mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-06-30 18:15:39 +00:00
da8bdafbcc
47880: Create branch for Cloud Convergence from the latest state of HEAD (Revision 47874)
47886: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
33052: (RECORD ONLY) Branch for Enterprise 4.0 service pack development
38002: (RECORD ONLY) Create branch for 4.1 Enterprise releases, based on 4.0.2
38003: (RECORD ONLY) Update version to 4.1.0
38079: (RECORD ONLY) Updated schema version to 5100
38536: (RECORD ONLY) Merged V4.1-BUG-FIX to V4.1
38219: ALF-14674: DOS voodoo to make start_deployment.bat work, as installed by Bitrock
38344: ALF-14674: Deployment installer still doesn't work
- Use ${installdir.escape_backslashes} instead of ${installdir}
38471: ALF-14674: Deployment installer still doesn't work
- Correction to use of ${installdir.escape_backslashes}
39519: (RECORD ONLY) Merged PATCHES/V4.0.2 to V4.1
38899: ALF-15005: Merged V4.0-BUG-FIX to PATCHES/V4.0.2
37920: ALF-13816: Permission Denied on web-client browsing if parent does not inherit permissions
- FileFolderService getNamePath() now performs toFileInfo() as SystemUser.
38900: ALF-15005: Merged V4.1-BUG-FIX to PATCHES/V4.0.2
38549: ALF-11861: Maintain the same defuault root of WebDav for Alfresco 4.0 as was in pre-4.0
Removed overriding protocols.rootPath property from installer and enterprise overlay versions of alfresco-global.properties so that correct setting in repository.properties is used.
39494: ALF-15213 / ALF-15170: Can't change folder permissions in Private or Public-moderated sites
- Fix by Dmitry V
44843: (RECORD ONLY) Created hotfix branch off V4.1 build 372 revision 44743 (candidate 4.1.2 release)
45708: (RECORD ONLY) Merged PATCHES/V4.1.2 to PATCHES/V4.1.3
45570: Merged V3.4-BUG-FIX to PATCHES/V4.1.2
43939: ALF-17197 / ALF-16917: Merged PATCHES/V3.4.11 to V3.4-BUG-FIX
43896: MNT-198: Activity feeds get not generated in private sites for added files if username in LDAP-AD contains uppercase letters
- Now we can cope with a runAs where the username is in the wrong case
45714: (RECORD ONLY) Merged BRANCHES/DEV/V4.1-BUG-FIX to PATCHES/DEV/V4.1.3
45513: MNT-279: Use binary search in cached authority search to cut down search time when a group contains an astronomical number of authorities
- Experimental fix to cut down on severe profiling hit
45715: (RECORD ONLY) Merged BRANCHES/DEV/V4.1-BUG-FIX to PATCHES/V4.1.3
44848: Fix for ALF-17178 SolrLuceneAnalyser.findAnalyser generating InavlidQNameExceptions wher they are easily protected.
46188: (RECORD ONLY) Merged BRANCHES/DEV/V4.1-BUG-FIX to PATCHES/V4.1.3
46014: Fix for ALF-17732 - SWF files are considered insecure content and should not be displayed directly in the browser.
46160: Fix for ALF-17759 - HTML files are stripped from metadata and style information after they are uploaded.
46165: Fix for ALF-17787 - Site Members 'All Members' link should not run query immediately
46169: Fix for ALF-17787 - Site Members 'All Members' link should not run query immediately - missing file
46186: Fix for ALF-17786 - Site dashboard page issues too many requests (Site Members dashlet issues avatar requests when it doesn't need too)
46242: (RECORD ONLY) Merged BRANCHES/DEV/V4.1-BUG-FIX to PATCHES/V4.1.3:
46184: Refactoring a test class to use JUnit Rules - as part of attempt to reproduce ALF-17797.
46192: Enhancement to JUnit Rule TemporaryNodes.java as required by fix for ALF-17797.
46194: Fix for ALF-17797. AddFailedThumbnailActionExecuter is failing.
46710: (RECORD ONLY) Create branch for Cloud Convergence from the latest state of 4.1.3 (RC5, Build 85, Revision 46648)
47908: Merged from DEV/CONV_V143 to DEV/CONV_HEAD
46788: Merged from BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413
Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30323: (RECORD ONLY) Merged HEAD to BRANCHES/DEV/THOR1:
30171: ALF-9613: caching content store. Various improvements and bug fixes. Including:
30325: THOR-114: S3 content store
30326: THOR-128: S3 content store
30333: THOR-139 F101: Get account for user e-mail id
30335: Merge from THOR0 to THOR1
r30274: THOR-135 is email address accepted by Alfresco? Part One.
30340: THOR-99: Thor module - enable tests
30341: Removing duplicate account-service-context.xml file.
30343: Merge THOR0 to THOR1
30339: Test email singup in Share complete
30338: New form runtime features:
- Yellow background is displayed for mandatory fields without value
- Red background dis displayed for fields with validation errors
- Error message is displayed in a balloon when fields with error has focus
- Using balloons is now the default method of displaying errors
- Removed balloon code form create site menu since its now handled automatically
- An alternative to balloons are "error containers" (div with clickable red text labels focusing the field): setErrorContainer(divEl)
- Its possible to setMultipleErrors(true) to display all the forms/fields errors in the "error container"/ballon.
- Its possible to turn of the balloons and error containers complete by setting setErrorContainer(null)
- js validation handlers no longer needs to handle the messages OR the css classes for mandatory & invalid
30344: Missing value check caused js undefined error
30346: Minor css form fixes
30347: THOR-126: S3 content store - do not swallow exceptions
30348: THOR-66: disable unused services/features
30349: THOR-137 F88: Add existing external user (from another network) checkpoint
30350: THOR-135 Is email address accepted by Alfresco.
46789: Merged from BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413
35594: Fix merge issue
47930: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
46762: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46768: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46769: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46778: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46780: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46786: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46791: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46792: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46808: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46809: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46819: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46829: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46839: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46842: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46844: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46846: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46847: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46876: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46877: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46878: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46879: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46880: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46881: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47947: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
46737: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
35288: Alfresco Cloud (from BRANCHES/V4.0)
35389: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30170: Thor branch based on Swift feature complete
30185: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
28973: THOR-1: verify ability to create DB schema programatically on AWS RDS (for MySQL & Oracle)
28999: THOR-3: Tenant Routing Data Source (dynamic tenant-aware DB connection pools)
29022: THOR-1: verify ability to create DB schema programatically on AWS RDS (for MySQL & Oracle)
29031: THOR-1: verify ability to create DB schema programatically on AWS RDS (for MySQL & Oracle)
30186: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1: (3 conflicts resolved)
29116: THOR-3: Tenant Routing Data Source (dynamic tenant-aware DB connection pools)
29174: THOR-24 Set up new Alfresco AMP module project.
29186: THOR-25 Copy and refactor Account Service from SambaJAM
29193: ImporterComponent - prep for THOR-7
29198: THOR-7: Tenant Service API - Create Tenant (using separate DB schema)
29204: THOR-29 Account Type Registry
29234: THOR-7: Tenant Service API - Create Tenant (using separate DB schema)
29246: THOR-7: Tenant Service API - Create Tenant (using separate DB schema)
29251: THOR-30 Added AccountDAO interface along with two implementations:
AccountDAOImpl (not implemented) which will manage Account data in an RDB via iBatis.
AccountDAO_InMemory which manages AccountInfo in simple HashMaps for testing purposes only.
29258: THOR-28
29259: Addendum to THOR-25. Moved account-service spring config into a subfolder. (trivial)
35393: (RECORD ONLY) Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
- fix up classpath (remove mybatis 1.0.0 -> 1.0.1 and chemistry 0.4.0 -> 0.6.0)
35411: (RECORD ONLY) Merged BRANCHES/DEV/V4.0-BUG-FIX to BRANCHES/DEV/CLOUD1:
35409: Merged HEAD to BRANCHES/DEV/V4.0-BUG-FIX:
35399: ALF-12874: Schema reference files are out of date.
