mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
8521b7d7bd
34060: Merged V4.0 (4.0) to 4.0-BUG-FIX (4.0.1) <<< NOTE ALF-12939 still needs to be done to complete this merge to 4.0.1 >>>
33056: Fix for ALF-12280: Upgrading from version 3.4.7 to 4.0.0 failed with MS SQL database
- Added dialect-specific script for SQL Server
33059: Fix for ALF-12127, ALF-11161, ALF-11988
Merged BRANCHES/DEV/THOR1 to BRANCHES/V4.0
33049: Fixed follow issues on THOR-839 & THOR-826
- Following webscripts now sets "Content-Type" response header to application/json
- which makes people search display follow buttons for people correctly
Fix for ALF-12077
Merged BRANCHES/DEV/V3.4-BUG-FIX to BRANCHES/V4.0
32999: Fix for ALF-12050 - IE specific handling of Ajax requests does not correctly respect no-cache setting, need to set Expires header also
33060: Fix for ALF-12208 - group name encoding
33072: Merge from HEAD to V4.0
33071: ALF-11843 CLONE - Enterprise unlimited licenses still get invalidated turning the system into read-only mode
- Fixed build failure in HeartBeat. It had relied on the fact that the previous LicenseComponent kept calling onLicenseChange every time
the license was checked. It needed the check 1 minute after the initial bootstrap call as there was a memory model sync issue in the
HeartBeat constructor to do with setting the URL it needed to call.
33073: Fix for ALF-12295 - CLONE - Upload issue ? - Failed to get content ... (No such file or directory) ... x22
33083: Merge from HEAD to V4.0
33082: ALF-11843 CLONE - Enterprise unlimited licenses still get invalidated turning the system into read-only mode
- Did not refresh Tortoise window, this file was missed in the last commit
33080: ALF-11843 CLONE - Enterprise unlimited licenses still get invalidated turning the system into read-only mode
- On reflection decided to call onLicenseChange every time the license is checked.
A change of valid license would not have resulted in a call to onLicenseChange
Also have been able to make failure and success code more symmetrical.
- The previous commit also added a RetryingTransaction around the sendData() call to
currentRepoDescriptorDAO.getLicenseKey() which I found while making the HeartBeat
changes. As a result we should no longer see the error in 4.0 about there not being a
transaction.
33087: Calendar: Permissions updates, fixes: ALF-12179 & makes the permissions flag boolean.
33088: FIXED : ALF-11862: An error message appears when you open the "edit task", to request to join the "moderated site"
Now handles null value
33102: Fix for ACT #15024-37148 (will update with JIRA no. once available)
- issue where in a load balanced Share environment (multiple web-tiers behind a reverse proxy) the modification to the template layout selection for a site or user dashboard would not be reflected in all servers.
33105: Bitrock license notice file.
33114: Merged DEV to V4.0
33067: Fix ALF-12206: CMIS: Error getting association information referencing archived node
33122: Fix for ALF-12316 Repo -> SOLR query uses HTTPClient that only supports 2 simultaneous connections
- configurable via spring (default if unconfigured is 40 connections to one host and 40 max connections)
33142: ALF-12339: Prevents ArrayOutOfBoundsException that can occur with concurrent access of i18n bundle in WebScript
34065: Fix for ALF-12708 (part 2)
- Alfresco opencmis extensions library
34093: ALF-10902 : CIFS: No friendly notification occurs when Editor or Collaborator tries to delete content
34120: ALF-12767 : CIFS TextEdit - File has been modified outside TextEdit
34125: Merged BRANCHES\V4.0 to BRANCHES\DEV\V4.0-BUG-FIX
34094: Fix for ALF-12944 OpenCMIS - CMIS-QL - Range queries for date and datetime properties fail
34095: Fix for ALF-12944 OpenCMIS - CMIS-QL - Range queries for date and datetime properties fail
- caught incorrect exception - so much for reading the Java Doc :-)
- build fix
34138: ALF-564 : Is network-protocol-context.xml still useful ?
34149: Removes more server side rendered dates:
Fixes: ALF-12965, ALF-12984, ALF-12988.
34158: Fix for ALF-12741 - Steck specific : error on managing groups
34176: Merged BRANCHES\V4.0 to BRANCHES\DEV\V4.0-BUG-FIX
34155: Fix for ALF-12979 CLONE - Search - searching in site without any images for *.jpg brings back all the documents
- note this relies on wildcard/prefix/term/phrase all going through the phrase implementation for wildcard from ALF-12162
34193: Fix for ALF-12205
34196: Fix for ALF-12758
34201: ALF-12892: Ensure that document permissions are refreshed in the dialog after being changed
34214: Switched off the CIFS Kerberos ticket cracking code by default, added a config value to enable it, latest JVMs do not require this. Part of ALF-12294.
CIFS Kerberos authentication now works with the IBM JDK.
34215: Switched off the CIFS Kerberos ticket cracking code by default, added a property to enable it, latest JVMs do not require this. Part of ALF-12294.
CIFS Kerberos authentication now works with the IBM JDK (and OpenJDK, Oracle/Sun JVMs)
34219: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/V4.0-BUG-FIX:
32096: THOR-429: Fix "MT: Thumbnail + Preview are not updated (after uploading new version)"
32125: THOR-429: Fix "MT: Thumbnail + Preview are not updated (after uploading new version)"
34220: Minor: follow-on to r34219 (ALF-11563)
34226: ALF-12780: Mac OS X Lion 10.7.2: Editing a document via CIFS and TextEdit removes versionable aspect from this file
34228: ALF-12689: Fixed character encoding issue with dynamic welcome dashlet
34237: ALF-12740: Updated XHR requests to include a noCache request parameter to address IE issue where 304 reponse is assumed for XHR request
34240: ALF-12835: Second click in status box no longer clears status
34241: ALF-11991: Updated DocLib to support categories
34245: Merged BRANCHES/DEV/THOR1_SPRINTS to BRANCHES/DEV/V4.0-BUG-FIX:
33420: THOR-1000: Solr tracking: NodeContentGet should not create (empty) temp file if there is no transformer (eg. for image node)
34246: Reverse merge of BRANCHES/DEV/V4.0-BUG-FIX -c 34245
Due to an 'svn commit' command argument ordering error, I checked in the solrcore.properties files. This reverse merge removes those changes.
34247: Merged BRANCHES/DEV/THOR1_SPRINTS to BRANCHES/DEV/V4.0-BUG-FIX:
33420: THOR-1000: Solr tracking: NodeContentGet should not create (empty) temp file if there is no transformer (eg. for image node)
34249: ALF-12782 : IMAP - No friendly notification occurs when a user without delete permissions tries to delete content
34254: Fix for ALF-13090 SOLR - cross tokenisation field matches too much for "*u*a"
34262: Fixes: ALF-11557: Publishing Balloon popups appearing in wrong locations. Now appears in correct location in Doc Lib & replaced with standard popup message on Channel Admin page.
34279: NodeDAO: re-parent "lost & found" orphan child nodes (see ALF-12358 & ALF-13066 / SYS-301)
- if orphaned nodes are identified (eg. via getPath(s)) then attempt partial recovery by placing them in (temp) lost_found
- ... ALF-12358 ('child' node has deleted parent(s))
- ... ALF-13066 (non-root 'child' node has no parent(s))
- for internal use only - allows index tracking (eg. Solr) to continue
- precursor to fixing underlying root causes
- includes merge & extension of "testConcurrentLinkToDeletedNode" (from DEV/DEREK/ALF-12358)
34298: Merged V3.4-BUG-FIX to V4.0-BUG-FIX
34068: Fix for ALF-342 - Entering a search containing a double quote displays pop-up 500 error in OpenSearch JSF component
34069: Fix for ALF-342 - Completed fix with additional encoded of output HTML
34070: Fix for ALF-12553 - Users are unable to see more than 100 sites under 'My Sites' page. List length now configurable.
34080: Fix for ALF-10306 - Share Advanced search issue with the Date Range form values
34107: Added missing jar lib to wcmquickstart and webeditor dependencies
34114: Fix for ALF-10284 - User should be informed when user provides invalid credentials while opening document using link
34151: Merged V3.4 (3.4.8) to V3.4-BUG-FIX (3.4.9)
34121: Merged BELARUS/V3.4-BUG-FIX-2012_01_26 to V3.4 (3.4.8)
Should have been done in 3.4.7 in ALF-12174 but was not found by Eclipse search
34100: ALF-12948 : Copyright year on "About Alfresco" page is out of date
Updated copyright year to 2012.
34150: ALF-10976 (relates to ALF-10412)
- Thumbnail mimetype check should have been >= 0 not > 0.
34171: ALF-13016 : TestModel class exits with a return code of 0 even if model fails validation.
34190: A modifiable map that protects and underlying map from modification
- When cloning the backing map (in the event of an potentially-modifying operation) keys and values
are specifically checked for mutability to prevent excessive cloning.
- Working towards fix for ALF-12855
34191: Fix ALF-12855: Improvement for Lucene in memory sorting and improvement for nodeService.getProperty()
- Use ValueProtectingMap when passing values out of the NodeDAO
- Solves the problem of map cloning when used internally as well as when calling NodeService.getProperty()
- If client code retrieves immutable values from the properties, then they will not be cloned
- TODO: Special handling of entrySet() and keySet() methods (see ALF-12868) to prevent interceptors from
triggering map cloning
34230: Fixes: ALF-12520. Adds i18n strings for siteModel
34253: Fix for ALF-13102 - JBoss: Unathorized responce recieved on a wcs/touch request with clustered alfrescos (ntlm sso enabled).
