mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-06-30 18:15:39 +00:00
a5f31cd37e
20167: Merged HEAD to BRANCHES/V3.3: (RECORD ONLY)
20166: Fix ALF-2765: Renditions created via 3.3 RenditionService are not exposed via OpenCMIS rendition API
20232: Fix problem opening AVM web project folders via FTP. ALF-2738.
20234: ALF-2352: Cannot create folders in Share doclib without admin user in authentication chain
20235: Fix for unable to create folders in web project via CIFS. ALF-2736.
20258: Reverse-merged rev 20254: 'When dropping the mysql database ...'
20262: Merged V3.3-BUG-FIX to V3.3
20251: Fix for ALF-2804 - Unable to browse into folders in Share Site in certain situations.
- Browser history filter object in incorrect state after page refresh.
20264: Updated Oracle build support (to fix grants)
20282: Merged PATCHES/V3.2.0 to V3.3
20266: Test reproduction of ALF-2839 failure: Node pre-loading generates needless resultset rows
20280: Fixed ALF-2839: Node pre-loading generates needless resultset rows
20283: Merged BRANCHES/DEV/V3.3-BUG-FIX to BRANCHES/V3.3:
20194: AVMTestSuite - scale down unit tests (slightly)
20247: AVMServiceTest.testVersionByDate - build (add delay)
20290: Fixed ALF-2851 "Drag n Drop issues in IE6 & IE7"
- Reordering rules-list with drag and drop didn't work at all because each rule was created using a template that had the "id"-attribute set, which made IE confused after using HTMLELement.clone() even though the id was resetted
- Both customise-dashlets & rules-list got an error when "throwing" away the dashlet or rule instead of releasing it "carefully", reason was becuuase IE didnt capture the x:y-position which made the animation fail. Now no animation is done if x:y isn't found.
20296: Merged PATCHES/V3.1.0 to V3.3 (RECORD ONLY)
20249: Merged V3.1 to PATCHES/V3.1.0
14565: Updated version to include revision number (x.y.z)
20246: Merged V3.1 to PATCHES/V3.1.0
13841: Build fix
20245: Merged V3.1 to PATCHES/V3.1.0
16185: AbstractLuceneIndexerAndSearcherFactory.getTransactionId() must return null when there is no transaction
20241: Merged V3.1 to PATCHES/V3.1.0
14187: Fix for ETHREEOH-2023: LDAP import must lower case the local name of the association to person.
16167: ETHREEOH-2475: Fixed nested transaction handling in AbstractLuceneIndexerAndSearcherFactory to allow duplicate user processing in PersonServiceImpl to actually work
16168: ETHREEOH-2797: Force patch.db-V2.2-Person to apply one more time to fix up corrupt users created by LDAP Import
- Problem due to ETHREEOH-2023, fixed in 3.1.1
- Also corrects ldap.synchronisation.defaultHomeFolderProvider to be userHomesHomeFolderProvider
- Also requires fix to ETHREEOH-2475 to fix up duplicate users
20221:Merged PATCHES/V3.1.2 to PATCHES/V3.1.0
20217: Merged PATCHES/V3.2.0 to PATCHES/V3.1.2
19793: Merged HEAD to V3.2.0
19786: Refactor of previous test fix. I have pushed down the OOo-specific parts of the change from AbstractContentTransformerTest to OpenOfficeContentTransformerTest leaving an extension point in the base class should other transformations need to be excluded in the future.
19785: Fix for failing test OpenOfficeContentTransformerTest.testAllConversions.
Various OOo-related transformations are returned as available but fail on our test server with OOo on it.
Pending further work on these failings, I am disabling those transformations in test code whilst leaving them available in the product code. This is because in the wild a different OOo version may succeed with these transformations.
I had previously explicitly disabled 3 transformations in the product and I am moving that restriction from product to test code for the same reason.
19707: Return value from isTransformationBlocked was inverted. Fixed now.
19705: Refinement of previous check-in re OOo transformations.
I have pulled up the code that handles blocked transformations into a superclass so that the JodConverter-based transformer worker can inherit the same list of blocked transformations. To reiterate, blocked transformations are those that the OOo integration code believes should work but which are broken in practice. These are blocked by the transformers and will always be unavailable regardless of the OOo connection state.
19702: Fix for HEAD builds running on panda build server.
OOo was recently installed on panda which has activated various OOo-related transformations/extractions in the test code.
It appears that OOo does not support some transformations from Office 97 to Office 2007. Specifically doc to docx and xls to xlsx. These transformations have now been marked as unavailable.
20220: Created hotfix branch off TAGS/ENTERPRISE/V3.1.0
20297: Merged PATCHES/V3.1.2 to V3.3 (RECORD ONLY)
20268: Increment version number
20267: ALF-550: Merged V3.2 to PATCHES/V3.1.2
17768: Merged DEV/BELARUS/V3.2-2009_11_24 to V3.2
17758: ETHREEOH-3757: Oracle upgrade issue: failed "inviteEmailTemplate" patch - also causes subsequent patches to not be applied
20217: Merged PATCHES/V3.2.0 to PATCHES/V3.1.2
19793: Merged HEAD to V3.2.0
19786: Refactor of previous test fix. I have pushed down the OOo-specific parts of the change from AbstractContentTransformerTest to OpenOfficeContentTransformerTest leaving an extension point in the base class should other transformations need to be excluded in the future.
19785: Fix for failing test OpenOfficeContentTransformerTest.testAllConversions.
Various OOo-related transformations are returned as available but fail on our test server with OOo on it.
Pending further work on these failings, I am disabling those transformations in test code whilst leaving them available in the product code. This is because in the wild a different OOo version may succeed with these transformations.