35452: (RECORD ONLY) Merged BRANCHES/DEV/V4.0-BUG-FIX to BRANCHES/DEV/CLOUD1:
34219: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/V4.0-BUG-FIX:
32096: THOR-429: Fix "MT: Thumbnail + Preview are not updated (after uploading new version)"
32125: THOR-429: Fix "MT: Thumbnail + Preview are not updated (after uploading new version)"
34220: Minor: follow-on to r34219 (ALF-11563)
34747: ALF-13262: adding missing indexes for new schema's (activiti-schema create) + schema patch for existing schema
35417: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/V4.0-BUG-FIX: (THOR-6 / ALF-13755)
29356: THOR-6: MT is configured (but not enabled) by default - will be auto-enabled when first tenant is created
29455: THOR-6: build test/fix
29471: THOR-6: build test/fix
35423: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/V4.0-BUG-FIX: (THOR-4 / ALF-13756)
29500: THOR-4: Replace Tenant attributes with Tenant table (alf_tenant)
29501: THOR-4: Replace Tenant attributes with Tenant table (alf_tenant)
29503: THOR-4: Replace Tenant attributes with Tenant table (alf_tenant)
47949: Merged HEAD to BRANCHES/DEV/CONV_HEAD:
47914: Merge fix for org.alfresco.repo.cache.AbstractAsynchronouslyRefreshedCache<T> R 46078, 46079, 46121
47958: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
46746: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
35455: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30187: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29260: THOR: Initial Tenant Admin Service REST API - create, delete, get (list) web scripts
29356: THOR-6: MT is configured by default
29366: THOR-59: selectively disable certain test suites (for THOR dev build plan)
29377: THOR-59: selectively disable certain test suites (for THOR dev build plan)
29398: Refactoring of code to remove deprecation warnings. Replaced lots of object.field accesses with object.getField() calls.Trivial changes, but with so many warnings I can't see the wood for the trees.
29400: THOR-59: selectively disable certain test suites (for THOR dev build plan)
35456: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30188: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29442: THOR-59: selectively disable certain test suites (for THOR dev build plan)
29453: THOR-59: selectively disable certain test suites (for THOR dev build plan)
29455: THOR-76: track THOR build test failures and fix-up
29471: THOR-76: track THOR build test failures and fix-up
35459: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30189: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29473: Preliminary checkin for THOR-44. Created placeholder interface/impl/spring config for a new UserService.
29497: THOR-76: track THOR build test failures and fix-up ( LicenseComponentTest)
29500: THOR-4: Replace Tenant attributes with Tenant table (alf_tenant)
29501: THOR-4: Replace Tenant attributes with Tenant table (alf_tenant)
29503: THOR-4: Replace Tenant attributes with Tenant table (alf_tenant)
29511: THOR-59: selectively disable certain test suites (for THOR dev build plan)
29512: Adding a new JUnit4 test class with an @Ignore'd test in it - to see how Bamboo reports these.
29514: THOR: Initial Tenant Admin Service REST API - create, delete, list web scripts
29515: THOR-59: selectively disable certain test suites (for THOR dev build plan)
29521: THOR-79 - mark AVM sitestore as unindexed
35461: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30190: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29533: THOR-59: exclude certain N/A tests
29555: THOR-76: track THOR build test failures
29630: Added ant build targets for Cloud Module and a new executable for the Alfresco devenv.
29664: THOR-76: exclude system test suites
29667: THOR-64: add initial support for tenant routing data source
29676: THOR-76: exclude intermittent ActionTrackingServiceImplTest (pending ALF-9773 & ALF-9774)
29677: THOR-80: MT-aware S3 content store
29678: THOR-80: MT-aware S3 content store
29680: THOR-80: MT-aware S3 content store
29693: THOR-80: MT-aware S3 content store
29694: THOR-80: MT-aware S3 content store
47959: CONV_HEAD: CLOUD-1348 - comment back in MultiTDemoTest.testDeleteAllTenants
47967: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
46748: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
35464: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30195: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29774: Refactor Account DAO and Service. Boost Tests. Add appropriate headers.
29776: THOR-76: exclude intermittent ActionTrackingServiceImplTest (pending ALF-9773 & ALF-9774)
29795: Implemented MyBatis-backed Account DAO:
29817: Move (and rename) user service from repository to thor
30196: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29827: THOR-69: TenantAdminDAO
29832: THOR-78: fix tenantEntityCache (shared)
29834: THOR-111: experimental config option for S3 content store to support flat root (ie. all tenant files in single folder)
29856: THOR updates
29857: THOR-76: exclude build components/projects
46761: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
35478: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30198: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29869: THOR-92. BPMN2.0 workflow definition for account self-signup.
29871: THOR-93. REST API for self signup (and miscellaneous related items).
29882: THOR-102: Faster CreateTenant
29888: THOR-95. Placeholder email template for self-signup.
29889: Completion of THOR-95. Placeholder emails for self-signup.
Added a 'you've already registered' template.
29896: THOR-89F100: Create User Foundation API…
29912: Fix issue where module believed it was still executed after delete tenant
29940: THOR-96. First cut of a signup email sender delegate. This will be refined later - probably both in this sprint and the next.
29966: Fixing InvitationServiceImplTest failing tests, which are failing because the email templates are not there.
29978: THOR-89: Switch tenant for person creation
29982: THOR-89: Fix multi-domain account creation test after review with Jan
29983: THOR-102: Faster CreateTenant
29985: THOR-90: F99 Is email address already registred foundation API
29991: THOR-99: Thor module build/packaging
29994: Changes for THOR-92, THOR-93 and THOR-96.
30199: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29995: THOR-93. Use the proper sspring config in the test case.
29996: THOR-99: Thor module build/packaging
29997: Consolidated DaveC's EmailAddressService and my EMailUtil into a single feature.
29998: Follow-on to previous check-in (29997). Deletion of now-unused folder.
30000: Blatant attempt to get svn r=30k. Removing some dead config.
30001: THOR-96. Ensure that we get a meaningful exception when attempting to activate an account with no pending workflow for that email.
30036: Resolve issues with tenant-independent user store - can now login via Share
30041: Package and auto deploy of license with Thor module
30048: Ensure that when a duplicate email prevents a workflow from creating an account, that the workflow still ends gracefully.
30049: Removing a dead class that I'd used to see how our Bamboo handles @Ignore(message=msg) @Test annotations.
30054: THOR-84 F82: List Accounts Foundation API
30067: THOR-87 List Accounts REST API.
30069: THOR-87. Completion of listAccounts REST API.
Fixed the problems in the JUnit test case and tweaked the FTL slightly.
30071: Cosmetic changes as part of THOR-93.
30072: Oops. Broke a test case. Follow-on to previous (30071) check-in which cosmetically changed JSON as part of THOR-93.
30073: As part of THOR-93 (REST API signup) I have made the 2 webscripts usable without any authentication.
30074: Trivial fix to an error string.
30076: THOR-93. The account-activation.post webscript now includes the provided workflowInstanceId when identifying the ongoing workflow.
30077: Fix Email validator to allow for example domains
30202: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
30140: Refactor of account signup workflow
30142: No longer require email address for activation step of sign-up
30143: Remove use of task query in account signup workflow
30146: thor-share project structure
30147: Buildfix (removed modules not used by THOR)
30151: Incorporate already registered use case into account signup workflow
30152: Finally resolve license loading in Eclipse based tests
30203: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
30184: Build box fix as a result of not including certian components
30206: Fix blatant merge issues
47972: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
46766: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
35497: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/CLOUD1:
29723: THOR-31: MT-aware shared caches
29749: THOR-5: MT-aware immutable singletons
29762: THOR-31: MT-aware shared cache
46767: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
35507: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30237: Merged BRANCHES/DEV/THOR0 to BRANCHES/DEV/THOR1:
29532: THOR-79 - add ability to disable Lucene indexes (so that IndexInfo / IndexInfoBackup files are not created per store per tenant)
29723: THOR-31: MT-aware shared caches
29749: THOR-5: MT-aware immutable singletons
29762: THOR-31: MT-aware shared cache
47973: CONV_HEAD: CLOUD-1348 - comment back in MultiTDemoTest tests (testNonSharedGroupDeletion & testSharedGroupDeletion)
47975: CONV_HEAD: CLOUD-1348 - comment back in FeedNotifierTest.testFailedNotifications
47988: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
46775: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
35531: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30449: F66: add option to configure a common "contentRootContainerPath"
30564: THOR-156: prep - consolidate runAsSystemTenant/runAsPrimaryTenant
35532: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30777: THOR-201: temporarily comment-out MultiTDemoTest.testDeleteArchiveAndRestoreContent (pending fix for THOR-201)
48008: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
46844: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46895: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46903: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46907: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46922: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46974: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46991: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46992: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46994: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47107: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47265: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47267: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47272: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47277: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47284: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47286: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47289: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47292: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
48009: Merged DEV/CONV_V413 to DEV/CONV_HEAD
46801: Merged from BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413
35602: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30513: Cloud Share module
30515: Fix issue with person replication between tenants.
30516: Slight mod to email validation web script response.
30518: Quick fix for workflow id generation in sign email
30534: THOR-163: Unable to get license file
30535: Fix Thor build process.
30536: Refine user's home site name and description
30539: THOR-96. When sending the signup email, execute the mail action asynchronously.
30542: Replace placeholder text in sign-up email
30543: Account Activation
46802: Merged from BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413
35643: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30544: Account activation
30545: Account activation
30550: AMP build targets
30554: THOR-94. Cloud site invitation workflow.