34272: ALF-13136 Merged V3.4.7 (3.4.7.5) to V3.4-BUG-FIX (3.4.9)
34267: ALF-12419 "Garbage collector error" LockAcquisition on the OrphanReaper process
- Modified OrphanReaper to use newer JobLockRefreshCallback.
Refresh lock every minute and timeout if it takes longer than an hour.
34281: ALF-13145: Merged PATCHES/V3.4.7 to V3.4-BUG-FIX
34273: ALF-13112: Groups are not displayed when 60k sites and 60 groups in the system
- Timeout adjustment approved by Kev and Erik
34291: Merged V3.4 to V3.4-BUG-FIX
34197: ALF-12900 Error occurs in My Documents dashlet
NodeRef (ScriptNode) passed to the doclist.get.js doesn't have any content. Not sure why yet.
Investigation continues, so there may be more changes to stop such nodes being passed in the first place.
NPE is as a result of having a nodeRef without content. It falls over on new code in 3.4.8 for ALF-10976 and ALF-10412.
Not too sure what would have happened in 3.4.7, but expect there world have been another exception in the transformer code.
- Addition of defensive code around contentData being null and the reader given to the transformer being null.
34198: ALF-12900 Error occurs in My Documents dashlet
- File missing from last commit
34242: ALF-13078 Copyright notice shows Alfresco Software, Inc. © 2005-2011 All rights reserved.... should now be to 2012
- Should have been done in 3.4.7 in ALF-12174 but was not found by Eclipse search
34265: Updated installer splash screen for 2012 (thanks Linton!)
34282: ALF-13059: Windows 7 specific: It's impossible to add documents to DWS
- Fix by Alex Malinovsky
34286: ALF-12949: Merged V4.0 to V3.4
34248: ALF-13102: NTLM on JBoss - Fix problem with Share SSO Authentication Filter corrupting cookie headers
34292: Merged V3.4 to V3.4-BUG-FIX (RECORD ONLY)
34284: ALF-12949: Merged V3.4-BUG-FIX to V3.4
34253: Fix for ALF-13102 - Surf mixing up cookies for different sessions
34299: Merged V4.0 to V4.0-BUG-FIX
34067: ALF-12423: Prevent script error on IE9
34102: SPANISH: Fixes minor encoding error
34115: Merged BRANCHES/DEV/BELARUS/V4.0-BUG-FIX-2012_01_20 to BRANCHES/V4.0:
34099: ALF-12710: Stack specific: It's impossible to log into CMIS Workbench through WebServices binding
34156: Missed from commit for r34154
34189: Fix for ALF-12822 - Script error when Add translation
34216: Fixes: ALF-11938 - A distinction needed making between the i18n labels for company address and personal address - I extended this to other company specific fields too.
34238: ALF-12864: Removed trailing spaces from installed jodconverter defaults
- Stopped forms from recognising booleans
34243: NFS, switch from read-only to writeable file if write access required and cached file was opened read-only. ALF-12193.
Fix I/O error saving from OpenOffice on Linux.
34263: Merged HEAD to V4.0
34250: Fixed THOR-1137 "Make Spring Surf enable-auto-deploy-modules by default"
34264: ALF-12975: alfresco-enterprise-4.0.1-installer-win-x64.exe / x32 installers fail
- Due to not detecting new stderr file
34278: ALF-12763: Re-applied change from ALF-7528 after it was lost in r28224 / ALF-5900
- PutMethod was modified to use only guessed mime type for documents and completely ignore the Content-Type header from client.
34303: Merged V4.0 to V4.0-BUG-FIX (RECORD ONLY)
33110: Merged BRANCHES/DEV/V4.0-BUG-FIX to BRANCHES/V4.0:
33109: ALF-11479: When upgrading from Alfresco Community 3.4.d to 4.0.b, some nodes that are blocked and have versions fail after the upgrade
33320: Merged BRANCHES\DEV\V4.0-BUG-FIX to BRANCHESV4.0
33305: ALF-12463 Error querying database was detected during upgrade process from 3.1 to 4.0.0.
33326: Merged BRANCHES/DEV/V3.4-BUG-FIX to BRANCHES/V4.0
33277 ALF-12468 CLONE - Regression. Searches cause database server to thrash CPU - ALF-12426
33331: Merged BRANCHES\DEV\V3.4-BUG-FIX to BRANCHES\V4.0
33301: ALF-12464: Merged PATCHES/V3.4.5 to V3.4-BUG-FIX
33299: ALF-12281: Memory leak in ReferenceCountingReadOnlyIndexReaderFactory
33303: ALF-12464: Merged PATCHES/V3.4.5 to V3.4-BUG-FIX
33302: ALF-12281: Correction to previous checkin - deal with the initial reference created by the constructor and cleared by closeIfRequired()
33398: Merged V4.0-BUG-FIX to V4.0
33116: ALF-12517: Allow multiple deferred requests per oplock break, next level of fix for ALF-11935.
33147: FTP implemented set modification date/time command (MFMT). ALF-12105.
33151: Fix problems with FTP and UTF-8. JLAN-81.
When using the Java6 Normalizer use the NFC form.
33158: Fix NFS server swallows exceptions. ALF-11667.
Startup exception details are now saved.
33183: Minor fix to exception string in extendBuffer().
34061: Merged V4.0-BUG-FIX to V4.0 (Start of 4.0.1)
34062: Merge V4.0-BUG-FIX to V4.0 RECORD ONLY (changes that came from V4.0)
34109: Merged BRANCHES/DEV/V4.0-BUG-FIX to BRANCHES/V4.0
34108: Merged BRANCHES/DEV/V3.4-BUG-FIX to BRANCHES/DEV/V4.0-BUG-FIX
Added missing jar lib to wcmquickstart and webeditor dependencies
34154: Merged BRANCHES/DEV/V4.0-BUG-FIX/ to BRANCHES/V4.0:
34149: Removes more server side rendered dates: Fixes: ALF-12965, ALF-12984, ALF-12988.
34274: Merged V4.0-BUG-FIX to V4.0
34237: ALF-12740: Updated XHR requests to include a noCache request parameter to address IE issue where 304 reponse is assumed for XHR request
34288: Merged V3.4 to V4.0
34197: ALF-12900 Error occurs in My Documents dashlet
NodeRef (ScriptNode) passed to the doclist.get.js doesn't have any content. Not sure why yet.
Investigation continues, so there may be more changes to stop such nodes being passed in the first place.
NPE is as a result of having a nodeRef without content. It falls over on new code in 3.4.8 for ALF-10976 and ALF-10412.
Not too sure what would have happened in 3.4.7, but expect there world have been another exception in the transformer code.
- Addition of defensive code around contentData being null and the reader given to the transformer being null.
34198: ALF-12900 Error occurs in My Documents dashlet
- File missing from last commit
34242: ALF-13078 Copyright notice shows Alfresco Software, Inc. © 2005-2011 All rights reserved.... should now be to 2012
- Should have been done in 3.4.7 in ALF-12174 but was not found by Eclipse search
34265: Updated installer splash screen for 2012 (thanks Linton!)