I had previously explicitly disabled 3 transformations in the product and I am moving that restriction from product to test code for the same reason.
19707: Return value from isTransformationBlocked was inverted. Fixed now.
19705: Refinement of previous check-in re OOo transformations.
I have pulled up the code that handles blocked transformations into a superclass so that the JodConverter-based transformer worker can inherit the same list of blocked transformations. To reiterate, blocked transformations are those that the OOo integration code believes should work but which are broken in practice. These are blocked by the transformers and will always be unavailable regardless of the OOo connection state.
19702: Fix for HEAD builds running on panda build server.
OOo was recently installed on panda which has activated various OOo-related transformations/extractions in the test code.
It appears that OOo does not support some transformations from Office 97 to Office 2007. Specifically doc to docx and xls to xlsx. These transformations have now been marked as unavailable.
20204: Moved version label to '.6'
20298: Merged PATCHES/V3.2.0 to V3.3 (RECORD ONLY)
20281: Incremented version number to '10'
20272: Backports to help fix ALF-2839: Node pre-loading generates needless resultset rows
Merged BRANCHES/V3.2 to PATCHES/V3.2.0:
18490: Added cache for alf_content_data
Merged BRANCHES/DEV/V3.3-BUG-FIX to PATCHES/V3.2.0:
20231: Fixed ALF-2784: Degradation of performance between 3.1.1 and 3.2x (observed in JSF)
20299: Merged PATCHES/V3.2.1 to V3.3 (RECORD ONLY)
20279: Incremented version label
20211: Reinstated patch 'patch.convertContentUrls' (reversed rev 20205 ALF-2719)
20210: Incremented version label to '.3'
20206: Bumped version label to '.2'
20205: Workaround for ALF-2719 by disabling patch.convertContentUrls and ContentStoreCleaner
20149: Incremented version label
20101: Created hotfix branch off ENTERPRISE/V3.2.1
20300: Merged BRANCHES/DEV/BELARUS/HEAD-2010_04_28 to BRANCHES/V3.3:
20293: ALF-767: remove-AVM-issuer.sql upgrade does not account for column (mis-)order - fixed for MySQL, PostgreSQL and Oracle (DB2 & MS SQL Server already OK)
20301: Merged PATCHES/V3.2.1 to V3.3
20278: ALF-206: Make it possible to follow hyperlinks to document JSF client URLs from MS Office
- A request parameter rather than a (potentially forgotten) session attribute is used to propagate the URL to redirect to after successful login
20303: Fixed ALF-2855: FixAuthorityCrcValuesPatch reports NPE during upgrade from 2.1.7 to 3.3E
- Auto-unbox NPE on Long->long: Just used the Long directly for reporting
20319: Fixed ALF-2854: User Usage Queries use read-write methods on QNameDAO
20322: Fixed ALF-1998: contentStoreCleanerJob leads to foreign key exception
- Possible concurrent modification of alf_content_url.orphan_time led to false orphan detection
- Fixed queries to check for dereferencing AND use the indexed orphan_time column
- More robust use of EagerContentStoreCleaner: On eager cleanup, ensure that URLs are deleted
- Added optimistic lock checks on updates and deletes of alf_content_url
20335: Merged DEV/V3.3-BUG-FIX to V3.3
20334: ALF-2473: Changes for clean startup and shutdown of subsystems on Spring 3
- Removed previous SafeEventPublisher workaround for startup errors and associated changes
- Replaced with SafeApplicationEventMulticaster which queues up events while an application context isn't started
- Now all subsystems shut down cleanly
- Fixes problem with FileContentStore visibility in JMX too!
20341: ALF-2517 Quick fix which means rules which compare the creation/modification date of content should now correctly be applied when content is uploaded to a folder.
20346: ALF-2839: Node pre-loading generates needless resultset rows
- Added missing Criteria.list() call
20347: Merged BRANCHES/DEV/V3.3-BUG-FIX to BRANCHES/V3.3:
20231: Fixed ALF-2784: Degradation of performance between 3.1.1 and 3.2x (observed in JSF)
20356: Merged DEV/BELARUS/HEAD-2010_03_30 to V3.3 (with corrections)
19735: ALF-686: Alfresco cannot start if read/write mode in Sysadmin subsystem is configured
1. org.alfresco.repo.module.ModuleComponentHelper was modified to allow “System” user run write operations in read-only system.
2. Startup of “Synchronization” subsystem failed with the same error as was occurred in issue during modules start. org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer was also modified to allow “System” user run write operations in read-only mode.
20361: Merged HEAD to BRANCHES/V3.3: (RECORD ONLY)
20345: Fix ALF-2319: CMIS 'current' version mapping is not compliant with spec
20354: Update test to reflect changes to CMIS version mapping.
20363: Merge from V3.2 to V3.2 (all record-only)
c. 19448 OOoJodConverter worker bean correctly handles isAvailable() when subsystem is disabled.
c. 19484 JodConverter-backed thumbnailing test now explicitly sets OOoDirect and OOoJodconverter enabled-ness back to default settings in tearDown
c. 20175 Fix for ALF-2773 JMX configuration of enterprise logging broken
20376: Altered URL of online help to point at http://www.alfresco.com/help/33/enterprise/webeditor/
20395: set google docs off
20398: Fixed ALF-2890: Upgrade removes content if transaction retries are triggered
- Setting ContentData that was derived outside of the current transaction opened up a window
for the post-rollback code to delete the underlying binary. The binaries are only registered
for writers fetched via the ContentService now; the low-level DAO no longer does management
because it can't assume that a new content URL indicates a new underlying binary.
- The contentUrlConverter was creating new URLs and thus the low-level DAO cleaned up
live content when retrying collisions took place. The cleanup is no longer on the stack
for the patch.