30555: AMP build targets - added client side resources
48011: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
47056: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47087: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47228: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47271: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47297: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47299: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47300: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47301: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47304: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47328: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47330: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
47339: (RECORD ONLY) Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
48013: Merged DEV/CONV_V413 to DEV/CONV_HEAD (commiting the missing merge info for r48009)
46801: Merged from BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413
35602: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30513: Cloud Share module
30515: Fix issue with person replication between tenants.
30516: Slight mod to email validation web script response.
30518: Quick fix for workflow id generation in sign email
30534: THOR-163: Unable to get license file
30535: Fix Thor build process.
30536: Refine user's home site name and description
30539: THOR-96. When sending the signup email, execute the mail action asynchronously.
30542: Replace placeholder text in sign-up email
30543: Account Activation
46802: Merged from BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413
35643: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30544: Account activation
30545: Account activation
30550: AMP build targets
30554: THOR-94. Cloud site invitation workflow.
30555: AMP build targets - added client side resources
48015: Merged DEV/CONV_V413 to DEV/CONV_HEAD
46841: Merged from BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413
35684: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30904: (RECORD ONLY) Merged HEAD to BRANCHES/DEV/THOR1:
30270 ALF-9492 Can now update task properties through the Workflow JavaScript API. ALF-10087 Fixed failing Multi-tenancy tests.
30288 ALF-9492 Can now update task properties through the Workflow JavaScript API.
30309 Fixed failing MultiTDemoTest and re-enabled.
30356 ALF-10117: JBPM workflows should be hidden.
30358 Build fix, fallout from ALF-10117 (JBPM workflows should be hidden)
30415 Added parseRootElement() method to Activiti's BPMNParseListener.
30452 ALF-10276: Reject flow didn't set bpm_assignee property properly
30563 Added tests to ensure multi-tenancy works and fixed several multi-tenancy issues in workflow.
30698 ALF-9541: Fixed HistoricTaskEntity update when TaskEntity is loaded from DB
30699 ALF-10084, ALF-10242. Fixed issues and added WorkflowService methods to get workflow instances without filtering by definition id.
30750 ALF-10197, Added the ability to auto-complete Start Tasks in Activiti. If a start task extends the bpm:activitiStartTask type or implements the bpm:endAutomatically aspect then the task will be ended as soon as the workflow instance is started.
30796 ALF-10374 Fixed failing MultiTDemoTest
30908: Add logging for failed email domain lookups:
30922: Rolling back .classpath changes to Data Model.
30930: Basic version of site invite working
30931: THOR-172: Switch Tenant via public API
30936: Allow for repo web scripts to switch to user's default tenant via -default- tenant id:
30937: Implementation of THOR-214. There is now a new repo webscript to retrieve signup status for a given {id, key} pair.
30938: Allow dev email address to be specified in properties file:
30945: THOR-221: Add (EntityLookup) cache to AccountDAO
30946: Build fix. Renaming a test infrastructure class so that it doesn't get picked up by the ant test targets.
30955: THOR-222. Added inviter first and last name to invitation-status.get webscript.
46843: Merged from BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413
35694: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30997: Firefox scrollbars removed on "invitation" and "signup" pages (now using new helper method Alfresco.util.createYUIOverlay)
31001: Impl of THOR-223. Webscripts for getting pending invitations.
31002: Invite - redirect bug fixed, removed old code matching previous webscript api, email picker style fixes
31003: Addendum for THOR-223. I've added an explicit test to record the fact that pending-invitations.get to a non-existent site returns 200 and an empty collection rather than a 404.
31004: Adding REST-client .rcq files as part of THOR-223
46848: Merged from BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413
35700: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
31014: (RECORD ONLY) Merged HEAD to BRANCHES/DEV/THOR1:
30999: ALF-9957 - MT: test and fix subscriptions (followers)
31020: Update invite email template to bring in line with wireframe and text
31021: Apply latest sanitized email blacklist:
31030: Fixed THOR-226 "DocLib "Detailed View" (default) does not list items - note: "Simple View" seems to be OK"
31033: THOR-228: Update aws sample file with quota config for cachingcontentstore
31036: Fixed THOR-236 "Webscript URL clash in signup"
31037: THOR-175: set and enforce per-tenant quota
31043: Fixed THOR-174 "F27: User can switch between networks they belong to"
46854: Merged from BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413
35725: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
31124: Fix for THOR-145. This check-in makes the Cloud Signup and Invitation workflows hidden within Share - users can't initiate them via "Start workflow..."
48016: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
46793: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46795: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46796: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
48030: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
46820: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
35657: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30556: THOR-135F103: Is e-mail address accepted by Alfresco?
30562: Fixing a typo in the email-validation FTL. It was returning invalid JSON - no opening " on a string.
30569: THOR-156: switch to secondary tenant (initially via @@login)
30571: THOR-99: Thor build
48037: Merged BRANCHES/DEV/CONV_V413 to BRANCHES/DEV/CONV_HEAD:
46821: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
35659: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30586: THOR-166. I've added an additional check at the start of the signup workflow that checks if the email is blocked.
30587: THOR-163: S3ContentReader fails to getObjectDetails
30592: THOR-156: switch to secondary tenant (initially via @@login)
35660: Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30607: (RECORD ONLY) Merged HEAD to BRANCHES/DEV/THOR1:
30208: Remaining commits for ALF-9510
30218: Fix build - add missing files
30254: Encryption related documentation, source code comments
30392: Fix for ALF-10205
30405: Fix for ALF-10189
30406: Fix for ALF-10189: part 2 - minor update
30613: THOR-148. The cloud test target was accidentally excluding *RestTest.java.
30613: THOR-148. The cloud test target was accidentally excluding *RestTest.java.
30614: Revert some of the additional email checks in registration process
30615: Set ignore patterns for build dir in thor module
30619: Merged HEAD to BRANCHES/DEV/THOR1:
30618: Additional test classes that allow for easier testing of Notifications (emails mostly).
30622: Ensure use of System user, not system user
30624: Removed deep merge info
30625: Switch off creation of missing people, use Admin instead of System
46824: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
46828: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
48038: Merged DEV/CONV_V413 to DEV/CONV_HEAD (ui-only)
46830: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30737: (RECORD ONLY) Merged HEAD to BRANCHES/DEV/THOR1:
30736: ALF-6706 - MT: activities not generated (for tenants)
30738: Site invite (rough version, not finished)
30741: THOR-175: Set and enforce file space quota for tenant
30752: Site invite - added som padding to user suggestion list
30753: Disabling 2 tests while I fix them.
30758: THOR-172 F63: Switch Tenant via public REST API:
30764: Tweak to Activiti integration code to prevent it from trying to create person nodes for the System user.
30766: Implementation of THOR-196. Inviting multiple email addresses in a single call.
30769: Re-enable MultiTDemoTest
30775: Site invite
30776: THOR-172: Switch Tenant via public API
30785: Add tenant id to account info returned in Thor responses
48043: Merged DEV/CONV_V413 to DEV/CONV_HEAD
46831: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30813: Add Eclipse project for Thor-Share module:
30815: THOR-175: Set and enforce file space quota for tenant
30817: Switch network skeleton code and minor fixes
30818: Update Share Node Browser (at least for THOR) to allow option to retrieve "storeroot" via DB query
30826: Add distribute-solr to Thor builds
48045: Merged BRANCHES/DEV/CLOUD2 to BRANCHES/DEV/CONV_V413:
Merged BRANCHES/DEV/THOR1 to BRANCHES/DEV/CLOUD1:
30737: (RECORD ONLY) Merged HEAD to BRANCHES/DEV/THOR1:
30736: ALF-6706 - MT: activities not generated (for tenants)
30738: Site invite (rough version, not finished)
30741: THOR-175: Set and enforce file space quota for tenant
30752: Site invite - added som padding to user suggestion list
30753: Disabling 2 tests while I fix them.
30758: THOR-172 F63: Switch Tenant via public REST API:
30764: Tweak to Activiti integration code to prevent it from trying to create person nodes for the System user.
30766: Implementation of THOR-196. Inviting multiple email addresses in a single call.