34284: ALF-12949: Merged V3.4-BUG-FIX to V3.4
34253: Fix for ALF-13102 - Surf mixing up cookies for different sessions
34286: ALF-12949: Merged V4.0 to V3.4
34248: ALF-13102: NTLM on JBoss - Fix problem with Share SSO Authentication Filter corrupting cookie headers
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@34305 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
1704 lines
63 KiB
Java
1704 lines
63 KiB
Java
/*
|
|
* Copyright (C) 2005-2011 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.security.person;
|
|
|
|
import java.io.Serializable;
|
|
import java.util.ArrayList;
|
|
import java.util.Collections;
|
|
import java.util.Comparator;
|
|
import java.util.HashMap;
|
|
import java.util.HashSet;
|
|
import java.util.LinkedHashSet;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
import java.util.concurrent.ConcurrentHashMap;
|
|
|
|
import org.alfresco.error.AlfrescoRuntimeException;
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.query.CannedQueryFactory;
|
|
import org.alfresco.query.CannedQueryResults;
|
|
import org.alfresco.query.PagingRequest;
|
|
import org.alfresco.query.PagingResults;
|
|
import org.alfresco.repo.action.executer.MailActionExecuter;
|
|
import org.alfresco.repo.cache.SimpleCache;
|
|
import org.alfresco.repo.domain.permissions.AclDAO;
|
|
import org.alfresco.repo.node.NodeServicePolicies;
|
|
import org.alfresco.repo.node.NodeServicePolicies.BeforeCreateNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.OnCreateNodePolicy;
|
|
import org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy;
|
|
import org.alfresco.repo.node.getchildren.FilterProp;
|
|
import org.alfresco.repo.node.getchildren.FilterPropString;
|
|
import org.alfresco.repo.node.getchildren.GetChildrenCannedQuery;
|
|
import org.alfresco.repo.node.getchildren.GetChildrenCannedQueryFactory;
|
|
import org.alfresco.repo.node.getchildren.FilterPropString.FilterTypeString;
|
|
import org.alfresco.repo.policy.JavaBehaviour;
|
|
import org.alfresco.repo.policy.PolicyComponent;
|
|
import org.alfresco.repo.search.SearcherException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
|
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
|
|
import org.alfresco.repo.tenant.TenantDomainMismatchException;
|
|
import org.alfresco.repo.tenant.TenantService;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
|
|
import org.alfresco.repo.transaction.TransactionListenerAdapter;
|
|
import org.alfresco.repo.transaction.TransactionalResourceHelper;
|
|
import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
|
|
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
|
import org.alfresco.service.ServiceRegistry;
|
|
import org.alfresco.service.cmr.action.Action;
|
|
import org.alfresco.service.cmr.action.ActionService;
|
|
import org.alfresco.service.cmr.admin.RepoAdminService;
|
|
import org.alfresco.service.cmr.admin.RepoUsageStatus;
|
|
import org.alfresco.service.cmr.admin.RepoUsage.UsageType;
|
|
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
|
import org.alfresco.service.cmr.invitation.InvitationException;
|
|
import org.alfresco.service.cmr.model.FileFolderService;
|
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.repository.TemplateService;
|
|
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
|
|
import org.alfresco.service.cmr.search.SearchService;
|
|
import org.alfresco.service.cmr.security.AuthorityService;
|
|
import org.alfresco.service.cmr.security.AuthorityType;
|
|
import org.alfresco.service.cmr.security.MutableAuthenticationService;
|
|
import org.alfresco.service.cmr.security.NoSuchPersonException;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.service.namespace.NamespacePrefixResolver;
|
|
import org.alfresco.service.namespace.NamespaceService;
|
|
import org.alfresco.service.namespace.QName;
|
|
import org.alfresco.service.namespace.RegexQNamePattern;
|
|
import org.alfresco.service.transaction.TransactionService;
|
|
import org.alfresco.util.EqualsHelper;
|
|
import org.alfresco.util.GUID;
|
|
import org.alfresco.util.ModelUtil;
|
|
import org.alfresco.util.Pair;
|
|
import org.alfresco.util.ParameterCheck;
|
|
import org.alfresco.util.PropertyCheck;
|
|
import org.alfresco.util.registry.NamedObjectRegistry;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.springframework.extensions.surf.util.I18NUtil;
|
|
|
|
public class PersonServiceImpl extends TransactionListenerAdapter implements PersonService,
|
|
NodeServicePolicies.BeforeCreateNodePolicy,
|
|
NodeServicePolicies.OnCreateNodePolicy,
|
|
NodeServicePolicies.BeforeDeleteNodePolicy,
|
|
NodeServicePolicies.OnUpdatePropertiesPolicy
|
|
|
|
{
|
|
private static Log logger = LogFactory.getLog(PersonServiceImpl.class);
|
|
|
|
private static final String CANNED_QUERY_PEOPLE_LIST = "peopleGetChildrenCannedQueryFactory";
|
|
|
|
private static final String DELETE = "DELETE";
|
|
private static final String SPLIT = "SPLIT";
|
|
private static final String LEAVE = "LEAVE";
|
|
public static final String SYSTEM_FOLDER_SHORT_QNAME = "sys:system";
|
|
public static final String PEOPLE_FOLDER_SHORT_QNAME = "sys:people";
|
|
private static final String SYSTEM_USAGE_WARN_LIMIT_USERS_EXCEEDED_VERBOSE = "system.usage.err.limit_users_exceeded_verbose";
|
|
|
|
private static final String KEY_POST_TXN_DUPLICATES = "PersonServiceImpl.KEY_POST_TXN_DUPLICATES";
|
|
public static final String KEY_ALLOW_UID_UPDATE = "PersonServiceImpl.KEY_ALLOW_UID_UPDATE";
|
|
private static final String KEY_USERS_CREATED = "PersonServiceImpl.KEY_USERS_CREATED";
|
|
|
|
private StoreRef storeRef;
|
|
private TransactionService transactionService;
|
|
private NodeService nodeService;
|
|
private TenantService tenantService;
|
|
private SearchService searchService;
|
|
private AuthorityService authorityService;
|
|
private MutableAuthenticationService authenticationService;
|
|
private DictionaryService dictionaryService;
|
|
private PermissionServiceSPI permissionServiceSPI;
|
|
private NamespacePrefixResolver namespacePrefixResolver;
|
|
private HomeFolderManager homeFolderManager;
|
|
private PolicyComponent policyComponent;
|
|
private AclDAO aclDao;
|
|
private PermissionsManager permissionsManager;
|
|
private RepoAdminService repoAdminService;
|
|
private ServiceRegistry serviceRegistry;
|
|
|
|
private boolean createMissingPeople;
|
|
private static Set<QName> mutableProperties;
|
|
private String defaultHomeFolderProvider;
|
|
private boolean processDuplicates = true;
|
|
private String duplicateMode = LEAVE;
|
|
private boolean lastIsBest = true;
|
|
private boolean includeAutoCreated = false;
|
|
|
|
private NamedObjectRegistry<CannedQueryFactory<NodeRef>> cannedQueryRegistry;
|
|
|
|
/** a transactionally-safe cache to be injected */
|
|
private SimpleCache<String, Set<NodeRef>> personCache;
|
|
|
|
/** People Container ref cache (Tennant aware) */
|
|
private Map<String, NodeRef> peopleContainerRefs = new ConcurrentHashMap<String, NodeRef>(4);
|
|
|
|
private UserNameMatcher userNameMatcher;
|
|
|
|
private JavaBehaviour beforeCreateNodeValidationBehaviour;
|
|
private JavaBehaviour beforeDeleteNodeValidationBehaviour;
|
|
|
|
private boolean homeFolderCreationEager;
|
|
|
|
static
|
|
{
|
|
Set<QName> props = new HashSet<QName>();
|
|
props.add(ContentModel.PROP_HOMEFOLDER);
|
|
props.add(ContentModel.PROP_FIRSTNAME);
|
|
// Middle Name
|
|
props.add(ContentModel.PROP_LASTNAME);
|
|
props.add(ContentModel.PROP_EMAIL);
|
|
props.add(ContentModel.PROP_ORGID);
|
|
mutableProperties = Collections.unmodifiableSet(props);
|
|
}
|
|
|
|
@Override
|
|
public boolean equals(Object obj)
|
|
{
|
|
return this == obj;
|
|
}
|
|
|
|
@Override
|
|
public int hashCode()
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
/**
|
|
* Spring bean init method
|
|
*/
|
|
public void init()
|
|
{
|
|
PropertyCheck.mandatory(this, "storeUrl", storeRef);
|
|
PropertyCheck.mandatory(this, "transactionService", transactionService);
|
|
PropertyCheck.mandatory(this, "nodeService", nodeService);
|
|
PropertyCheck.mandatory(this, "permissionServiceSPI", permissionServiceSPI);
|
|
PropertyCheck.mandatory(this, "authorityService", authorityService);
|
|
PropertyCheck.mandatory(this, "authenticationService", authenticationService);
|
|
PropertyCheck.mandatory(this, "namespacePrefixResolver", namespacePrefixResolver);
|
|
PropertyCheck.mandatory(this, "policyComponent", policyComponent);
|
|
PropertyCheck.mandatory(this, "personCache", personCache);
|
|
PropertyCheck.mandatory(this, "aclDao", aclDao);
|
|
PropertyCheck.mandatory(this, "homeFolderManager", homeFolderManager);
|
|
PropertyCheck.mandatory(this, "repoAdminService", repoAdminService);
|
|
|
|
beforeCreateNodeValidationBehaviour = new JavaBehaviour(this, "beforeCreateNodeValidation");
|
|
this.policyComponent.bindClassBehaviour(
|
|
BeforeCreateNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
beforeCreateNodeValidationBehaviour);
|
|
|
|
beforeDeleteNodeValidationBehaviour = new JavaBehaviour(this, "beforeDeleteNodeValidation");
|
|
this.policyComponent.bindClassBehaviour(
|
|
BeforeDeleteNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
beforeDeleteNodeValidationBehaviour);
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnCreateNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "onCreateNode"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
BeforeDeleteNodePolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "beforeDeleteNode"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnUpdatePropertiesPolicy.QNAME,
|
|
ContentModel.TYPE_PERSON,
|
|
new JavaBehaviour(this, "onUpdateProperties"));
|
|
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnUpdatePropertiesPolicy.QNAME,
|
|
ContentModel.TYPE_USER,
|
|
new JavaBehaviour(this, "onUpdatePropertiesUser"));
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void setCreateMissingPeople(boolean createMissingPeople)
|
|
{
|
|
this.createMissingPeople = createMissingPeople;
|
|
}
|
|
|
|
public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver)
|
|
{
|
|
this.namespacePrefixResolver = namespacePrefixResolver;
|
|
}
|
|
|
|
public void setAuthorityService(AuthorityService authorityService)
|
|
{
|
|
this.authorityService = authorityService;
|
|
}
|
|
|
|
public void setAuthenticationService(MutableAuthenticationService authenticationService)
|
|
{
|
|
this.authenticationService = authenticationService;
|
|
}
|
|
|
|
public void setDictionaryService(DictionaryService dictionaryService)
|
|
{
|
|
this.dictionaryService = dictionaryService;
|
|
}
|
|
|
|
public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)
|
|
{
|
|
this.permissionServiceSPI = permissionServiceSPI;
|
|
}
|
|
|
|
public void setTransactionService(TransactionService transactionService)
|
|
{
|
|
this.transactionService = transactionService;
|
|
}
|
|
|
|
public void setServiceRegistry(ServiceRegistry serviceRegistry)
|
|
{
|
|
this.serviceRegistry = serviceRegistry;
|
|
}
|
|
|
|
public void setNodeService(NodeService nodeService)
|
|
{
|
|
this.nodeService = nodeService;
|
|
}
|
|
|
|
public void setTenantService(TenantService tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
public void setSearchService(SearchService searchService)
|
|
{
|
|
this.searchService = searchService;
|
|
}
|
|
|
|
public void setRepoAdminService(RepoAdminService repoAdminService)
|
|
{
|
|
this.repoAdminService = repoAdminService;
|
|
}
|
|
|
|
public void setPolicyComponent(PolicyComponent policyComponent)
|
|
{
|
|
this.policyComponent = policyComponent;
|
|
}
|
|
|
|
public void setStoreUrl(String storeUrl)
|
|
{
|
|
this.storeRef = new StoreRef(storeUrl);
|
|
}
|
|
|
|
public void setUserNameMatcher(UserNameMatcher userNameMatcher)
|
|
{
|
|
this.userNameMatcher = userNameMatcher;
|
|
}
|
|
|
|
void setDefaultHomeFolderProvider(String defaultHomeFolderProvider)
|
|
{
|
|
this.defaultHomeFolderProvider = defaultHomeFolderProvider;
|
|
}
|
|
|
|
public void setDuplicateMode(String duplicateMode)
|
|
{
|
|
this.duplicateMode = duplicateMode;
|
|
}
|
|
|
|
public void setIncludeAutoCreated(boolean includeAutoCreated)
|
|
{
|
|
this.includeAutoCreated = includeAutoCreated;
|
|
}
|
|
|
|
public void setLastIsBest(boolean lastIsBest)
|
|
{
|
|
this.lastIsBest = lastIsBest;
|
|
}
|
|
|
|
public void setProcessDuplicates(boolean processDuplicates)
|
|
{
|
|
this.processDuplicates = processDuplicates;
|
|
}
|
|
|
|
public void setHomeFolderManager(HomeFolderManager homeFolderManager)
|
|
{
|
|
this.homeFolderManager = homeFolderManager;
|
|
}
|
|
|
|
/**
|
|
* Indicates if home folders should be created when the person
|
|
* is created or delayed until first accessed.