- Removes the ALF-558 changes around ContentData.reference()
20399: Remove googledocs aspect option
20400: PurgeTestP (AVM) - increase wait cycles
20422: Added ooo converter properties
20425: Merge V3.3-BUG-FIX to V3.3
20392 : ALF-2716 - imap mail metadata extraction fails when alfresco server locale is non English
20365 : Merge DEV to V3.3-BUG_FIX
18011 : ETHREEOH-3804 - IMAP message body doesn't appears in IMAP folder when message subject is equal to the attachment name
20332 : Build fix - rework to the ImapServiceUnit tests.
20325 : build fix
20318 : MERGE DEV TO V3.3-BUG-FIX
20287 : ALF-2754: Alfresco IMAP and Zimbra Desktop Client.
20317 : ALF-2716 - imap mail metadata extraction fails when alfresco server locale is non English This change reworks the received date metadata extraction.
20316 : ALF-1912 : Problem with IMAP Sites visibility Now only IMAP favouries are shown. Also major rework to the way that this service uses the FileFolderService.
20315 : ALF-1912 Updates to the FileFolderService to support the Imap Service - add listDeepFolders - remove "makeFolders" which moves to its own Utility class. - update to JavaDoc
20429: Merged BRANCHES/DEV/V3.3-BUG-FIX to BRANCHES/V3.3:
20171: 3.3SP1 bug fix branch
20174: Fix for ALF-960 and ALFCOM-1980: WCM - File Picker Restriction relative to folder not web project
20179: ALF-2629 Now when a workflow timer signals a transition it also ends the associated task.
20433: Merged BRANCHES/DEV/V3.3-BUG-FIX to BRANCHES/V3.3:
20184: ALF-2772: Added new test case to RepoTransferReceiverImplTest and fixed the fault in the primary manifest processor.
20196: Temporary fix to SandboxServiceImplTest, which reverses the fix to ALF-2529.
20434: Merged BRANCHES/DEV/V3.3-BUG-FIX to BRANCHES/V3.3: (RECORD ONLY)
20213: (RECORD ONLY) Merge from V3.3 to V3.3-BUG-FIX
r20176 Merge from V3.2 to V3.3.
r20175. JMX configuration of enterprise logging broken (fix).
20215: (RECORD ONLY) Merge from V3.3 to V3.3-BUG-FIX
r20178 JodConverter loggers are now exposed in JMX.
20218: (RECORD ONLY) Merged BRANCHES/V3.3 to BRANCHES/DEV/V3.3-BUG-FIX:
20195: Form fields for numbers are now rendered much smaller that ...
20248: (RECORD ONLY) Merging HEAD into V3.3
20284: (RECORD ONLY) Merged BRANCHES/V3.3 to BRANCHES/DEV/V3.3-BUG-FIX:
20177: Add 'MaxPermSize' setting for DOD JUnit tests
20305: (RECORD ONLY) Merged BRANCHES/V3.3 to BRANCHES/DEV/V3.3-BUG-FIX:
20236: Add Oracle support for creating/dropping "databases" (users) in continuous.xml
20264: Updated Oracle build support (to fix grants)
20435: Merged BRANCHES/DEV/V3.3-BUG-FIX to BRANCHES/V3.3:
20233: Part fix for ALF-2811: DOD5015 module breaks CMIS tck
20239: Final part of fix for ALF-2811: DOD5015 module breaks CMIS tck
20250: Merge from DEV/BELARUS/HEAD-2010_04_28 to V3.3-BUG-FIX
20230 ALF-2450: latin/utf-8 HTML file cannot be text-extracted.
20253: ALF-2629 Now tasks should correctly be ended when an associated timer is triggered. Should no longer cause WCM workflows to fail.
20254: ALF-2579 Changed teh status code on incorrect password to '401' to reflect that it is an authorisation error.
20263: Fix for ALF-2500: query with a ! in contains search make it strange
20265: Fix for ALF-1495. Reindexing of OOo-transformed content after OOo crash.
20436: Merged BRANCHES/DEV/V3.3-BUG-FIX to BRANCHES/V3.3:
20292: (RECORD ONLY) Latest SpringSurf libs:
20308: (RECORD ONLY) Latest SpringSurf libs:
20366: (RECORD ONLY) Latest SpringSurf libs:
20415: Latest SpringSurf libs:
20437: Merged BRANCHES/DEV/V3.3-BUG-FIX to BRANCHES/V3.3:
20270: Build times: SearchTestSuite
20273: Fix for ALF-2125 - Accessing a deleted page in Share does not return an error page, instead the document-details page breaks
20274: Fix for ALF-2518: It's impossible to find user by user name in Add User or Group window at Manage permissions page (also allows users to be found by username in the Share Admin Console).
20277: Fix for ALF-2417: Create Web Content Wizard if cancelling/aborting Step Two - Author Web Content, any asset being uploaded gets locked
20291: Reduce build time: Added security test suite to cover 17 security tests
20439: Merged BRANCHES/DEV/V3.3-BUG-FIX to BRANCHES/V3.3:
20302: Fixed ALF-727: Oracle iBatis fails on PropertyValueDAOTest Double.MAX_VALUE
20307: VersionStore - minor fixes if running deprecated V1
20310: Fixed a bug in UIContentSelector which was building lucene search queries incorrectly.