30769: Re-enable MultiTDemoTest
30775: Site invite
30776: THOR-172: Switch Tenant via public API
30785: Add tenant id to account info returned in Thor responses
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@48251 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2597 lines
104 KiB
Java
2597 lines
104 KiB
Java
/*
|
|
* Copyright (C) 2005-2013 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.repo.site;
|
|
|
|
import java.io.Serializable;
|
|
import java.util.ArrayList;
|
|
import java.util.Collections;
|
|
import java.util.Comparator;
|
|
import java.util.HashMap;
|
|
import java.util.HashSet;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
import java.util.SortedSet;
|
|
import java.util.StringTokenizer;
|
|
import java.util.TreeSet;
|
|
import java.util.regex.Matcher;
|
|
import java.util.regex.Pattern;
|
|
|
|
import org.alfresco.error.AlfrescoRuntimeException;
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.query.CannedQuery;
|
|
import org.alfresco.query.CannedQueryFactory;
|
|
import org.alfresco.query.CannedQueryResults;
|
|
import org.alfresco.query.PagingRequest;
|
|
import org.alfresco.query.PagingResults;
|
|
import org.alfresco.repo.activities.ActivityType;
|
|
import org.alfresco.repo.admin.SysAdminParams;
|
|
import org.alfresco.repo.cache.SimpleCache;
|
|
import org.alfresco.repo.node.NodeServicePolicies;
|
|
import org.alfresco.repo.node.NodeServicePolicies.OnRestoreNodePolicy;
|
|
import org.alfresco.repo.node.getchildren.FilterProp;
|
|
import org.alfresco.repo.node.getchildren.FilterPropString;
|
|
import org.alfresco.repo.node.getchildren.FilterPropString.FilterTypeString;
|
|
import org.alfresco.repo.node.getchildren.GetChildrenCannedQuery;
|
|
import org.alfresco.repo.node.getchildren.GetChildrenCannedQueryFactory;
|
|
import org.alfresco.repo.policy.BehaviourFilter;
|
|
import org.alfresco.repo.policy.JavaBehaviour;
|
|
import org.alfresco.repo.policy.PolicyComponent;
|
|
import org.alfresco.repo.search.impl.lucene.AbstractLuceneQueryParser;
|
|
import org.alfresco.repo.security.authentication.AuthenticationContext;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
|
|
import org.alfresco.repo.security.permissions.AccessDeniedException;
|
|
import org.alfresco.repo.tenant.TenantService;
|
|
import org.alfresco.repo.tenant.TenantUtil;
|
|
import org.alfresco.repo.tenant.TenantUtil.TenantRunAsWork;
|
|
import org.alfresco.repo.transaction.RetryingTransactionHelper;
|
|
import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
|
|
import org.alfresco.service.cmr.activities.ActivityService;
|
|
import org.alfresco.service.cmr.dictionary.DictionaryService;
|
|
import org.alfresco.service.cmr.model.FileFolderService;
|
|
import org.alfresco.service.cmr.model.FileInfo;
|
|
import org.alfresco.service.cmr.model.FileNotFoundException;
|
|
import org.alfresco.service.cmr.repository.ChildAssociationRef;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.search.LimitBy;
|
|
import org.alfresco.service.cmr.search.ResultSet;
|
|
import org.alfresco.service.cmr.search.SearchParameters;
|
|
import org.alfresco.service.cmr.search.SearchService;
|
|
import org.alfresco.service.cmr.security.AccessPermission;
|
|
import org.alfresco.service.cmr.security.AccessStatus;
|
|
import org.alfresco.service.cmr.security.AuthorityService;
|
|
import org.alfresco.service.cmr.security.AuthorityService.AuthorityFilter;
|
|
import org.alfresco.service.cmr.security.AuthorityType;
|
|
import org.alfresco.service.cmr.security.NoSuchPersonException;
|
|
import org.alfresco.service.cmr.security.PermissionService;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.service.cmr.security.PublicServiceAccessService;
|
|
import org.alfresco.service.cmr.site.SiteInfo;
|
|
import org.alfresco.service.cmr.site.SiteMemberInfo;
|
|
import org.alfresco.service.cmr.site.SiteService;
|
|
import org.alfresco.service.cmr.site.SiteVisibility;
|
|
import org.alfresco.service.cmr.tagging.TaggingService;
|
|
import org.alfresco.service.namespace.NamespaceService;
|
|
import org.alfresco.service.namespace.QName;
|
|
import org.alfresco.service.transaction.TransactionService;
|
|
import org.alfresco.util.Pair;
|
|
import org.alfresco.util.PropertyCheck;
|
|
import org.alfresco.util.PropertyMap;
|
|
import org.alfresco.util.registry.NamedObjectRegistry;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.json.JSONException;
|
|
import org.json.JSONObject;
|
|
import org.springframework.context.ApplicationEvent;
|
|
import org.springframework.extensions.surf.util.AbstractLifecycleBean;
|
|
import org.springframework.extensions.surf.util.ParameterCheck;
|
|
|
|
/**
|
|
* Site Service Implementation. Also bootstraps the site AVM and DM stores.
|
|
*
|
|
* @author Roy Wetherall
|
|
*/
|
|
public class SiteServiceImpl extends AbstractLifecycleBean implements SiteServiceInternal, SiteModel, NodeServicePolicies.OnRestoreNodePolicy
|
|
{
|
|
/** Logger */
|
|
private static Log logger = LogFactory.getLog(SiteServiceImpl.class);
|
|
|
|
/** The DM store where site's are kept */
|
|
public static final StoreRef SITE_STORE = new StoreRef("workspace://SpacesStore");
|
|
|
|
/** Activity tool */
|
|
private static final String ACTIVITY_TOOL = "siteService";
|
|
|
|
private static final String SITE_PREFIX = "site_";
|
|
private static final String GROUP_SITE_PREFIX = PermissionService.GROUP_PREFIX + SITE_PREFIX;
|
|
private static final int GROUP_PREFIX_LENGTH = PermissionService.GROUP_PREFIX.length();
|
|
private static final int GROUP_SITE_PREFIX_LENGTH = GROUP_SITE_PREFIX.length();
|
|
|
|
// note: caches are tenant-aware (if using EhCacheAdapter shared cache)
|
|
|
|
private SimpleCache<String, Object> singletonCache; // eg. for siteHomeNodeRef
|
|
private final String KEY_SITEHOME_NODEREF = "key.sitehome.noderef";
|
|
|
|
private SimpleCache<String, NodeRef> siteNodeRefCache; // for site shortname to nodeRef lookup
|
|
|
|
private String sitesXPath;
|
|
|
|
/** Messages */
|
|
private static final String MSG_UNABLE_TO_CREATE = "site_service.unable_to_create";
|
|
private static final String MSG_SITE_SHORT_NAME_TOO_LONG = "site_service.short_name_too_long";
|
|
private static final String MSG_VISIBILITY_GROUP_MISSING = "site_service.visibility_group_missing";
|
|
private static final String MSG_CAN_NOT_UPDATE = "site_service.can_not_update";
|
|
private static final String MSG_CAN_NOT_DELETE = "site_service.can_not_delete";
|
|
private static final String MSG_CAN_NOT_REMOVE_MSHIP = "site_service.can_not_remove_membership";
|
|
private static final String MSG_DO_NOT_CHANGE_MGR = "site_service.do_not_change_manager";
|
|
private static final String MSG_CAN_NOT_CHANGE_MSHIP="site_service.can_not_change_membership";
|
|
private static final String MSG_SITE_CONTAINER_NOT_FOLDER = "site_service.site_container_not_folder";
|
|
private static final String MSG_INVALID_SITE_TYPE = "site_service.invalid_site_type";
|
|
|
|
/* Services */
|
|
private NodeService nodeService;
|
|
private NodeService directNodeService;
|
|
private FileFolderService fileFolderService;
|
|
private SearchService searchService;
|
|
private NamespaceService namespaceService;
|
|
private PermissionService permissionService;