|
|
*/
|
|
public void setHomeFolderCreationEager(boolean homeFolderCreationEager)
|
|
{
|
|
this.homeFolderCreationEager = homeFolderCreationEager;
|
|
}
|
|
|
|
public void setAclDAO(AclDAO aclDao)
|
|
{
|
|
this.aclDao = aclDao;
|
|
}
|
|
|
|
public void setPermissionsManager(PermissionsManager permissionsManager)
|
|
{
|
|
this.permissionsManager = permissionsManager;
|
|
}
|
|
|
|
/**
|
|
* Set the registry of {@link CannedQueryFactory canned queries}
|
|
*/
|
|
public void setCannedQueryRegistry(NamedObjectRegistry<CannedQueryFactory<NodeRef>> cannedQueryRegistry)
|
|
{
|
|
this.cannedQueryRegistry = cannedQueryRegistry;
|
|
}
|
|
|
|
/**
|
|
* Set the username to person cache.
|
|
*/
|
|
public void setPersonCache(SimpleCache<String, Set<NodeRef>> personCache)
|
|
{
|
|
this.personCache = personCache;
|
|
}
|
|
|
|
/**
|
|
* Avoid injection issues: Look it up from the Service Registry as required
|
|
*/
|
|
private FileFolderService getFileFolderService()
|
|
{
|
|
return serviceRegistry.getFileFolderService();
|
|
}
|
|
|
|
/**
|
|
* Avoid injection issues: Look it up from the Service Registry as required
|
|
*/
|
|
private NamespaceService getNamespaceService()
|
|
{
|
|
return serviceRegistry.getNamespaceService();
|
|
}
|
|
|
|
/**
|
|
* Avoid injection issues: Look it up from the Service Registry as required
|
|
*/
|
|
private ActionService getActionService()
|
|
{
|
|
return serviceRegistry.getActionService();
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getPerson(String userName)
|
|
{
|
|
return getPerson(userName, true);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getPerson(final String userName, final boolean autoCreateHomeFolderAndMissingPersonIfAllowed)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantUser(userName))
|
|
{
|
|
final String tenantDomain = tenantService.getUserDomain(userName);
|
|
|
|
return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
return getPersonImpl(userName, autoCreateHomeFolderAndMissingPersonIfAllowed);
|
|
}
|
|
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
return getPersonImpl(userName, autoCreateHomeFolderAndMissingPersonIfAllowed);
|
|
}
|
|
}
|
|
|
|
private NodeRef getPersonImpl(String userName, boolean autoCreateHomeFolderAndMissingPersonIfAllowed)
|
|
{
|
|
if(userName == null)
|
|
{
|
|
return null;
|
|
}
|
|
if(userName.length() == 0)
|
|
{
|
|
return null;
|
|
}
|
|
NodeRef personNode = getPersonOrNull(userName);
|
|
if (personNode == null)
|
|
{
|
|
TxnReadState txnReadState = AlfrescoTransactionSupport.getTransactionReadState();
|
|
if (autoCreateHomeFolderAndMissingPersonIfAllowed && createMissingPeople() &&
|
|
txnReadState == TxnReadState.TXN_READ_WRITE)
|
|
{
|
|
// We create missing people AND are in a read-write txn
|
|
return createMissingPerson(userName, true);
|
|
}
|
|
else
|
|
{
|
|
throw new NoSuchPersonException(userName);
|
|
}
|
|
}
|
|
else if (autoCreateHomeFolderAndMissingPersonIfAllowed)
|
|
{
|
|
makeHomeFolderIfRequired(personNode);
|
|
}
|
|
return personNode;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean personExists(String caseSensitiveUserName)
|
|
{
|
|
return getPersonOrNull(caseSensitiveUserName) != null;
|
|
}
|
|
|
|
private NodeRef getPersonOrNull(String searchUserName)
|
|
{
|
|
Set<NodeRef> allRefs = getFromCache(searchUserName);
|
|
boolean addToCache = false;
|
|
if (allRefs == null)
|
|
{
|
|
List<ChildAssociationRef> childRefs = nodeService.getChildAssocs(
|
|
getPeopleContainer(),
|
|
ContentModel.ASSOC_CHILDREN,
|
|
getChildNameLower(searchUserName),
|
|
false);
|
|
allRefs = new LinkedHashSet<NodeRef>(childRefs.size() * 2);
|
|
|
|
for (ChildAssociationRef childRef : childRefs)
|
|
{
|
|
NodeRef nodeRef = childRef.getChildRef();
|
|
allRefs.add(nodeRef);
|
|
}
|
|
addToCache = true;
|
|
}
|
|
|
|
List<NodeRef> refs = new ArrayList<NodeRef>(allRefs.size());
|
|
Set<NodeRef> nodesToRemoveFromCache = new HashSet<NodeRef>();
|
|
for (NodeRef nodeRef : allRefs)
|
|
{
|
|
if (nodeService.exists(nodeRef))
|
|
{
|
|
Serializable value = nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, value);
|
|
if (userNameMatcher.matches(searchUserName, realUserName))
|
|
{
|
|
refs.add(nodeRef);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
nodesToRemoveFromCache.add(nodeRef);
|
|
}
|
|
}
|
|
|
|
if (!nodesToRemoveFromCache.isEmpty())
|
|
{
|
|
allRefs.removeAll(nodesToRemoveFromCache);
|
|
}
|
|
|
|
NodeRef returnRef = null;
|
|
if (refs.size() > 1)
|
|
{
|
|
returnRef = handleDuplicates(refs, searchUserName);
|
|
}
|
|
else if (refs.size() == 1)
|
|
{
|
|
returnRef = refs.get(0);
|
|
|
|
if (addToCache)
|
|
{
|
|
// Don't bother caching unless we get a result that doesn't need duplicate processing
|
|
putToCache(searchUserName, allRefs);
|
|
}
|
|
}
|
|
return returnRef;
|
|
}
|
|
|
|
private NodeRef handleDuplicates(List<NodeRef> refs, String searchUserName)
|
|
{
|
|
if (processDuplicates)
|
|
{
|
|
NodeRef best = findBest(refs);
|
|
HashSet<NodeRef> toHandle = new HashSet<NodeRef>();
|
|
toHandle.addAll(refs);
|
|
toHandle.remove(best);
|
|
addDuplicateNodeRefsToHandle(toHandle);
|
|
return best;
|
|
}
|
|
else
|
|
{
|
|
String userNameSensitivity = " (user name is case-" + (userNameMatcher.getUserNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
|
|
String domainNameSensitivity = "";
|
|
if (!userNameMatcher.getDomainSeparator().equals(""))
|
|
{
|
|
domainNameSensitivity = " (domain name is case-" + (userNameMatcher.getDomainNamesAreCaseSensitive() ? "sensitive" : "insensitive") + ")";
|
|
}
|
|
|
|
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName + userNameSensitivity + domainNameSensitivity);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get the txn-bound usernames that need cleaning up
|
|
*/
|
|
private Set<NodeRef> getPostTxnDuplicates()
|
|
{
|
|
@SuppressWarnings("unchecked")
|
|
Set<NodeRef> postTxnDuplicates = (Set<NodeRef>) AlfrescoTransactionSupport.getResource(KEY_POST_TXN_DUPLICATES);
|
|
if (postTxnDuplicates == null)
|
|
{
|
|
postTxnDuplicates = new HashSet<NodeRef>();
|
|
AlfrescoTransactionSupport.bindResource(KEY_POST_TXN_DUPLICATES, postTxnDuplicates);
|
|
}
|
|
return postTxnDuplicates;
|
|
}
|
|
|
|
/**
|
|
* Flag a username for cleanup after the transaction.
|
|
*/
|
|
private void addDuplicateNodeRefsToHandle(Set<NodeRef> refs)
|
|
{
|
|
// Firstly, bind this service to the transaction
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
// Now get the post txn duplicate list
|
|
Set<NodeRef> postTxnDuplicates = getPostTxnDuplicates();
|
|
postTxnDuplicates.addAll(refs);
|
|
}
|
|
|
|
/**
|
|
* Process clean up any duplicates that were flagged during the transaction.