20314: Fix for ALF-2789 - DispatcherServlet not correctly retrieving Object ID from request parameters
20320: Merged DEV/TEMPORARY to V3.3-BUG-FIX
20313: ALF-2507: Not able to email space users even if the user owns the space
20324: Fixed ALF-2078 "Content doesn't make checked in after applying 'Check-in' rule in Share"
20327: Fix Quickr project to compile in Eclipse
20367: ALF-2829: Avoid reading entire result set into memory in FixNameCrcValuesPatch
20368: Work-around for ALF-2366: patch.updateDmPermissions takes too long to complete
20369: Part 1 of fix for ALF-2943: Update incorrect mimetypes (Excel and Powerpoint)
20370: Version Migrator (ALF-1000) - use common batch processor to enable multiple workers
20373: Version Migrator (ALF-1000) - resolve runtime conflict (w/ r20334)
20378: Merged BRANCHES/DEV/BELARUS/HEAD-2010_04_28 to BRANCHES/DEV/V3.3-BUG-FIX:
20312: ALF-2162: Error processing WCM form: XFormsBindingException: property 'constraint' already present at model item
20381: Fixed ALF-2943: Update incorrect mimetypes (Excel and Powerpoint)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@20571 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
828 lines
30 KiB
Java
828 lines
30 KiB
Java
/*
|
|
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.jscript;
|
|
|
|
import java.util.HashMap;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
import java.util.StringTokenizer;
|
|
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.repo.search.impl.lucene.LuceneQueryParser;
|
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.authentication.UserNameGenerator;
|
|
import org.alfresco.repo.security.authority.AuthorityDAO;
|
|
import org.alfresco.repo.tenant.TenantService;
|
|
import org.alfresco.service.ServiceRegistry;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.search.LimitBy;
|
|
import org.alfresco.service.cmr.search.ResultSet;
|
|
import org.alfresco.service.cmr.search.SearchParameters;
|
|
import org.alfresco.service.cmr.search.SearchService;
|
|
import org.alfresco.service.cmr.security.AuthorityService;
|
|
import org.alfresco.service.cmr.security.AuthorityType;
|
|
import org.alfresco.service.cmr.security.MutableAuthenticationService;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.service.cmr.usage.ContentUsageService;
|
|
import org.alfresco.service.namespace.NamespaceService;
|
|
import org.springframework.extensions.surf.util.ParameterCheck;
|
|
import org.alfresco.util.PropertyMap;
|
|
import org.alfresco.util.ValueDerivingMapFactory;
|
|
import org.alfresco.util.ValueDerivingMapFactory.ValueDeriver;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.mozilla.javascript.Context;
|
|
import org.mozilla.javascript.Scriptable;
|
|
import org.springframework.beans.factory.InitializingBean;
|
|
|
|
/**
|
|
* Scripted People service for describing and executing actions against People & Groups.
|
|
*
|
|
* @author davidc
|
|
* @author kevinr
|
|
*/
|
|
public final class People extends BaseScopableProcessorExtension implements InitializingBean
|
|
{
|
|
private static Log logger = LogFactory.getLog(People.class);
|
|
|
|
/** Repository Service Registry */
|
|
private ServiceRegistry services;
|
|
private AuthorityDAO authorityDAO;
|
|
private AuthorityService authorityService;
|
|
private PersonService personService;
|
|
private MutableAuthenticationService authenticationService;
|
|
private ContentUsageService contentUsageService;
|
|
private TenantService tenantService;
|
|
private UserNameGenerator usernameGenerator;
|
|
private StoreRef storeRef;
|
|
private ValueDerivingMapFactory<ScriptNode, String, Boolean> valueDerivingMapFactory;
|
|
private int numRetries = 10;
|
|
|
|
|
|
public void afterPropertiesSet() throws Exception
|
|
{
|
|
Map <String, ValueDeriver<ScriptNode, Boolean>> capabilityTesters = new HashMap<String, ValueDeriver<ScriptNode, Boolean>>(5);
|
|
capabilityTesters.put("isAdmin", new ValueDeriver<ScriptNode, Boolean>()
|
|
{
|
|
public Boolean deriveValue(ScriptNode source)
|
|
{
|
|
return isAdmin(source);
|
|
}
|
|
});
|
|
capabilityTesters.put("isGuest", new ValueDeriver<ScriptNode, Boolean>()
|
|
{
|
|
public Boolean deriveValue(ScriptNode source)
|
|
{
|
|
return isGuest(source);
|
|
}
|
|
});
|
|
capabilityTesters.put("isMutable", new ValueDeriver<ScriptNode, Boolean>()
|
|
{
|
|
public Boolean deriveValue(ScriptNode source)
|
|
{
|
|
// Check whether the account is mutable according to the authentication service
|
|
String sourceUser = (String) source.getProperties().get(ContentModel.PROP_USERNAME);
|
|
if (!authenticationService.isAuthenticationMutable(sourceUser))
|
|
{
|
|
return false;
|
|
}
|
|
// Only allow non-admin users to mutate their own accounts
|
|
String currentUser = authenticationService.getCurrentUserName();
|
|
if (currentUser.equals(sourceUser) || authorityService.isAdminAuthority(currentUser))
|
|
{
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
});
|
|
this.valueDerivingMapFactory = new ValueDerivingMapFactory<ScriptNode, String, Boolean>(capabilityTesters);
|
|
}
|
|
|
|
/**
|
|
* Set the default store reference
|
|
*
|
|
* @param storeRef the default store reference
|
|
*/
|
|
public void setStoreUrl(String storeRef)
|
|
{
|
|
// ensure this is not set again by a script instance
|
|
if (this.storeRef != null)
|
|
{
|
|
throw new IllegalStateException("Default store URL can only be set once.");
|
|
}
|
|
this.storeRef = new StoreRef(storeRef);
|
|
}
|
|
|
|
/**
|
|
* Sets the authentication service.