|
|
private ActivityService activityService;
|
|
private PersonService personService;
|
|
private AuthenticationContext authenticationContext;
|
|
private TaggingService taggingService;
|
|
private AuthorityService authorityService;
|
|
private DictionaryService dictionaryService;
|
|
private TenantService tenantService;
|
|
private RetryingTransactionHelper retryingTransactionHelper;
|
|
private Comparator<String> roleComparator;
|
|
private SysAdminParams sysAdminParams;
|
|
private BehaviourFilter behaviourFilter;
|
|
private SitesPermissionCleaner sitesPermissionsCleaner;
|
|
private PolicyComponent policyComponent;
|
|
private PublicServiceAccessService publicServiceAccessService;
|
|
|
|
private NamedObjectRegistry<CannedQueryFactory<NodeRef>> cannedQueryRegistry;
|
|
|
|
|
|
/**
|
|
* Set the path to the location of the sites root folder. For example:
|
|
* <pre>
|
|
* ./app:company_home/st:sites
|
|
* </pre>
|
|
* @param sitesXPath a valid XPath
|
|
*/
|
|
public void setSitesXPath(String sitesXPath)
|
|
{
|
|
this.sitesXPath = sitesXPath;
|
|
}
|
|
|
|
/**
|
|
* Set node service
|
|
*/
|
|
public void setNodeService(NodeService nodeService)
|
|
{
|
|
this.nodeService = nodeService;
|
|
}
|
|
|
|
/**
|
|
* Set the unprotected node service
|
|
*/
|
|
public void setDirectNodeService(NodeService directNodeService)
|
|
{
|
|
this.directNodeService = directNodeService;
|
|
}
|
|
|
|
/**
|
|
* Set file folder service
|
|
*/
|
|
public void setFileFolderService(FileFolderService fileFolderService)
|
|
{
|
|
this.fileFolderService = fileFolderService;
|
|
}
|
|
|
|
/**
|
|
* Set search service
|
|
*/
|
|
public void setSearchService(SearchService searchService)
|
|
{
|
|
this.searchService = searchService;
|
|
}
|
|
|
|
/**
|
|
* Set Namespace service
|
|
*/
|
|
public void setNamespaceService(NamespaceService namespaceService)
|
|
{
|
|
this.namespaceService = namespaceService;
|
|
}
|
|
|
|
/**
|
|
* Set permission service
|
|
*/
|
|
public void setPermissionService(PermissionService permissionService)
|
|
{
|
|
this.permissionService = permissionService;
|
|
}
|
|
|
|
/**
|
|
* Set activity service
|
|
*/
|
|
public void setActivityService(ActivityService activityService)
|
|
{
|
|
this.activityService = activityService;
|
|
}
|
|
|
|
/**
|
|
* Set person service
|
|
*/
|
|
public void setPersonService(PersonService personService)
|
|
{
|
|
this.personService = personService;
|
|
}
|
|
|
|
/**
|
|
* Set authentication component
|
|
*/
|
|
public void setAuthenticationContext(
|
|
AuthenticationContext authenticationContext)
|
|
{
|
|
this.authenticationContext = authenticationContext;
|
|
}
|
|
|
|
/**
|
|
* Set the tagging service
|
|
*/
|
|
public void setTaggingService(TaggingService taggingService)
|
|
{
|
|
this.taggingService = taggingService;
|
|
}
|
|
|
|
/**
|
|
* Set the authority service
|
|
*/
|
|
public void setAuthorityService(AuthorityService authorityService)
|
|
{
|
|
this.authorityService = authorityService;
|
|
}
|
|
|
|
/**
|
|
* Set the dictionary service
|
|
*
|
|
* @param dictionaryService dictionary service
|
|
*/
|
|
public void setDictionaryService(DictionaryService dictionaryService)
|
|
{
|
|
this.dictionaryService = dictionaryService;
|
|
}
|
|
|
|
/**
|
|
* Set the tenant service
|
|
*
|
|
* @param tenantService tenant service
|
|
*/
|
|
public void setTenantService(TenantService tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
public void setSingletonCache(SimpleCache<String, Object> singletonCache)
|
|
{
|
|
this.singletonCache = singletonCache;
|
|
}
|
|
|
|
public void setSiteNodeRefCache(SimpleCache<String, NodeRef> siteNodeRefCache)
|
|
{
|
|
this.siteNodeRefCache = siteNodeRefCache;
|
|
}
|
|
|
|
/**
|
|
* Sets helper that provides transaction callbacks
|
|
*/
|
|
public void setTransactionHelper(RetryingTransactionHelper retryingTransactionHelper)
|
|
{
|
|
this.retryingTransactionHelper = retryingTransactionHelper;
|
|
}
|
|
|
|
public void setPolicyComponent(PolicyComponent policyComponent)
|
|
{
|
|
this.policyComponent = policyComponent;
|
|
}
|
|
|
|
public void setRoleComparator(Comparator<String> roleComparator)
|
|
{
|
|
this.roleComparator = roleComparator;
|
|
}
|
|
|
|
public void setSysAdminParams(SysAdminParams sysAdminParams)
|
|
{
|
|
this.sysAdminParams = sysAdminParams;
|
|
}
|
|
|
|
public void setBehaviourFilter(BehaviourFilter behaviourFilter)
|
|
{
|
|
this.behaviourFilter = behaviourFilter;
|
|
}
|
|
|
|
public void setSitesPermissionsCleaner(SitesPermissionCleaner sitesPermissionsCleaner)
|
|
{
|
|
this.sitesPermissionsCleaner = sitesPermissionsCleaner;
|
|
}
|
|
|
|
public void setPublicServiceAccessService(PublicServiceAccessService publicServiceAccessService)
|
|
{
|
|
this.publicServiceAccessService = publicServiceAccessService;
|
|
}
|
|
|
|
/**
|
|
* Set the registry of {@link CannedQueryFactory canned queries}
|
|
*/
|
|
public void setCannedQueryRegistry(NamedObjectRegistry<CannedQueryFactory<NodeRef>> cannedQueryRegistry)
|
|
{
|
|
this.cannedQueryRegistry = cannedQueryRegistry;
|
|
}
|
|
|
|
public Comparator<String> getRoleComparator()
|
|
{
|
|
return roleComparator;
|
|
}
|
|
|
|
/**
|
|
* Checks that all necessary properties and services have been provided.
|
|
*/
|
|
public void init()
|
|
{
|
|
PropertyCheck.mandatory(this, "nodeService", nodeService);
|
|
PropertyCheck.mandatory(this, "directNodeService", directNodeService);
|
|
PropertyCheck.mandatory(this, "fileFolderService", fileFolderService);
|
|
PropertyCheck.mandatory(this, "searchService", searchService);
|
|
PropertyCheck.mandatory(this, "namespaceService", namespaceService);
|
|
PropertyCheck.mandatory(this, "permissionService", permissionService);
|
|
PropertyCheck.mandatory(this, "authenticationContext", authenticationContext);
|
|
PropertyCheck.mandatory(this, "personService", personService);
|
|
PropertyCheck.mandatory(this, "activityService", activityService);
|
|
PropertyCheck.mandatory(this, "taggingService", taggingService);
|
|
PropertyCheck.mandatory(this, "authorityService", authorityService);
|
|
PropertyCheck.mandatory(this, "sitesXPath", sitesXPath);
|
|
}
|
|
|
|
/* (non-Javadoc)
|
|
* @see org.springframework.extensions.surf.util.AbstractLifecycleBean#onBootstrap(org.springframework.context.ApplicationEvent)
|
|
*/
|
|
@Override
|
|
protected void onBootstrap(ApplicationEvent event)
|
|
{
|
|
this.policyComponent.bindClassBehaviour(
|
|
OnRestoreNodePolicy.QNAME,
|
|
SiteModel.TYPE_SITE,
|
|
new JavaBehaviour(this, "onRestoreNode"));
|
|
}
|
|
|
|
/* (non-Javadoc)
|
|
* @see org.springframework.extensions.surf.util.AbstractLifecycleBean#onShutdown(org.springframework.context.ApplicationEvent)
|
|
*/
|
|
@Override
|
|
protected void onShutdown(ApplicationEvent event)
|
|
{
|
|
}
|
|
|
|
/*
|
|
* (non-Javadoc)
|
|
* @see org.alfresco.service.cmr.site.SiteService#hasCreateSitePermissions()
|
|
*/
|
|
public boolean hasCreateSitePermissions()
|
|
{
|
|
// NOTE: see ALF-13580 - since 3.4.6 PermissionService.CONTRIBUTOR is no longer used as the default on the Sites folder
|
|
// instead the ability to call createSite() and the Spring configured ACL is the mechanism used to protect access.