|
|
*/
|
|
@Override
|
|
public void afterCommit()
|
|
{
|
|
// Get the duplicates in a form that can be read by the transaction work anonymous instance
|
|
final Set<NodeRef> postTxnDuplicates = getPostTxnDuplicates();
|
|
if (postTxnDuplicates.size() == 0)
|
|
{
|
|
// Nothing to do
|
|
return;
|
|
}
|
|
|
|
RetryingTransactionCallback<Object> processDuplicateWork = new RetryingTransactionCallback<Object>()
|
|
{
|
|
public Object execute() throws Throwable
|
|
{
|
|
if (duplicateMode.equalsIgnoreCase(SPLIT))
|
|
{
|
|
logger.info("Splitting " + postTxnDuplicates.size() + " duplicate person objects.");
|
|
// Allow UIDs to be updated in this transaction
|
|
AlfrescoTransactionSupport.bindResource(KEY_ALLOW_UID_UPDATE, Boolean.TRUE);
|
|
split(postTxnDuplicates);
|
|
logger.info("Split " + postTxnDuplicates.size() + " duplicate person objects.");
|
|
}
|
|
else if (duplicateMode.equalsIgnoreCase(DELETE))
|
|
{
|
|
delete(postTxnDuplicates);
|
|
logger.info("Deleted duplicate person objects");
|
|
}
|
|
else
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Duplicate person objects exist");
|
|
}
|
|
}
|
|
|
|
// Done
|
|
return null;
|
|
}
|
|
};
|
|
transactionService.getRetryingTransactionHelper().doInTransaction(processDuplicateWork, false, true);
|
|
}
|
|
|
|
private void delete(Set<NodeRef> toDelete)
|
|
{
|
|
for (NodeRef nodeRef : toDelete)
|
|
{
|
|
deletePerson(nodeRef);
|
|
}
|
|
}
|
|
|
|
private void split(Set<NodeRef> toSplit)
|
|
{
|
|
for (NodeRef nodeRef : toSplit)
|
|
{
|
|
String userName = (String) nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
String newUserName = userName + GUID.generate();
|
|
nodeService.setProperty(nodeRef, ContentModel.PROP_USERNAME, userName + GUID.generate());
|
|
logger.info(" New person object: " + newUserName);
|
|
}
|
|
}
|
|
|
|
private NodeRef findBest(List<NodeRef> refs)
|
|
{
|
|
// Given that we might not have audit attributes, use the assumption that the node ID increases to sort the
|
|
// nodes
|
|
if (lastIsBest)
|
|
{
|
|
Collections.sort(refs, new NodeIdComparator(nodeService, false));
|
|
}
|
|
else
|
|
{
|
|
Collections.sort(refs, new NodeIdComparator(nodeService, true));
|
|
}
|
|
|
|
NodeRef fallBack = null;
|
|
|
|
for (NodeRef nodeRef : refs)
|
|
{
|
|
if (fallBack == null)
|
|
{
|
|
fallBack = nodeRef;
|
|
}
|
|
|
|
if (includeAutoCreated || !wasAutoCreated(nodeRef))
|
|
{
|
|
return nodeRef;
|
|
}
|
|
}
|
|
|
|
return fallBack;
|
|
}
|
|
|
|
private boolean wasAutoCreated(NodeRef nodeRef)
|
|
{
|
|
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME));
|
|
|
|
String testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_FIRSTNAME));
|
|
if ((testString == null) || !testString.equals(userName))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_LASTNAME));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_EMAIL));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_ORGID));
|
|
if ((testString == null) || !testString.equals(""))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
testString = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_HOME_FOLDER_PROVIDER));
|
|
if ((testString == null) || !testString.equals(defaultHomeFolderProvider))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean createMissingPeople()
|
|
{
|
|
return createMissingPeople;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public Set<QName> getMutableProperties()
|
|
{
|
|
return mutableProperties;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void setPersonProperties(String userName, Map<QName, Serializable> properties)
|
|
{
|
|
setPersonProperties(userName, properties, true);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void setPersonProperties(String userName, Map<QName, Serializable> properties, boolean autoCreateHomeFolder)
|
|
{
|
|
NodeRef personNode = getPersonOrNull(userName);
|
|
if (personNode == null)
|
|
{
|
|
if (createMissingPeople())
|
|
{
|
|
personNode = createMissingPerson(userName, autoCreateHomeFolder);
|
|
}
|
|
else
|
|
{
|
|
throw new PersonException("No person found for user name " + userName);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Must create the home folder first as a property holds its location.
|
|
if (autoCreateHomeFolder)
|
|
{
|
|
makeHomeFolderIfRequired(personNode);
|
|
}
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode, ContentModel.PROP_USERNAME));
|
|
String suggestedUserName;
|
|
|
|
// LDAP sync: allow change of case if we have case insensitive user names and the same name in a different case
|
|
if (getUserNamesAreCaseSensitive()
|
|
|| (suggestedUserName = (String) properties.get(ContentModel.PROP_USERNAME)) == null
|
|
|| !suggestedUserName.equalsIgnoreCase(realUserName))
|
|
{
|
|
properties.put(ContentModel.PROP_USERNAME, realUserName);
|
|
}
|
|
}
|
|
Map<QName, Serializable> update = nodeService.getProperties(personNode);
|
|
update.putAll(properties);
|
|
|
|
nodeService.setProperties(personNode, update);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean isMutable()
|
|
{
|
|
return true;
|
|
}
|
|
|
|
private NodeRef createMissingPerson(String userName, boolean autoCreateHomeFolder)
|
|
{
|
|
HashMap<QName, Serializable> properties = getDefaultProperties(userName);
|
|
NodeRef person = createPerson(properties);
|
|
|
|
// The home folder will ONLY exist after the the person is created if
|
|
// homeFolderCreationEager == true
|
|
if (autoCreateHomeFolder && homeFolderCreationEager == false)
|
|
{
|
|
makeHomeFolderIfRequired(person);
|
|
}
|
|
|
|
return person;
|
|
}
|
|
|
|
private void makeHomeFolderIfRequired(NodeRef person)
|
|
{
|
|
if (person != null)
|
|
{
|
|
NodeRef homeFolder = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER));
|
|
if (homeFolder == null)
|
|
{
|
|
final ChildAssociationRef ref = nodeService.getPrimaryParent(person);
|
|
transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<Object>()
|
|
{
|
|
public Object execute() throws Throwable
|
|
{
|
|
makeHomeFolderAsSystem(ref);
|
|
return null;
|
|
}
|
|
}, transactionService.isReadOnly(), transactionService.isReadOnly() ? false : AlfrescoTransactionSupport.getTransactionReadState() == TxnReadState.TXN_READ_ONLY);
|
|
}
|
|
}
|
|
}
|
|
|
|
private void makeHomeFolderAsSystem(final ChildAssociationRef childAssocRef)
|
|
{
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
@Override
|
|
public Object doWork() throws Exception
|
|
{
|
|
homeFolderManager.makeHomeFolder(childAssocRef);
|
|
return null;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
}
|
|
|
|
private HashMap<QName, Serializable> getDefaultProperties(String userName)
|
|
{
|
|
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
properties.put(ContentModel.PROP_FIRSTNAME, tenantService.getBaseNameUser(userName));
|
|
properties.put(ContentModel.PROP_LASTNAME, "");
|
|
properties.put(ContentModel.PROP_EMAIL, "");
|
|
properties.put(ContentModel.PROP_ORGID, "");
|
|
properties.put(ContentModel.PROP_HOME_FOLDER_PROVIDER, defaultHomeFolderProvider);
|
|
|
|
properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
|
|
properties.put(ContentModel.PROP_SIZE_QUOTA, -1L); // no quota
|
|
|
|
return properties;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef createPerson(Map<QName, Serializable> properties)
|
|
{
|
|
return createPerson(properties, authorityService.getDefaultZones());
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef createPerson(Map<QName, Serializable> properties, Set<String> zones)
|
|
{
|
|
ParameterCheck.mandatory("properties", properties);
|
|
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_USERNAME));
|
|
if (userName == null)
|
|
{
|
|
throw new IllegalArgumentException("No username specified when creating the person.");
|
|
}
|
|
|
|
/*
|
|
* Check restrictions on the number of users
|
|
*/
|
|
Long maxUsers = repoAdminService.getRestrictions().getUsers();
|
|
if (maxUsers != null)
|
|
{
|
|
// Get the set of users created in this transaction
|
|
Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
|
|
usersCreated.add(userName);
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
}
|
|
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(userName);
|
|
if (authorityType != AuthorityType.USER)
|
|
{
|
|
throw new AlfrescoRuntimeException("Attempt to create person for an authority which is not a user");
|
|
}
|
|
|
|
tenantService.checkDomainUser(userName);
|
|
|
|
if (personExists(userName))
|
|
{
|
|
throw new AlfrescoRuntimeException("Person '" + userName + "' already exists.");
|
|
}
|
|
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
|
|
|
|
NodeRef personRef = null;
|
|
try
|
|
{
|
|
beforeCreateNodeValidationBehaviour.disable();
|
|
|
|
personRef = nodeService.createNode(
|
|
getPeopleContainer(),
|
|
ContentModel.ASSOC_CHILDREN,
|
|
getChildNameLower(userName), // Lowercase:
|
|
ContentModel.TYPE_PERSON, properties).getChildRef();
|
|
}
|
|
finally
|
|
{
|
|
beforeCreateNodeValidationBehaviour.enable();
|
|
}
|
|
|
|
if (zones != null)
|
|
{
|
|
for (String zone : zones)
|
|
{
|
|
// Add the person to an authentication zone (corresponding to an external user registry)
|
|
// Let's preserve case on this child association
|
|
nodeService.addChild(authorityService.getOrCreateZone(zone), personRef, ContentModel.ASSOC_IN_ZONE, QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, userName, namespacePrefixResolver));
|
|
}
|
|
}
|
|
|
|
removeFromCache(userName);
|
|
|
|
return personRef;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void notifyPerson(final String userName, final String password)
|
|
{
|
|
// Get the details of our user, or fail trying
|
|
NodeRef noderef = getPerson(userName, false);
|
|
Map<QName,Serializable> userProps = nodeService.getProperties(noderef);
|
|
|
|
// Do they have an email set? We can't email them if not...