|
|
*
|
|
* @param authenticationService
|
|
* the authentication service
|
|
*/
|
|
public void setAuthenticationService(MutableAuthenticationService authenticationService)
|
|
{
|
|
this.authenticationService = authenticationService;
|
|
}
|
|
|
|
/**
|
|
* Set the service registry
|
|
*
|
|
* @param serviceRegistry the service registry
|
|
*/
|
|
public void setServiceRegistry(ServiceRegistry serviceRegistry)
|
|
{
|
|
this.services = serviceRegistry;
|
|
}
|
|
|
|
/**
|
|
* Set the authority DAO
|
|
*
|
|
* @param authorityDAO authority dao
|
|
*/
|
|
public void setAuthorityDAO(AuthorityDAO authorityDAO)
|
|
{
|
|
this.authorityDAO = authorityDAO;
|
|
}
|
|
|
|
/**
|
|
* Set the authority service
|
|
*
|
|
* @param authorityService The authorityService to set.
|
|
*/
|
|
public void setAuthorityService(AuthorityService authorityService)
|
|
{
|
|
this.authorityService = authorityService;
|
|
}
|
|
|
|
/**
|
|
* Set the person service
|
|
*
|
|
* @param personService The personService to set.
|
|
*/
|
|
public void setPersonService(PersonService personService)
|
|
{
|
|
this.personService = personService;
|
|
}
|
|
|
|
/**
|
|
* @param contentUsageService the ContentUsageService to set
|
|
*/
|
|
public void setContentUsageService(ContentUsageService contentUsageService)
|
|
{
|
|
this.contentUsageService = contentUsageService;
|
|
}
|
|
|
|
/**
|
|
* @param tenantService the tenantService to set
|
|
*/
|
|
public void setTenantService(TenantService tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
/**
|
|
* Set the user name generator service
|
|
*
|
|
* @param userNameGenerator the user name generator
|
|
*/
|
|
public void setUserNameGenerator(UserNameGenerator userNameGenerator)
|
|
{
|
|
this.usernameGenerator = userNameGenerator;
|
|
}
|
|
|
|
/**
|
|
* Delete a Person with the given username
|
|
*
|
|
* @param username the username of the person to delete
|
|
*/
|
|
public void deletePerson(String username)
|
|
{
|
|
personService.deletePerson(username);
|
|
}
|
|
|
|
/**
|
|
* Create a Person with an optionally generated user name
|
|
*
|
|
* @param userName userName or null for a generated user name
|
|
* @param firstName firstName
|
|
* @param lastName lastName
|
|
* @param emailAddress emailAddress
|
|
* @param password if not null creates a new authenticator with the given password.
|
|
* @param setAccountEnabled
|
|
* set to 'true' to create enabled user account, or 'false' to
|
|
* create disabled user account for created person.
|
|
* @return the person node (type cm:person) created or null if the person
|
|
* could not be created
|
|
*/
|
|
public ScriptNode createPerson(String userName, String firstName, String lastName, String emailAddress, String password, boolean setAccountEnabled)
|
|
{
|
|
ParameterCheck.mandatory("firstName", firstName);
|
|
ParameterCheck.mandatory("lastName", lastName);
|
|
ParameterCheck.mandatory("emailAddress", emailAddress);
|
|
|
|
ScriptNode person = null;
|
|
|
|
// generate user name if not supplied
|
|
if (userName == null)
|
|
{
|
|
for (int i=0; i < numRetries; i++)
|
|
{
|
|
userName = usernameGenerator.generateUserName(firstName, lastName, emailAddress, i);
|
|
|
|
// create person if user name does not already exist
|
|
if (!personService.personExists(userName))
|
|
{
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (userName != null)
|
|
{
|
|
if (tenantService.isEnabled())
|
|
{
|
|
String currentDomain = tenantService.getCurrentUserDomain();
|
|
if (! currentDomain.equals(TenantService.DEFAULT_DOMAIN))
|
|
{
|
|
if (! tenantService.isTenantUser(userName))
|
|
{
|
|
// force domain onto the end of the username
|
|
userName = tenantService.getDomainUser(userName, currentDomain);
|
|
logger.warn("Added domain to username: " + userName);
|
|
}
|
|
else
|
|
{
|
|
try
|
|
{
|
|
tenantService.checkDomainUser(userName);
|
|
}
|
|
catch (RuntimeException re)
|
|
{
|
|
throw new AuthenticationException("User must belong to same domain as admin: " + currentDomain);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
person = createPerson(userName, firstName, lastName, emailAddress);
|
|
|
|
if (person != null && password != null)
|
|
{
|
|
// create account for person with the userName and password
|
|
authenticationService.createAuthentication(userName, password.toCharArray());
|
|
authenticationService.setAuthenticationEnabled(userName, setAccountEnabled);
|
|
|
|
person.save();
|
|
}
|
|
}
|
|
|
|
return person;
|
|
}
|
|
|
|
/**
|
|
* Enable user account. Can only be called by an Admin authority.
|
|
*
|
|
* @param userName user name for which to enable user account
|
|
*/
|
|
public void enableAccount(String userName)
|
|
{
|
|
if (this.authorityService.isAdminAuthority(AuthenticationUtil.getFullyAuthenticatedUser()))
|
|
{
|
|
this.authenticationService.setAuthenticationEnabled(userName, true);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Disable user account. Can only be called by an Admin authority.
|
|
*
|
|
* @param userName user name for which to disable user account
|
|
*/
|
|
public void disableAccount(String userName)
|
|
{
|
|
if (this.authorityService.isAdminAuthority(AuthenticationUtil.getFullyAuthenticatedUser()))
|
|
{
|
|
this.authenticationService.setAuthenticationEnabled(userName, false);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Return true if the specified user account is enabled.