|
|
return (publicServiceAccessService.hasAccess("SiteService", "createSite", "", "", "", "", true) == AccessStatus.ALLOWED);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#createSite(java.lang.String, java.lang.String, java.lang.String, java.lang.String, boolean)
|
|
*/
|
|
public SiteInfo createSite(final String sitePreset,
|
|
String passedShortName,
|
|
final String title,
|
|
final String description,
|
|
final boolean isPublic)
|
|
{
|
|
// Determine the site visibility
|
|
SiteVisibility visibility = SiteVisibility.PRIVATE;
|
|
if (isPublic == true)
|
|
{
|
|
visibility = SiteVisibility.PUBLIC;
|
|
}
|
|
|
|
// Create the site
|
|
return createSite(sitePreset, passedShortName, title, description, visibility);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#createSite(java.lang.String, java.lang.String, java.lang.String, java.lang.String, boolean)
|
|
*/
|
|
public SiteInfo createSite(final String sitePreset,
|
|
String passedShortName,
|
|
final String title,
|
|
final String description,
|
|
final SiteVisibility visibility)
|
|
{
|
|
return createSite(sitePreset, passedShortName, title, description, visibility, SiteModel.TYPE_SITE);
|
|
}
|
|
|
|
public SiteInfo createSite(final String sitePreset,
|
|
String passedShortName,
|
|
final String title,
|
|
final String description,
|
|
final SiteVisibility visibility,
|
|
final QName siteType)
|
|
{
|
|
// Check that the provided site type is a subtype of TYPE_SITE
|
|
if (SiteModel.TYPE_SITE.equals(siteType) == false &&
|
|
dictionaryService.isSubClass(siteType, TYPE_SITE) == false)
|
|
{
|
|
throw new SiteServiceException(MSG_INVALID_SITE_TYPE, new Object[]{siteType});
|
|
}
|
|
|
|
// Remove spaces from shortName
|
|
final String shortName = passedShortName.replaceAll(" ", "");
|
|
|
|
// Check to see if we already have a site of this name
|
|
NodeRef existingSite = getSiteNodeRef(shortName, false);
|
|
if (existingSite != null)
|
|
{
|
|
// Throw an exception since we have a duplicate site name
|
|
throw new SiteServiceException(MSG_UNABLE_TO_CREATE, new Object[]{shortName});
|
|
}
|
|
|
|
// Check that the site name isn't too long
|
|
// Authorities are limited to 100 characters by the PermissionService
|
|
int longestPermissionLength = 0;
|
|
for (String permission : permissionService.getSettablePermissions(siteType))
|
|
{
|
|
if (permission.length() > longestPermissionLength)
|
|
longestPermissionLength = permission.length();
|
|
}
|
|
int maximumPermisionGroupLength = 99 - longestPermissionLength;
|
|
|
|
if (getSiteGroup(shortName, true).length() > maximumPermisionGroupLength)
|
|
{
|
|
throw new SiteServiceException(MSG_SITE_SHORT_NAME_TOO_LONG, new Object[] {
|
|
shortName, maximumPermisionGroupLength - getSiteGroup("", true).length()
|
|
});
|
|
}
|
|
|
|
// Get the site parent node reference
|
|
final NodeRef siteParent = getSiteParent(shortName);
|
|
if (siteParent == null)
|
|
{
|
|
throw new SiteServiceException("No root sites folder exists");
|
|
}
|
|
|
|
// Create the site node
|
|
final PropertyMap properties = new PropertyMap(4);
|
|
properties.put(ContentModel.PROP_NAME, shortName);
|
|
properties.put(SiteModel.PROP_SITE_PRESET, sitePreset);
|
|
properties.put(SiteModel.PROP_SITE_VISIBILITY, visibility.toString());
|
|
properties.put(ContentModel.PROP_TITLE, title);
|
|
properties.put(ContentModel.PROP_DESCRIPTION, description);
|
|
|
|
final NodeRef siteNodeRef = AuthenticationUtil.runAs(new RunAsWork<NodeRef>() {
|
|
@Override
|
|
public NodeRef doWork() throws Exception {
|
|
|
|
behaviourFilter.disableBehaviour(siteParent, ContentModel.ASPECT_AUDITABLE);
|
|
try
|
|
{
|
|
return nodeService.createNode(
|
|
siteParent,
|
|
ContentModel.ASSOC_CONTAINS,
|
|
QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, shortName),
|
|
siteType,
|
|
properties
|
|
).getChildRef();
|
|
}
|
|
finally
|
|
{
|
|
behaviourFilter.enableBehaviour(siteParent, ContentModel.ASPECT_AUDITABLE);
|
|
}
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
|
|
// Make the new site a tag scope
|
|
this.taggingService.addTagScope(siteNodeRef);
|
|
|
|
// Clear the sites inherited permissions
|
|
this.permissionService.setInheritParentPermissions(siteNodeRef, false);
|
|
|
|
// Create the relevant groups and assign permissions
|
|
setupSitePermissions(siteNodeRef, shortName, visibility, null);
|
|
|
|
// Return created site information
|
|
Map<QName, Serializable> customProperties = getSiteCustomProperties(siteNodeRef);
|
|
SiteInfo siteInfo = new SiteInfoImpl(sitePreset, shortName, title, description, visibility, customProperties, siteNodeRef);
|
|
return siteInfo;
|
|
}
|
|
|
|
/**
|
|
* Setup the Site permissions.
|
|
* <p>
|
|
* Creates the top-level site group, plus all the Role groups required for users of the site.
|
|
* <p>
|
|
* Note - Changes here likely need to be replicated to the {@link #updateSite(SiteInfo)}
|
|
* method too, as that also has to deal with Site Permissions.
|
|
*
|
|
* @param siteNodeRef
|
|
* @param shortName
|
|
* @param visibility
|
|
*/
|
|
private void setupSitePermissions(
|
|
final NodeRef siteNodeRef, final String shortName, final SiteVisibility visibility, final Map<String, Set<String>> memberships)
|
|
{
|
|
// Get the current user
|
|
final String currentUser = authenticationContext.getCurrentUserName();
|
|
|
|
// Create the relevant groups and assign permissions
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
public String doWork() throws Exception
|
|
{
|
|
Set<String> shareZones = new HashSet<String>(2, 1.0f);
|
|
shareZones.add(AuthorityService.ZONE_APP_SHARE);
|
|
shareZones.add(AuthorityService.ZONE_AUTH_ALFRESCO);
|
|
|
|
// From Alfresco 3.4 the 'site public' group is configurable. Out of the box it is
|
|
// GROUP_EVERYONE so unconfigured behaviour is unchanged. But from 3.4, admins
|
|
// can change the value of property site.public.group via JMX/properties files
|
|
// to be another group of their choosing.
|
|
// This then is the group that is given SiteConsumer access to newly created
|
|
// public and moderated sites.
|
|
final String sitePublicGroup = sysAdminParams.getSitePublicGroup();
|
|
boolean publicGroupExists = authorityService.authorityExists(sitePublicGroup);
|
|
if (!PermissionService.ALL_AUTHORITIES.equals(sitePublicGroup) && !publicGroupExists
|
|
&& !SiteVisibility.PRIVATE.equals(visibility))
|
|
{
|
|
// If the group specified in the settings does not exist, we cannot create the site.
|
|
throw new SiteServiceException(MSG_VISIBILITY_GROUP_MISSING, new Object[]{sitePublicGroup});
|
|
}
|
|
|
|
// Create the site's groups
|
|
String siteGroupShortName = getSiteGroup(shortName, false);
|
|
String siteGroup = authorityService.createAuthority(AuthorityType.GROUP, siteGroupShortName,
|
|
siteGroupShortName, shareZones);
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
Set<String> permissions = permissionService.getSettablePermissions(siteType);
|
|
for (String permission : permissions)
|
|
{
|
|
// Create a group for the permission
|
|
String permissionGroupShortName = getSiteRoleGroup(shortName, permission, false);
|
|
String permissionGroup = authorityService.createAuthority(AuthorityType.GROUP,
|
|
permissionGroupShortName, permissionGroupShortName, shareZones);
|
|
authorityService.addAuthority(siteGroup, permissionGroup);
|
|
|
|
// add any supplied memberships to it
|
|
String siteRoleGroup = getSiteRoleGroup(shortName, permission, true);
|
|
if (memberships != null && memberships.containsKey(siteRoleGroup))
|
|
{
|
|
for (String authority : memberships.get(siteRoleGroup))
|
|
{
|
|
authorityService.addAuthority(siteRoleGroup, authority);
|
|
}
|
|
}
|
|
|
|
// Assign the group the relevant permission on the site
|
|
permissionService.setPermission(siteNodeRef, permissionGroup, permission, true);
|
|
}
|
|
|
|
// Set the memberships details
|
|
// - give all authorities site consumer if site is public
|
|
// - give all authorities read properties if site is moderated
|
|
// - give all authorities read permission on permissions so
|
|
// memberships can be calculated
|
|
// - add the current user to the site manager group
|
|
if (SiteVisibility.PUBLIC.equals(visibility) == true &&
|
|
permissions.contains(SITE_CONSUMER))
|
|
{
|
|
// The public site group becomes the consumer
|
|
permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
|
|
}
|
|
else if (SiteVisibility.MODERATED.equals(visibility) == true &&
|
|
permissions.contains(SITE_CONSUMER))
|
|
{
|
|
// For moderated sites, the Public Group has consumer access to the
|
|
// site root, but not to site components.