|
|
String email = null;
|
|
if (userProps.containsKey(ContentModel.PROP_EMAIL))
|
|
{
|
|
email = (String)userProps.get(ContentModel.PROP_EMAIL);
|
|
}
|
|
|
|
if (email == null || email.length() == 0)
|
|
{
|
|
if (logger.isInfoEnabled())
|
|
{
|
|
logger.info("Not sending new user notification to " + userName + " as no email address found");
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
// We need a freemarker model, so turn the QNames into
|
|
// something a bit more freemarker friendly
|
|
Map<String,Serializable> model = buildEmailTemplateModel(userProps);
|
|
model.put("password", password); // Not stored on the person
|
|
|
|
// Set the details of the person sending the email into the model
|
|
NodeRef creatorNR = getPerson(AuthenticationUtil.getFullyAuthenticatedUser());
|
|
Map<QName,Serializable> creatorProps = nodeService.getProperties(creatorNR);
|
|
Map<String,Serializable> creator = buildEmailTemplateModel(creatorProps);
|
|
model.put("creator", (Serializable)creator);
|
|
|
|
// Set share information into the model
|
|
String productName = ModelUtil.getProductName(repoAdminService);
|
|
model.put(TemplateService.KEY_PRODUCT_NAME, productName);
|
|
|
|
// Set the details for the action
|
|
Map<String,Serializable> actionParams = new HashMap<String, Serializable>();
|
|
actionParams.put(MailActionExecuter.PARAM_TEMPLATE_MODEL, (Serializable)model);
|
|
actionParams.put(MailActionExecuter.PARAM_TO, email);
|
|
actionParams.put(MailActionExecuter.PARAM_FROM, creatorProps.get(ContentModel.PROP_EMAIL));
|
|
actionParams.put(MailActionExecuter.PARAM_SUBJECT,
|
|
I18NUtil.getMessage("invitation.notification.person.email.subject", productName));
|
|
|
|
// Pick the appropriate localised template
|
|
actionParams.put(MailActionExecuter.PARAM_TEMPLATE, getNotifyEmailTemplateNodeRef());
|
|
|
|
// Ask for the email to be sent asynchronously
|
|
Action mailAction = getActionService().createAction(MailActionExecuter.NAME, actionParams);
|
|
getActionService().executeAction(mailAction, noderef, false, true);
|
|
}
|
|
|
|
/**
|
|
* Finds the email template and then attempts to find a localized version
|
|
*/
|
|
private NodeRef getNotifyEmailTemplateNodeRef()
|
|
{
|
|
// Find the new user email template
|
|
String xpath = "app:company_home/app:dictionary/app:email_templates/cm:invite/cm:new-user-email.html.ftl";
|
|
try
|
|
{
|
|
NodeRef rootNodeRef = nodeService.getRootNode(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE);
|
|
List<NodeRef> nodeRefs = searchService.selectNodes(
|
|
rootNodeRef,
|
|
xpath,
|
|
null,
|
|
getNamespaceService(),
|
|
false);
|
|
if (nodeRefs.size() > 1)
|
|
{
|
|
logger.error("Found too many email templates using: " + xpath);
|
|
nodeRefs = Collections.singletonList(nodeRefs.get(0));
|
|
}
|
|
else if (nodeRefs.size() == 0)
|
|
{
|
|
throw new InvitationException("Cannot find the email template using " + xpath);
|
|
}
|
|
// Now localise this
|
|
NodeRef base = nodeRefs.get(0);
|
|
NodeRef local = getFileFolderService().getLocalizedSibling(base);
|
|
return local;
|
|
}
|
|
catch (SearcherException e)
|
|
{
|
|
throw new InvitationException("Cannot find the email template!", e);
|
|
}
|
|
}
|
|
|
|
private Map<String,Serializable> buildEmailTemplateModel(Map<QName,Serializable> props)
|
|
{
|
|
Map<String,Serializable> model = new HashMap<String, Serializable>((int)(props.size()*1.5));
|
|
for (QName qname : props.keySet())
|
|
{
|
|
model.put(qname.getLocalName(), props.get(qname));
|
|
model.put(qname.getLocalName().toLowerCase(), props.get(qname));
|
|
}
|
|
return model;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getPeopleContainer()
|
|
{
|
|
String cacheKey = tenantService.getCurrentUserDomain();
|
|
NodeRef peopleNodeRef = peopleContainerRefs.get(cacheKey);
|
|
if (peopleNodeRef == null)
|
|
{
|
|
NodeRef rootNodeRef = nodeService.getRootNode(tenantService.getName(storeRef));
|
|
List<ChildAssociationRef> children = nodeService.getChildAssocs(rootNodeRef, RegexQNamePattern.MATCH_ALL,
|
|
QName.createQName(SYSTEM_FOLDER_SHORT_QNAME, namespacePrefixResolver), false);
|
|
|
|
if (children.size() == 0)
|
|
{
|
|
throw new AlfrescoRuntimeException("Required people system path not found: "
|
|
+ SYSTEM_FOLDER_SHORT_QNAME);
|
|
}
|
|
|
|
NodeRef systemNodeRef = children.get(0).getChildRef();
|
|
|
|
children = nodeService.getChildAssocs(systemNodeRef, RegexQNamePattern.MATCH_ALL, QName.createQName(
|
|
PEOPLE_FOLDER_SHORT_QNAME, namespacePrefixResolver), false);
|
|
|
|
if (children.size() == 0)
|
|
{
|
|
throw new AlfrescoRuntimeException("Required people system path not found: "
|
|
+ PEOPLE_FOLDER_SHORT_QNAME);
|
|
}
|
|
|
|
peopleNodeRef = children.get(0).getChildRef();
|
|
peopleContainerRefs.put(cacheKey, peopleNodeRef);
|
|
}
|
|
return peopleNodeRef;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void deletePerson(String userName)
|
|
{
|
|
// Normalize the username to avoid case sensitivity issues
|
|
userName = getUserIdentifier(userName);
|
|
if (userName == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
NodeRef personRef = getPersonOrNull(userName);
|
|
|
|
deletePersonImpl(userName, personRef);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void deletePerson(NodeRef personRef)
|
|
{
|
|
QName typeQName = nodeService.getType(personRef);
|
|
if (typeQName.equals(ContentModel.TYPE_PERSON))
|
|
{
|
|
String userName = (String) this.nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
|
|
deletePersonImpl(userName, personRef);
|
|
}
|
|
else
|
|
{
|
|
throw new AlfrescoRuntimeException("deletePerson: invalid type of node "+personRef+" (actual="+typeQName+", expected="+ContentModel.TYPE_PERSON+")");
|
|
}
|
|
}
|
|
|
|
private void deletePersonImpl(String userName, NodeRef personRef)
|
|
{
|
|
if (userName != null)
|
|
{
|
|
// Remove internally-stored password information, if any
|
|
try
|
|
{
|
|
authenticationService.deleteAuthentication(userName);
|
|
}
|
|
catch (AuthenticationException e)
|
|
{
|
|
// Ignore this - externally authenticated user
|
|
}
|
|
|
|
// Invalidate all that user's tickets
|
|
try
|
|
{
|
|
authenticationService.invalidateUserSession(userName);
|
|
}
|
|
catch (AuthenticationException e)
|
|
{
|
|
// Ignore this
|
|
}
|
|
|
|
// remove any user permissions
|
|
permissionServiceSPI.deletePermissions(userName);
|
|
}
|
|
|
|
// delete the person
|
|
if (personRef != null)
|
|
{
|
|
try
|
|
{
|
|
beforeDeleteNodeValidationBehaviour.disable();
|
|
|
|
nodeService.deleteNode(personRef);
|
|
}
|
|
finally
|
|
{
|
|
beforeDeleteNodeValidationBehaviour.enable();
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Kick off the transaction listener for create user. It has the side-effect of
|
|
* recalculating the number of users.