|
|
*
|
|
* @param userName user name to test account
|
|
*
|
|
* @return true if account enabled, false if disabled
|
|
*/
|
|
public boolean isAccountEnabled(String userName)
|
|
{
|
|
return this.authenticationService.getAuthenticationEnabled(userName);
|
|
}
|
|
|
|
/**
|
|
* Change the password for the currently logged in user.
|
|
* Old password must be supplied.
|
|
*
|
|
* @param oldPassword Old user password
|
|
* @param newPassword New user password
|
|
*/
|
|
public void changePassword(String oldPassword, String newPassword)
|
|
{
|
|
ParameterCheck.mandatoryString("oldPassword", oldPassword);
|
|
ParameterCheck.mandatoryString("newPassword", newPassword);
|
|
|
|
this.services.getAuthenticationService().updateAuthentication(
|
|
AuthenticationUtil.getFullyAuthenticatedUser(), oldPassword.toCharArray(), newPassword.toCharArray());
|
|
}
|
|
|
|
/**
|
|
* Set a password for the given user. Note that only an administrator
|
|
* can perform this action, otherwise it will be ignored.
|
|
*
|
|
* @param userName Username to change password for
|
|
* @param password Password to set
|
|
*/
|
|
public void setPassword(String userName, String password)
|
|
{
|
|
ParameterCheck.mandatoryString("userName", userName);
|
|
ParameterCheck.mandatoryString("password", password);
|
|
|
|
MutableAuthenticationService authService = this.services.getAuthenticationService();
|
|
if (this.authorityService.hasAdminAuthority() && (userName.equalsIgnoreCase(authService.getCurrentUserName()) == false))
|
|
{
|
|
authService.setAuthentication(userName, password.toCharArray());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Create a Person with the given user name
|
|
*
|
|
* @param userName the user name of the person to create
|
|
* @return the person node (type cm:person) created or null if the user name already exists
|
|
*/
|
|
public ScriptNode createPerson(String userName)
|
|
{
|
|
ParameterCheck.mandatoryString("userName", userName);
|
|
|
|
ScriptNode person = null;
|
|
|
|
PropertyMap properties = new PropertyMap();
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
|
|
if (!personService.personExists(userName))
|
|
{
|
|
NodeRef personRef = personService.createPerson(properties);
|
|
person = new ScriptNode(personRef, services, getScope());
|
|
}
|
|
|
|
return person;
|
|
}
|
|
|
|
/**
|
|
* Create a Person with the given user name, firstName, lastName and emailAddress
|
|
*
|
|
* @param userName the user name of the person to create
|
|
* @return the person node (type cm:person) created or null if the user name already exists
|
|
*/
|
|
public ScriptNode createPerson(String userName, String firstName, String lastName, String emailAddress)
|
|
{
|
|
ParameterCheck.mandatoryString("userName", userName);
|
|
ParameterCheck.mandatoryString("firstName", firstName);
|
|
ParameterCheck.mandatoryString("lastName", lastName);
|
|
ParameterCheck.mandatoryString("emailAddress", emailAddress);
|
|
|
|
ScriptNode person = null;
|
|
|
|
PropertyMap properties = new PropertyMap();
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
properties.put(ContentModel.PROP_FIRSTNAME, firstName);
|
|
properties.put(ContentModel.PROP_LASTNAME, lastName);
|
|
properties.put(ContentModel.PROP_EMAIL, emailAddress);
|
|
|
|
if (!personService.personExists(userName))
|
|
{
|
|
NodeRef personRef = personService.createPerson(properties);
|
|
person = new ScriptNode(personRef, services, getScope());
|
|
}
|
|
|
|
return person;
|
|
}
|
|
|
|
/**
|
|
* Set the content quota in bytes for a person.
|
|
* Only the admin authority can set this value.
|
|
*
|
|
* @param person Person to set quota against.
|
|
* @param quota As a string, in bytes, a value of "-1" means no quota is set
|
|
*/
|
|
public void setQuota(ScriptNode person, String quota)
|
|
{
|
|
if (this.authorityService.isAdminAuthority(AuthenticationUtil.getFullyAuthenticatedUser()))
|
|
{
|
|
this.contentUsageService.setUserQuota((String)person.getProperties().get(ContentModel.PROP_USERNAME), Long.parseLong(quota));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get the collection of people stored in the repository.
|
|
* An optional filter query may be provided by which to filter the people collection.
|
|
* Space separate the query terms i.e. "john bob" will find all users who's first or
|
|
* second names contain the strings "john" or "bob".
|
|
*
|
|
* @param filter filter query string by which to filter the collection of people.
|
|
* If <pre>null</pre> then all people stored in the repository are returned
|
|
*
|
|
* @return people collection as a JavaScript array
|
|
*/
|
|
public Scriptable getPeople(String filter)
|
|
{
|
|
return getPeople(filter, 0);
|
|
}
|
|
|
|
/**
|
|
* Get the collection of people stored in the repository.
|
|
* An optional filter query may be provided by which to filter the people collection.
|
|
* Space separate the query terms i.e. "john bob" will find all users who's first or
|
|
* second names contain the strings "john" or "bob".
|
|
*
|
|
* @param filter filter query string by which to filter the collection of people.
