|
if (SiteModel.SITE_MANAGER.equals(role) == true)
|
|
{
|
|
String mgrGroup = getSiteRoleGroup(shortName, SITE_MANAGER, true);
|
|
Set<String> siteUserMangers = this.authorityService.getContainedAuthorities(
|
|
AuthorityType.USER, mgrGroup, true);
|
|
if (siteUserMangers.size() <= 1)
|
|
{
|
|
Set<String> siteGroupManagers = this.authorityService.getContainedAuthorities(
|
|
AuthorityType.GROUP, mgrGroup, true);
|
|
|
|
if (siteUserMangers.size() + siteGroupManagers.size() == 1)
|
|
{
|
|
throw new SiteServiceException(MSG_DO_NOT_CHANGE_MGR, new Object[] {authorityName});
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|