|
|
*/
|
|
Long maxUsers = repoAdminService.getRestrictions().getUsers();
|
|
if (maxUsers != null)
|
|
{
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*
|
|
* @deprecated see getPeople
|
|
*/
|
|
public Set<NodeRef> getAllPeople()
|
|
{
|
|
List<PersonInfo> personInfos = getPeople(null, true, null, new PagingRequest(Integer.MAX_VALUE, null)).getPage();
|
|
Set<NodeRef> refs = new HashSet<NodeRef>(personInfos.size());
|
|
for (PersonInfo personInfo : personInfos)
|
|
{
|
|
refs.add(personInfo.getNodeRef());
|
|
}
|
|
return refs;
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public PagingResults<PersonInfo> getPeople(List<Pair<QName, String>> stringPropFilters, boolean filterIgnoreCase, List<Pair<QName, Boolean>> sortProps, PagingRequest pagingRequest)
|
|
{
|
|
ParameterCheck.mandatory("pagingRequest", pagingRequest);
|
|
|
|
Long start = (logger.isDebugEnabled() ? System.currentTimeMillis() : null);
|
|
|
|
NodeRef contextNodeRef = getPeopleContainer();
|
|
|
|
Set<QName> childTypeQNames = new HashSet<QName>(1);
|
|
childTypeQNames.add(ContentModel.TYPE_PERSON);
|
|
|
|
// get canned query
|
|
GetChildrenCannedQueryFactory getChildrenCannedQueryFactory = (GetChildrenCannedQueryFactory)cannedQueryRegistry.getNamedObject(CANNED_QUERY_PEOPLE_LIST);
|
|
|
|
List<FilterProp> filterProps = null;
|
|
if (stringPropFilters != null)
|
|
{
|
|
filterProps = new ArrayList<FilterProp>(stringPropFilters.size());
|
|
for (Pair<QName, String> filterProp : stringPropFilters)
|
|
{
|
|
String filterStr = filterProp.getSecond();
|
|
if ((filterStr == null) || (filterStr.equals("")) || (filterStr.equals("*")))
|
|
{
|
|
// The wildcard means no filtering is needed on this property
|
|
continue;
|
|
}
|
|
else if (filterStr.endsWith("*"))
|
|
{
|
|
// The trailing * is implicit
|
|
filterStr = filterStr.substring(0, filterStr.length()-1);
|
|
}
|
|
|
|
// Turn this into a canned query filter
|
|
filterProps.add(new FilterPropString(filterProp.getFirst(), filterStr, (filterIgnoreCase ? FilterTypeString.STARTSWITH_IGNORECASE : FilterTypeString.STARTSWITH)));
|
|
}
|
|
}
|
|
|
|
GetChildrenCannedQuery cq = (GetChildrenCannedQuery)getChildrenCannedQueryFactory.getCannedQuery(contextNodeRef, null, null, childTypeQNames, filterProps, sortProps, pagingRequest);
|
|
|
|
// execute canned query
|
|
final CannedQueryResults<NodeRef> results = cq.execute();
|
|
|
|
final List<NodeRef> nodeRefs;
|
|
if (results.getPageCount() > 0)
|
|
{
|
|
nodeRefs = results.getPages().get(0);
|
|
}
|
|
else
|
|
{
|
|
nodeRefs = Collections.emptyList();
|
|
}
|
|
|
|
// set total count
|
|
final Pair<Integer, Integer> totalCount;
|
|
if (pagingRequest.getRequestTotalCountMax() > 0)
|
|
{
|
|
totalCount = results.getTotalResultCount();
|
|
}
|
|
else
|
|
{
|
|
totalCount = null;
|
|
}
|
|
|
|
if (start != null)
|
|
{
|
|
int cnt = results.getPagedResultCount();
|
|
int skipCount = pagingRequest.getSkipCount();
|
|
int maxItems = pagingRequest.getMaxItems();
|
|
boolean hasMoreItems = results.hasMoreItems();
|
|
int pageNum = (skipCount / maxItems) + 1;
|
|
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug(
|
|
"getPeople: "+cnt+" items in "+(System.currentTimeMillis()-start)+" msecs " +
|
|
"[pageNum="+pageNum+",skip="+skipCount+",max="+maxItems+",hasMorePages="+hasMoreItems+
|
|
",totalCount="+totalCount+",filters="+stringPropFilters+
|
|
",filtersIgnoreCase="+filterIgnoreCase+"]");
|
|
}
|
|
}
|
|
|
|
final List<PersonInfo> personInfos = new ArrayList<PersonInfo>(nodeRefs.size());
|
|
for (NodeRef nodeRef : nodeRefs)
|
|
{
|
|
Map<QName, Serializable> props = nodeService.getProperties(nodeRef);
|
|
personInfos.add(new PersonInfo(nodeRef,
|
|
(String)props.get(ContentModel.PROP_USERNAME),
|
|
(String)props.get(ContentModel.PROP_FIRSTNAME),
|
|
(String)props.get(ContentModel.PROP_LASTNAME)));
|
|
}
|
|
|
|
return new PagingResults<PersonInfo>()
|
|
{
|
|
@Override
|
|
public String getQueryExecutionId()
|
|
{
|
|
return results.getQueryExecutionId();
|
|
}
|
|
@Override
|
|
public List<PersonInfo> getPage()
|
|
{
|
|
return personInfos;
|
|
}
|
|
@Override
|
|
public boolean hasMoreItems()
|
|
{
|
|
return results.hasMoreItems();
|
|
}
|
|
@Override
|
|
public Pair<Integer, Integer> getTotalResultCount()
|
|
{
|
|
return totalCount;
|
|
}
|
|
};
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*
|
|
* @deprecated see getPeople
|
|
*/
|
|
public Set<NodeRef> getPeopleFilteredByProperty(QName propertyKey, Serializable propertyValue)
|
|
{
|
|
// check that given property key is defined for content model type 'cm:person'
|
|
// and throw exception if it isn't
|
|
if (this.dictionaryService.getProperty(ContentModel.TYPE_PERSON, propertyKey) == null)
|
|
{
|
|
throw new AlfrescoRuntimeException("Property '" + propertyKey + "' is not defined " + "for content model type cm:person");
|
|
}
|
|
|
|
List<Pair<QName, String>> filterProps = new ArrayList<Pair<QName, String>>(1);
|
|
filterProps.add(new Pair<QName, String>(propertyKey, (String)propertyValue));
|
|
|
|
PagingRequest pagingRequest = new PagingRequest(Integer.MAX_VALUE, null);
|
|
List<PersonInfo> personInfos = getPeople(filterProps, true, null, pagingRequest).getPage();
|
|
|
|
Set<NodeRef> refs = new HashSet<NodeRef>(personInfos.size());
|
|
for (PersonInfo personInfo : personInfos)
|
|
{
|
|
refs.add(personInfo.getNodeRef());
|
|
}
|
|
|
|
return refs;
|
|
}
|
|
|
|
// Policies
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void onCreateNode(ChildAssociationRef childAssocRef)
|
|
{
|
|
NodeRef personRef = childAssocRef.getChildRef();
|
|
|
|
String userName = (String) this.nodeService.getProperty(personRef, ContentModel.PROP_USERNAME);
|
|
|
|
if (getPeopleContainer().equals(childAssocRef.getParentRef()))
|
|
{
|
|
removeFromCache(userName);
|
|
}
|
|
|
|
permissionsManager.setPermissions(personRef, userName, userName);
|
|
|
|
// Make sure there is an authority entry - with a DB constraint for uniqueness
|
|
// aclDao.createAuthority(username);
|
|
|
|
if (homeFolderCreationEager)
|
|
{
|
|
makeHomeFolderAsSystem(childAssocRef);
|
|
}
|
|
}
|
|
|
|
private QName getChildNameLower(String userName)
|
|
{
|
|
return QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, userName.toLowerCase(), namespacePrefixResolver);
|
|
}
|
|
|
|
public void beforeCreateNode(
|
|
NodeRef parentRef,
|
|
QName assocTypeQName,
|
|
QName assocQName,
|
|
QName nodeTypeQName)
|
|
{
|
|
// NOOP
|
|
}
|
|
|
|
public void beforeCreateNodeValidation(
|
|
NodeRef parentRef,
|
|
QName assocTypeQName,
|
|
QName assocQName,
|
|
QName nodeTypeQName)
|
|
{
|
|
if (getPeopleContainer().equals(parentRef))
|
|
{
|
|
throw new AlfrescoRuntimeException("beforeCreateNode: use PersonService to create person");
|
|
}
|
|
else
|
|
{
|
|
logger.info("Person node is not being created under the people container (actual="+parentRef+", expected="+getPeopleContainer()+")");
|
|
}
|
|
}
|
|
|
|
public void beforeDeleteNode(NodeRef nodeRef)
|
|
{
|
|
String userName = (String) this.nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
if (this.authorityService.isGuestAuthority(userName))
|
|
{
|
|
throw new AlfrescoRuntimeException("The " + userName + " user cannot be deleted.");
|
|
}
|
|
|
|
NodeRef parentRef = null;
|
|
ChildAssociationRef parentAssocRef = nodeService.getPrimaryParent(nodeRef);
|
|
if (parentAssocRef != null)
|
|
{
|
|
parentRef = parentAssocRef.getParentRef();
|
|
if (getPeopleContainer().equals(parentRef))
|
|
{
|
|
removeFromCache(userName);
|
|
}
|
|
}
|
|
}
|
|
|
|
public void beforeDeleteNodeValidation(NodeRef nodeRef)
|
|
{
|
|
NodeRef parentRef = null;
|
|
ChildAssociationRef parentAssocRef = nodeService.getPrimaryParent(nodeRef);
|
|
if (parentAssocRef != null)
|
|
{
|
|
parentRef = parentAssocRef.getParentRef();
|
|
}
|
|
|
|
if (getPeopleContainer().equals(parentRef))
|
|
{
|
|
throw new AlfrescoRuntimeException("beforeDeleteNode: use PersonService to delete person");
|
|
}
|
|
else
|
|
{
|
|
logger.info("Person node that is being deleted is not under the parent people container (actual="+parentRef+", expected="+getPeopleContainer()+")");
|
|
}
|
|
}
|
|
|
|
private Set<NodeRef> getFromCache(String userName)
|
|
{
|
|
return this.personCache.get(userName.toLowerCase());
|
|
}
|
|
|
|
private void putToCache(String userName, Set<NodeRef> refs)