|
|
* If <pre>null</pre> then all people stored in the repository are returned
|
|
* @param maxResults maximum results to return or all if <= 0
|
|
*
|
|
* @return people collection as a JavaScript array
|
|
*/
|
|
public Scriptable getPeople(String filter, int maxResults)
|
|
{
|
|
Object[] people = null;
|
|
|
|
if (filter == null || filter.length() == 0)
|
|
{
|
|
people = personService.getAllPeople().toArray();
|
|
if (maxResults > 0 && people.length > maxResults)
|
|
{
|
|
Object[] dest = new Object[maxResults];
|
|
System.arraycopy(people, 0, dest, 0, maxResults);
|
|
people = dest;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
filter = filter.trim();
|
|
if (filter.length() != 0)
|
|
{
|
|
// define the query to find people by their first or last name
|
|
StringBuilder query = new StringBuilder(128);
|
|
for (StringTokenizer t = new StringTokenizer(filter, " "); t.hasMoreTokens(); /**/)
|
|
{
|
|
String term = LuceneQueryParser.escape(t.nextToken().replace('"', ' '));
|
|
query.append("@").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:firstName:\"*");
|
|
query.append(term);
|
|
query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:lastName:\"*");
|
|
query.append(term);
|
|
query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:userName:\"*");
|
|
query.append(term);
|
|
query.append("*\" ");
|
|
}
|
|
|
|
// define the search parameters
|
|
SearchParameters params = new SearchParameters();
|
|
params.setLanguage(SearchService.LANGUAGE_LUCENE);
|
|
params.addStore(this.storeRef);
|
|
params.setQuery(query.toString());
|
|
if (maxResults > 0)
|
|
{
|
|
params.setLimitBy(LimitBy.FINAL_SIZE);
|
|
params.setLimit(maxResults);
|
|
}
|
|
|
|
ResultSet results = null;
|
|
try
|
|
{
|
|
results = services.getSearchService().query(params);
|
|
people = results.getNodeRefs().toArray();
|
|
}
|
|
finally
|
|
{
|
|
if (results != null)
|
|
{
|
|
results.close();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (people == null)
|
|
{
|
|
people = new Object[0];
|
|
}
|
|
|
|
return Context.getCurrentContext().newArray(getScope(), people);
|
|
}
|
|
|
|
/**
|
|
* Gets the Person given the username
|
|
*
|
|
* @param username the username of the person to get
|
|
* @return the person node (type cm:person) or null if no such person exists
|
|
*/
|
|
public ScriptNode getPerson(String username)
|
|
{
|
|
ParameterCheck.mandatoryString("Username", username);
|
|
ScriptNode person = null;
|
|
if (personService.personExists(username))
|
|
{
|
|
NodeRef personRef = personService.getPerson(username);
|
|
person = new ScriptNode(personRef, services, getScope());
|
|
}
|
|
return person;
|
|
}
|
|
|
|
/**
|
|
* Gets the Group given the group name
|
|
*
|
|
* @param groupName name of group to get
|
|
* @return the group node (type usr:authorityContainer) or null if no such group exists
|
|
*/
|
|
public ScriptNode getGroup(String groupName)
|
|
{
|
|
ParameterCheck.mandatoryString("GroupName", groupName);
|
|
ScriptNode group = null;
|
|
NodeRef groupRef = authorityDAO.getAuthorityNodeRefOrNull(groupName);
|
|
if (groupRef != null)
|
|
{
|
|
group = new ScriptNode(groupRef, services, getScope());
|
|
}
|
|
return group;
|
|
}
|
|
|
|
/**
|
|
* Deletes a group from the system.
|
|
*
|
|
* @param group The group to delete
|
|
*/
|
|
public void deleteGroup(ScriptNode group)
|
|
{
|
|
ParameterCheck.mandatory("Group", group);
|
|
if (group.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
String groupName = (String)group.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
authorityService.deleteAuthority(groupName);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Create a new root level group with the specified unique name
|
|
*
|
|
* @param groupName The unique group name to create - NOTE: do not prefix with "GROUP_"
|
|
*
|
|
* @return the group reference if successful or null if failed
|
|
*/
|
|
public ScriptNode createGroup(String groupName)
|
|
{
|
|
return createGroup(null, groupName);
|
|
}
|
|
|
|
/**
|
|
* Create a new group with the specified unique name
|
|
*
|
|
* @param parentGroup The parent group node - can be null for a root level group
|
|
* @param groupName The unique group name to create - NOTE: do not prefix with "GROUP_"
|
|
*
|
|
* @return the group reference if successful or null if failed
|
|
*/
|
|
public ScriptNode createGroup(ScriptNode parentGroup, String groupName)
|
|
{
|
|
ParameterCheck.mandatoryString("GroupName", groupName);
|
|
|
|
ScriptNode group = null;
|
|
|
|
String actualName = services.getAuthorityService().getName(AuthorityType.GROUP, groupName);
|
|
if (authorityService.authorityExists(actualName) == false)
|
|
{
|
|
String result = authorityService.createAuthority(AuthorityType.GROUP, groupName);
|
|
if (parentGroup != null)
|
|
{
|
|
String parentGroupName = (String)parentGroup.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
if (parentGroupName != null)
|
|
{
|
|
authorityService.addAuthority(parentGroupName, actualName);
|
|
}
|
|
}
|
|
group = getGroup(result);
|
|
}
|
|
|
|
return group;
|
|
}
|
|
|
|
/**
|
|
* Add an authority (a user or group) to a group container as a new child
|
|
*
|
|
* @param parentGroup The parent container group
|
|
* @param authority The authority (user or group) to add
|
|
*/
|
|
public void addAuthority(ScriptNode parentGroup, ScriptNode authority)
|
|
{
|
|
ParameterCheck.mandatory("Authority", authority);
|
|
ParameterCheck.mandatory("ParentGroup", parentGroup);
|
|
if (parentGroup.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
String parentGroupName = (String)parentGroup.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
String authorityName;
|
|