|
|
permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
|
|
|
|
// Permissions will be set on the site components as they get created
|
|
}
|
|
|
|
// No matter what, everyone must be able to read permissions on
|
|
// the site, so they can check to see if they're a member or not
|
|
permissionService.setPermission(siteNodeRef,
|
|
PermissionService.ALL_AUTHORITIES,
|
|
PermissionService.READ_PERMISSIONS, true);
|
|
if (memberships == null)
|
|
{
|
|
// add the default site manager authority
|
|
authorityService.addAuthority(getSiteRoleGroup(shortName,
|
|
SiteModel.SITE_MANAGER, true), currentUser);
|
|
}
|
|
|
|
// Return nothing
|
|
return null;
|
|
}
|
|
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
}
|
|
|
|
/**
|
|
* Gets a map containing the site's custom properties
|
|
*
|
|
* @return Map<QName, Serializable> map containing the custom properties of the site
|
|
*/
|
|
private Map<QName, Serializable> getSiteCustomProperties(Map<QName, Serializable> properties)
|
|
{
|
|
Map<QName, Serializable> customProperties = new HashMap<QName, Serializable>(4);
|
|
|
|
for (Map.Entry<QName, Serializable> entry : properties.entrySet())
|
|
{
|
|
if (entry.getKey().getNamespaceURI().equals(SITE_CUSTOM_PROPERTY_URL) == true)
|
|
{
|
|
customProperties.put(entry.getKey(), entry.getValue());
|
|
}
|
|
}
|
|
|
|
return customProperties;
|
|
}
|
|
|
|
/**
|
|
* Gets a map containing the site's custom properties
|
|
*
|
|
* @return Map<QName, Serializable> map containing the custom properties of the site
|
|
*/
|
|
private Map<QName, Serializable> getSiteCustomProperties(NodeRef siteNodeRef)
|
|
{
|
|
Map<QName, Serializable> customProperties = new HashMap<QName, Serializable>(4);
|
|
Map<QName, Serializable> properties = directNodeService.getProperties(siteNodeRef);
|
|
|
|
for (Map.Entry<QName, Serializable> entry : properties.entrySet())
|
|
{
|
|
if (entry.getKey().getNamespaceURI().equals(SITE_CUSTOM_PROPERTY_URL) == true)
|
|
{
|
|
customProperties.put(entry.getKey(), entry.getValue());
|
|
}
|
|
}
|
|
|
|
return customProperties;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteGroup(java.lang.String)
|
|
*/
|
|
public String getSiteGroup(String shortName)
|
|
{
|
|
return getSiteGroup(shortName, true);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteRoleGroup(java.lang.String,
|
|
* java.lang.String)
|
|
*/
|
|
public String getSiteRoleGroup(String shortName, String role)
|
|
{
|
|
return getSiteRoleGroup(shortName, role, true);
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the name of the site group
|
|
*
|
|
* @param shortName site short name
|
|
* @return String site group name
|
|
*/
|
|
public String getSiteGroup(String shortName, boolean withGroupPrefix)
|
|
{
|
|
StringBuffer sb = new StringBuffer(64);
|
|
if (withGroupPrefix == true)
|
|
{
|
|
sb.append(PermissionService.GROUP_PREFIX);
|
|
}
|
|
sb.append(SITE_PREFIX);
|
|
sb.append(shortName);
|
|
return sb.toString();
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the name of the site permission group
|
|
*
|
|
* @param shortName site short name
|
|
* @param permission permission name
|
|
* @param withGroupPrefix - should the name have the GROUP_ prefix?
|
|
* @return String site permission group name
|
|
*/
|
|
public String getSiteRoleGroup(String shortName, String permission, boolean withGroupPrefix)
|
|
{
|
|
return getSiteGroup(shortName, withGroupPrefix) + '_' + permission;
|
|
}
|
|
|
|
/**
|
|
* Gets a sites parent folder based on it's short name
|
|
*
|
|
* @param shortName site short name
|
|
* @return NodeRef the site's parent
|
|
*/
|
|
private NodeRef getSiteParent(String shortName)
|
|
{
|
|
// TODO: For now just return the site root, later we may build folder
|
|
// structure based on the shortname to spread the sites about
|
|
return getSiteRoot();
|
|
}
|
|
|
|
/**
|
|
* {@inheritDoc}
|
|
*/
|
|
public NodeRef getSiteRoot()
|
|
{
|
|
NodeRef siteHomeRef = (NodeRef)singletonCache.get(KEY_SITEHOME_NODEREF);
|
|
if (siteHomeRef == null)
|
|
{
|
|
siteHomeRef = AuthenticationUtil.runAs(new RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
|
|
{
|
|
public NodeRef execute() throws Exception
|
|
{
|
|
NodeRef result = null;
|
|
|
|
// Get the root 'sites' folder
|
|
NodeRef rootNodeRef = directNodeService.getRootNode(SITE_STORE);
|
|
List<NodeRef> results = searchService.selectNodes(
|
|
rootNodeRef,
|
|
sitesXPath,
|
|
null,
|
|
namespaceService,
|
|
false,
|
|
SearchService.LANGUAGE_XPATH);
|
|
if (results.size() != 0)
|
|
{
|
|
result = results.get(0);
|
|
}
|
|
|
|
return result;
|
|
}
|
|
}, true);
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
|
|
// There may be domains with no sites (e.g. JSF-only clients).
|
|
if (siteHomeRef != null)
|
|
{
|
|
singletonCache.put(KEY_SITEHOME_NODEREF, siteHomeRef);
|
|
}
|
|
}
|
|
return siteHomeRef;
|
|
}
|
|
|
|
/*
|
|
* (non-Javadoc)
|
|
* @see org.alfresco.service.cmr.site.SiteService#findSites(java.lang.String, java.lang.String, int)
|
|
*/
|
|
@Override
|
|
public List<SiteInfo> findSites(String filter, String sitePresetFilter, int size)
|
|
{
|
|
List<SiteInfo> result;
|
|
|
|
NodeRef siteRoot = getSiteRoot();
|
|
if (siteRoot == null)
|
|
{
|
|
result = Collections.emptyList();
|
|
}
|
|
else
|
|
{
|
|
// get the sites that match the specified names
|
|
StringBuilder query = new StringBuilder(128);
|
|
query.append("+PARENT:\"").append(siteRoot.toString()).append('"');
|
|
|
|
final boolean filterIsPresent = filter != null && filter.length() > 0;
|
|
// The filter string is only used in the Lucene query if it restricts results.
|
|
// A search for name/title/description = "*" does not need to be put into the Lucene query.
|
|
// This allows users to search for "*" in the site-finder.
|
|
final boolean filterIsPresentAndNecessary = filterIsPresent && !filter.equals("*");
|
|
final boolean sitePresetFilterIsPresent = sitePresetFilter != null && sitePresetFilter.length() > 0;
|
|
|
|
if (filterIsPresentAndNecessary || sitePresetFilterIsPresent)
|
|
{
|
|
query.append(" +(");
|
|
if (filterIsPresentAndNecessary)
|
|
{
|
|
String escNameFilter = AbstractLuceneQueryParser.escape(filter.replace('"', ' '));
|
|
|
|
query.append(" @cm\\:name:\"*" + escNameFilter + "*\"")
|
|
.append(" @cm\\:title:\"" + escNameFilter + "\"")
|
|
.append(" @cm\\:description:\"" + escNameFilter + "\"");
|
|
}
|
|
if (sitePresetFilterIsPresent)
|
|
{
|
|
String escPresetFilter = AbstractLuceneQueryParser.escape(sitePresetFilter.replace('"', ' '));
|
|
query.append(" @st\\:sitePreset:\"" + escPresetFilter + "\"");
|
|
}
|
|
|
|
query.append(")");
|
|
}
|
|
|
|
SearchParameters sp = new SearchParameters();
|
|
sp.addStore(siteRoot.getStoreRef());
|
|
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
|
|
sp.setQuery(query.toString());
|
|
if (size > 0)
|
|
{
|
|
sp.setLimit(size);
|
|
sp.setLimitBy(LimitBy.FINAL_SIZE);
|
|
}
|
|
ResultSet results = this.searchService.query(sp);
|
|
try
|
|
{
|
|
result = new ArrayList<SiteInfo>(results.length());
|
|
for (NodeRef site : results.getNodeRefs())
|
|
{
|
|
// Ignore any node type that is not a "site"
|
|
QName siteClassName = this.nodeService.getType(site);
|
|
if (this.dictionaryService.isSubClass(siteClassName, SiteModel.TYPE_SITE))
|
|
{
|
|
result.add(createSiteInfo(site));
|
|
}
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
results.close();
|
|
}
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listSites(java.lang.String, java.lang.String)
|
|
*/
|
|
public List<SiteInfo> listSites(String nameFilter, String sitePresetFilter)
|
|
{
|
|
return listSites(nameFilter, sitePresetFilter, -1);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listSites(java.lang.String, java.lang.String, int)
|
|
*/
|
|
public List<SiteInfo> listSites(final String filter, final String sitePresetFilter, int size)
|
|
{
|
|
List<SiteInfo> result = Collections.emptyList();
|
|
|
|
NodeRef siteRoot = getSiteRoot();
|
|
if (siteRoot != null)
|
|
{
|
|
final boolean filterHasValue = filter != null && filter.length() != 0;
|
|
final boolean sitePresetFilterHasValue = sitePresetFilter != null && sitePresetFilter.length() > 0;
|
|
|
|
List<Pair<QName, Boolean>> sortProps = null;
|
|
|
|
PagingRequest pagingRequest = new PagingRequest(size <= 0 ? Integer.MAX_VALUE : size);
|
|
List<FilterProp> filterProps = new ArrayList<FilterProp>();
|
|
|
|
if (filterHasValue)
|
|
{
|
|
filterProps.add(new FilterPropString(ContentModel.PROP_NAME, filter, FilterTypeString.STARTSWITH_IGNORECASE));
|
|
filterProps.add(new FilterPropString(ContentModel.PROP_TITLE, filter, FilterTypeString.STARTSWITH_IGNORECASE));
|
|
filterProps.add(new FilterPropString(ContentModel.PROP_DESCRIPTION, filter, FilterTypeString.STARTSWITH_IGNORECASE));
|
|
}
|
|
if (sitePresetFilterHasValue)
|
|
{
|
|
filterProps.add(new FilterPropString(SiteModel.PROP_SITE_PRESET, sitePresetFilter, FilterTypeString.EQUALS));
|
|
}
|
|
|
|
PagingResults<SiteInfo> allSites = listSites(filterProps, sortProps, pagingRequest);
|
|
result = allSites.getPage();
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
/*
|
|
* (non-Javadoc)
|
|
* @see org.alfresco.service.cmr.site.SiteService#listSites(java.lang.String)
|
|
*/
|
|
public List<SiteInfo> listSites(final String userName)
|
|
{
|
|
return listSites(userName, 0);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listSites(java.lang.String, int)
|
|
*/
|
|
public List<SiteInfo> listSites(final String userName, final int size)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantUser(userName))
|
|
{
|
|
final String tenantDomain = tenantService.getUserDomain(userName);
|
|
|
|
return TenantUtil.runAsSystemTenant(new TenantRunAsWork<List<SiteInfo>>()
|
|
{
|
|
public List<SiteInfo> doWork() throws Exception
|
|
{
|
|
return listSitesImpl(userName, size);
|
|
}
|
|
}, tenantDomain);
|
|
}
|
|
else
|
|
{
|
|
return listSitesImpl(userName, size);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* This method uses {@link CannedQuery canned queries} to retrieve {@link SiteModel#TYPE_SITE st:site} NodeRefs
|
|
* with support for {@link PagingRequest result paging}.