|
|
{
|
|
this.personCache.put(userName.toLowerCase(), refs);
|
|
}
|
|
|
|
private void removeFromCache(String userName)
|
|
{
|
|
this.personCache.remove(userName.toLowerCase());
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public String getUserIdentifier(String caseSensitiveUserName)
|
|
{
|
|
NodeRef nodeRef = getPersonOrNull(caseSensitiveUserName);
|
|
if ((nodeRef != null) && nodeService.exists(nodeRef))
|
|
{
|
|
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME));
|
|
return realUserName;
|
|
}
|
|
return null;
|
|
}
|
|
|
|
public static class NodeIdComparator implements Comparator<NodeRef>
|
|
{
|
|
private NodeService nodeService;
|
|
|
|
boolean ascending;
|
|
|
|
NodeIdComparator(NodeService nodeService, boolean ascending)
|
|
{
|
|
this.nodeService = nodeService;
|
|
this.ascending = ascending;
|
|
}
|
|
|
|
public int compare(NodeRef first, NodeRef second)
|
|
{
|
|
Long firstId = DefaultTypeConverter.INSTANCE.convert(Long.class, nodeService.getProperty(first, ContentModel.PROP_NODE_DBID));
|
|
Long secondId = DefaultTypeConverter.INSTANCE.convert(Long.class, nodeService.getProperty(second, ContentModel.PROP_NODE_DBID));
|
|
|
|
if (firstId != null)
|
|
{
|
|
if (secondId != null)
|
|
{
|
|
return firstId.compareTo(secondId) * (ascending ? 1 : -1);
|
|
}
|
|
else
|
|
{
|
|
return ascending ? -1 : 1;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (secondId != null)
|
|
{
|
|
return ascending ? 1 : -1;
|
|
}
|
|
else
|
|
{
|
|
return 0;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public boolean getUserNamesAreCaseSensitive()
|
|
{
|
|
return userNameMatcher.getUserNamesAreCaseSensitive();
|
|
}
|
|
|
|
/**
|
|
* When a uid is changed we need to create an alias for the old uid so permissions are not broken. This can happen
|
|
* when an already existing user is updated via LDAP e.g. migration to LDAP, or when a user is auto created and then
|
|
* updated by LDAP This is probably less likely after 3.2 and sync on missing person See
|
|
* https://issues.alfresco.com/jira/browse/ETWOTWO-389 (non-Javadoc)
|
|
*/
|
|
public void onUpdateProperties(NodeRef nodeRef, Map<QName, Serializable> before, Map<QName, Serializable> after)
|
|
{
|
|
String uidBefore = DefaultTypeConverter.INSTANCE.convert(String.class, before.get(ContentModel.PROP_USERNAME));
|
|
if (uidBefore == null)
|
|
{
|
|
// Node has just been created; nothing to do
|
|
return;
|
|
}
|
|
String uidAfter = DefaultTypeConverter.INSTANCE.convert(String.class, after.get(ContentModel.PROP_USERNAME));
|
|
if (!EqualsHelper.nullSafeEquals(uidBefore, uidAfter))
|
|
{
|
|
// Only allow UID update if we are in the special split processing txn or we are just changing case
|
|
if (AlfrescoTransactionSupport.getResource(KEY_ALLOW_UID_UPDATE) != null || uidBefore.equalsIgnoreCase(uidAfter))
|
|
{
|
|
if (uidBefore != null)
|
|
{
|
|
// Fix any ACLs
|
|
aclDao.renameAuthority(uidBefore, uidAfter);
|
|
}
|
|
|
|
// Fix primary association local name
|
|
QName newAssocQName = getChildNameLower(uidAfter);
|
|
ChildAssociationRef assoc = nodeService.getPrimaryParent(nodeRef);
|
|
nodeService.moveNode(nodeRef, assoc.getParentRef(), assoc.getTypeQName(), newAssocQName);
|
|
|
|
// Fix other non-case sensitive parent associations
|
|
QName oldAssocQName = QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, uidBefore, namespacePrefixResolver);
|
|
newAssocQName = QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, uidAfter, namespacePrefixResolver);
|
|
for (ChildAssociationRef parent : nodeService.getParentAssocs(nodeRef))
|
|
{
|
|
if (!parent.isPrimary() && parent.getQName().equals(oldAssocQName))
|
|
{
|
|
nodeService.removeChildAssociation(parent);
|
|
nodeService.addChild(parent.getParentRef(), parent.getChildRef(), parent.getTypeQName(), newAssocQName);
|
|
}
|
|
}
|
|
|
|
// Fix cache
|
|
removeFromCache(uidBefore);
|
|
}
|
|
else
|
|
{
|
|
throw new UnsupportedOperationException("The user name on a person can not be changed");
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Track the {@link ContentModel#PROP_ENABLED enabled/disabled} flag on {@link ContentModel#TYPE_USER <b>cm:user</b>}.
|
|
*/
|
|
public void onUpdatePropertiesUser(NodeRef nodeRef, Map<QName, Serializable> before, Map<QName, Serializable> after)
|
|
{
|
|
String userName = (String) after.get(ContentModel.PROP_USER_USERNAME);
|
|
if (userName == null)
|
|
{
|
|
// Won't find user
|
|
return;
|
|
}
|
|
// Get the person
|
|
NodeRef personNodeRef = getPersonOrNull(userName);
|
|
if (personNodeRef == null)
|
|
{
|
|
// Don't attempt to maintain enabled/disabled flag
|
|
return;
|
|
}
|
|
|
|
// Check the enabled/disabled flag
|
|
Boolean enabled = (Boolean) after.get(ContentModel.PROP_ENABLED);
|
|
if (enabled == null || enabled.booleanValue())
|
|
{
|
|
nodeService.removeAspect(personNodeRef, ContentModel.ASPECT_PERSON_DISABLED);
|
|
}
|
|
else
|
|
{
|
|
nodeService.addAspect(personNodeRef, ContentModel.ASPECT_PERSON_DISABLED, null);
|
|
}
|
|
|
|
// Do post-commit user counting, if required
|
|
Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
|
|
usersCreated.add(userName);
|
|
AlfrescoTransactionSupport.bindListener(this);
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public void beforeCommit(boolean readOnly)
|
|
{
|
|
// check whether max users has been exceeded
|
|
RunAsWork<Long> getMaxUsersWork = new RunAsWork<Long>()
|
|
{
|
|
@Override
|
|
public Long doWork() throws Exception
|
|
{
|
|
return repoAdminService.getRestrictions().getUsers();
|
|
}
|
|
};
|
|
Long maxUsers = AuthenticationUtil.runAs(getMaxUsersWork, AuthenticationUtil.getSystemUserName());
|
|
if(maxUsers == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
Long users = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Long>()
|
|
{
|
|
public Long doWork() throws Exception
|
|
{
|
|
repoAdminService.updateUsage(UsageType.USAGE_USERS);
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Number of users is " + repoAdminService.getUsage().getUsers());
|
|
}
|
|
return repoAdminService.getUsage().getUsers();
|
|
}
|
|
} , AuthenticationUtil.getSystemUserName());
|
|
|
|
// Get the set of users created in this transaction
|
|
Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
|
|
|
|
// If we exceed the limit, generate decent message about which users were being created, etc.
|
|
if (users > maxUsers)
|
|
{
|
|
List<String> usersMsg = new ArrayList<String>(5);
|
|
int i = 0;
|
|
for (String userCreated : usersCreated)
|
|
{
|
|
i++;
|
|
if (i > 5)
|
|
{
|
|
usersMsg.add(" ... more");
|
|
break;
|
|
}
|
|
else
|
|
{
|
|
usersMsg.add(userCreated);
|
|
}
|
|
}
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Maximum number of users exceeded: " + usersCreated);
|
|
}
|
|
throw AlfrescoRuntimeException.create(SYSTEM_USAGE_WARN_LIMIT_USERS_EXCEEDED_VERBOSE, maxUsers, usersMsg);
|
|
}
|
|
|
|
// Get the usages and log any warnings
|
|
RepoUsageStatus usageStatus = repoAdminService.getUsageStatus();
|
|
usageStatus.logMessages(logger);
|
|
}
|
|
|
|
public int countPeople()
|
|
{
|
|
NodeRef peopleContainer = getPeopleContainer();
|
|
return nodeService.countChildAssocs(peopleContainer, true);
|
|
}
|
|
|
|
/**
|
|
* Helper for when creating new users and people:
|
|
* Updates the supplied username with any required tenant
|
|
* details, and ensures that the tenant domains match.
|
|
* If Multi-Tenant is disabled, returns the same username.
|
|
*/
|
|
public static String updateUsernameForTenancy(String username, TenantService tenantService)
|
|
throws TenantDomainMismatchException
|
|
{
|
|
if(! tenantService.isEnabled())
|
|
{
|
|
// Nothing to do if not using multi tenant
|
|
return username;
|
|
}
|
|
|
|
String currentDomain = tenantService.getCurrentUserDomain();
|
|
if (! currentDomain.equals(TenantService.DEFAULT_DOMAIN))
|
|
{
|
|
if (! tenantService.isTenantUser(username))
|
|
{
|
|
// force domain onto the end of the username
|
|
username = tenantService.getDomainUser(username, currentDomain);
|
|
logger.warn("Added domain to username: " + username);
|
|
}
|
|
else
|
|
{
|
|
// Check the user's domain matches the current domain
|
|
// Throws a TenantDomainMismatchException if they don't match
|
|
tenantService.checkDomainUser(username);
|
|
}
|
|
}
|
|
return username;
|
|
}
|
|
} |