if (authority.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
authorityName = (String)authority.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
}
|
|
else
|
|
{
|
|
authorityName = (String)authority.getProperties().get(ContentModel.PROP_USERNAME);
|
|
}
|
|
authorityService.addAuthority(parentGroupName, authorityName);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Remove an authority (a user or group) from a group
|
|
*
|
|
* @param parentGroup The parent container group
|
|
* @param authority The authority (user or group) to remove
|
|
*/
|
|
public void removeAuthority(ScriptNode parentGroup, ScriptNode authority)
|
|
{
|
|
ParameterCheck.mandatory("Authority", authority);
|
|
ParameterCheck.mandatory("ParentGroup", parentGroup);
|
|
if (parentGroup.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
String parentGroupName = (String)parentGroup.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
String authorityName;
|
|
if (authority.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
authorityName = (String)authority.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
}
|
|
else
|
|
{
|
|
authorityName = (String)authority.getProperties().get(ContentModel.PROP_USERNAME);
|
|
}
|
|
authorityService.removeAuthority(parentGroupName, authorityName);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the members (people) of a group (including all sub-groups)
|
|
*
|
|
* @param group the group to retrieve members for
|
|
* @param recurse recurse into sub-groups
|
|
*
|
|
* @return members of the group as a JavaScript array
|
|
*/
|
|
public Scriptable getMembers(ScriptNode group)
|
|
{
|
|
ParameterCheck.mandatory("Group", group);
|
|
Object[] members = getContainedAuthorities(group, AuthorityType.USER, true);
|
|
return Context.getCurrentContext().newArray(getScope(), members);
|
|
}
|
|
|
|
/**
|
|
* Gets the members (people) of a group
|
|
*
|
|
* @param group the group to retrieve members for
|
|
* @param recurse recurse into sub-groups
|
|
*
|
|
* @return the members of the group as a JavaScript array
|
|
*/
|
|
public Scriptable getMembers(ScriptNode group, boolean recurse)
|
|
{
|
|
ParameterCheck.mandatory("Group", group);
|
|
Object[] members = getContainedAuthorities(group, AuthorityType.USER, recurse);
|
|
return Context.getCurrentContext().newArray(getScope(), members);
|
|
}
|
|
|
|
/**
|
|
* Gets the groups that contain the specified authority
|
|
*
|
|
* @param person the user (cm:person) to get the containing groups for
|
|
*
|
|
* @return the containing groups as a JavaScript array
|
|
*/
|
|
public Scriptable getContainerGroups(ScriptNode person)
|
|
{
|
|
ParameterCheck.mandatory("Person", person);
|
|
Object[] parents = null;
|
|
Set<String> authorities = this.authorityService.getContainingAuthorities(
|
|
AuthorityType.GROUP,
|
|
(String)person.getProperties().get(ContentModel.PROP_USERNAME),
|
|
false);
|
|
parents = new Object[authorities.size()];
|
|
int i = 0;
|
|
for (String authority : authorities)
|
|
{
|
|
ScriptNode group = getGroup(authority);
|
|
if (group != null)
|
|
{
|
|
parents[i++] = group;
|
|
}
|
|
}
|
|
return Context.getCurrentContext().newArray(getScope(), parents);
|
|
}
|
|
|
|
/**
|
|
* Return true if the specified user is an Administrator authority.
|
|
*
|
|
* @param person to test
|
|
*
|
|
* @return true if an admin, false otherwise
|
|
*/
|
|
public boolean isAdmin(ScriptNode person)
|
|
{
|
|
ParameterCheck.mandatory("Person", person);
|
|
return this.authorityService.isAdminAuthority((String)person.getProperties().get(ContentModel.PROP_USERNAME));
|
|
}
|
|
|
|
/**
|
|
* Return true if the specified user is an guest authority.
|
|
*
|
|
* @param person to test
|
|
*
|
|
* @return true if an admin, false otherwise
|
|
*/
|
|
public boolean isGuest(ScriptNode person)
|
|
{
|
|
ParameterCheck.mandatory("Person", person);
|
|
return this.authorityService.isGuestAuthority((String) person.getProperties().get(ContentModel.PROP_USERNAME));
|
|
}
|
|
|
|
/**
|
|
* Gets a map of capabilities (boolean assertions) for the given person.
|
|
*
|
|
* @param person
|
|
* the person
|
|
* @return the capability map
|
|
*/
|
|
public Map<String, Boolean> getCapabilities(final ScriptNode person)
|
|
{
|
|
ParameterCheck.mandatory("Person", person);
|
|
Map<String,Boolean> retVal = new ScriptableHashMap<String, Boolean>();
|
|
retVal.putAll(this.valueDerivingMapFactory.getMap(person));
|
|
return retVal;
|
|
}
|
|
|
|
/**
|
|
* Get Contained Authorities
|
|
*
|
|
* @param container authority containers
|
|
* @param type authority type to filter by
|
|
* @param recurse recurse into sub-containers
|
|
*
|
|
* @return contained authorities
|
|
*/
|
|
private Object[] getContainedAuthorities(ScriptNode container, AuthorityType type, boolean recurse)
|
|
{
|
|
Object[] members = null;
|
|
|
|
if (container.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
String groupName = (String)container.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
Set<String> authorities = authorityService.getContainedAuthorities(type, groupName, !recurse);
|
|
members = new Object[authorities.size()];
|
|
int i = 0;
|
|
for (String authority : authorities)
|
|
{
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(authority);
|
|
if (authorityType.equals(AuthorityType.GROUP))
|
|
{
|
|
ScriptNode group = getGroup(authority);
|
|
if (group != null)
|
|
{
|
|
members[i++] = group;
|
|
}
|
|
}
|
|
else if (authorityType.equals(AuthorityType.USER))
|
|
{
|
|
ScriptNode person = getPerson(authority);
|
|
if (person != null)
|
|
{
|
|
members[i++] = person;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return members != null ? members : new Object[0];
|
|
}
|
|
}
|