|
|
*/
|
|
@Override
|
|
public PagingResults<SiteInfo> listSites(List<FilterProp> filterProps, List<Pair<QName, Boolean>> sortProps, PagingRequest pagingRequest)
|
|
{
|
|
// Only search for "st:site" nodes.
|
|
final Set<QName> searchTypeQNames = new HashSet<QName>(1);
|
|
searchTypeQNames.add(SiteModel.TYPE_SITE);
|
|
// ... and all subtypes of st:site
|
|
searchTypeQNames.addAll(dictionaryService.getSubTypes(SiteModel.TYPE_SITE, true));
|
|
|
|
// get canned query
|
|
final String cQBeanName = "siteGetChildrenCannedQueryFactory";
|
|
GetChildrenCannedQueryFactory getChildrenCannedQueryFactory = (GetChildrenCannedQueryFactory)cannedQueryRegistry.getNamedObject(cQBeanName);
|
|
|
|
GetChildrenCannedQuery cq = (GetChildrenCannedQuery)getChildrenCannedQueryFactory.getCannedQuery(getSiteRoot(), null, null, searchTypeQNames,
|
|
filterProps, sortProps, pagingRequest);
|
|
|
|
// execute canned query
|
|
final CannedQueryResults<NodeRef> results = cq.execute();
|
|
|
|
// Now convert the CannedQueryResults<NodeRef> into a more useful PagingResults<SiteInfo>
|
|
List<NodeRef> nodeRefs = Collections.emptyList();
|
|
if (results.getPageCount() > 0)
|
|
{
|
|
nodeRefs = results.getPages().get(0);
|
|
}
|
|
|
|
// set total count
|
|
final Pair<Integer, Integer> totalCount;
|
|
if (pagingRequest.getRequestTotalCountMax() > 0)
|
|
{
|
|
totalCount = results.getTotalResultCount();
|
|
}
|
|
else
|
|
{
|
|
totalCount = null;
|
|
}
|
|
|
|
final List<SiteInfo> siteInfos = new ArrayList<SiteInfo>(nodeRefs.size());
|
|
for (NodeRef nodeRef : nodeRefs)
|
|
{
|
|
siteInfos.add(createSiteInfo(nodeRef));
|
|
}
|
|
|
|
return new PagingResults<SiteInfo>()
|
|
{
|
|
@Override
|
|
public String getQueryExecutionId()
|
|
{
|
|
return results.getQueryExecutionId();
|
|
}
|
|
@Override
|
|
public List<SiteInfo> getPage()
|
|
{
|
|
return siteInfos;
|
|
}
|
|
@Override
|
|
public boolean hasMoreItems()
|
|
{
|
|
return results.hasMoreItems();
|
|
}
|
|
@Override
|
|
public Pair<Integer, Integer> getTotalResultCount()
|
|
{
|
|
return totalCount;
|
|
}
|
|
};
|
|
}
|
|
|
|
/**
|
|
* This method returns the {@link SiteInfo siteInfos} for sites to which the specified user has access.
|
|
* Note that if the user has access to more than 1000 sites, the list will be truncated to 1000 entries.
|
|
*
|
|
* @param userName the username
|
|
* @return a list of {@link SiteInfo site infos}.
|
|
*/
|
|
private String resolveSite(String group)
|
|
{
|
|
// purge non Site related Groups and strip the group name down to the site "shortName" it relates too
|
|
if (group.startsWith(GROUP_SITE_PREFIX))
|
|
{
|
|
int roleIndex = group.lastIndexOf('_');
|
|
if (roleIndex + 1 <= GROUP_SITE_PREFIX_LENGTH)
|
|
{
|
|
// There is no role associated
|
|
return group.substring(GROUP_SITE_PREFIX_LENGTH);
|
|
}
|
|
else
|
|
{
|
|
return group.substring(GROUP_SITE_PREFIX_LENGTH, roleIndex);
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
private List<SiteInfo> listSitesImpl(final String userName, int size)
|
|
{
|
|
final int maxResults = size > 0 ? size : 1000;
|
|
final Set<String> siteNames = new TreeSet<String>();
|
|
authorityService.getContainingAuthoritiesInZone(AuthorityType.GROUP, userName, AuthorityService.ZONE_APP_SHARE, new AuthorityFilter(){
|
|
@Override
|
|
public boolean includeAuthority(String authority)
|
|
{
|
|
if (siteNames.size() < maxResults)
|
|
{
|
|
String siteName = resolveSite(authority);
|
|
if (siteName == null)
|
|
{
|
|
return false;
|
|
}
|
|
return siteNames.add(siteName);
|
|
}
|
|
return false;
|
|
}}, maxResults);
|
|
if (siteNames.isEmpty())
|
|
{
|
|
return Collections.emptyList();
|
|
}
|
|
List<ChildAssociationRef> assocs = this.nodeService.getChildrenByName(
|
|
getSiteRoot(),
|
|
ContentModel.ASSOC_CONTAINS,
|
|
siteNames);
|
|
List<SiteInfo> result = new ArrayList<SiteInfo>(assocs.size());
|
|
for (ChildAssociationRef assoc : assocs)
|
|
{
|
|
// Ignore any node that is not a "site" type
|
|
NodeRef site = assoc.getChildRef();
|
|
QName siteClassName = this.directNodeService.getType(site);
|
|
if (this.dictionaryService.isSubClass(siteClassName, SiteModel.TYPE_SITE))
|
|
{
|
|
result.add(createSiteInfo(site));
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
/**
|
|
* Creates a site information object given a site node reference
|
|
*
|
|
* @param siteNodeRef
|
|
* site node reference
|
|
* @return SiteInfo site information object
|
|
*/
|
|
private SiteInfo createSiteInfo(NodeRef siteNodeRef)
|
|
{
|
|
SiteInfo siteInfo = null;
|
|
|
|
// Get the properties
|
|
Map<QName, Serializable> properties = this.directNodeService.getProperties(siteNodeRef);
|
|
String shortName = (String) properties.get(ContentModel.PROP_NAME);
|
|
String sitePreset = (String) properties.get(PROP_SITE_PRESET);
|
|
String title = (String) properties.get(ContentModel.PROP_TITLE);
|
|
String description = (String) properties.get(ContentModel.PROP_DESCRIPTION);
|
|
|
|
// Get the visibility of the site
|
|
SiteVisibility visibility = getSiteVisibility(siteNodeRef);
|
|
|
|
// Create and return the site information
|
|
Map<QName, Serializable> customProperties = getSiteCustomProperties(properties);
|
|
siteInfo = new SiteInfoImpl(sitePreset, shortName, title, description, visibility, customProperties, siteNodeRef);
|
|
|
|
return siteInfo;
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the visibility of the site. If no value is present in the repository then it is calculated from the
|
|
* set permissions. This will maintain backwards compatibility with earlier versions of the service implementation.
|
|
*
|
|
* @param siteNodeRef site node reference
|
|
* @return SiteVisibility site visibility
|
|
*/
|
|
private SiteVisibility getSiteVisibility(NodeRef siteNodeRef)
|
|
{
|
|
SiteVisibility visibility = SiteVisibility.PRIVATE;
|
|
|
|
// Get the visibility value stored in the repo
|
|
String visibilityValue = (String)this.directNodeService.getProperty(siteNodeRef, SiteModel.PROP_SITE_VISIBILITY);
|
|
|
|
// To maintain backwards compatibility calculate the visibility from the permissions
|
|
// if there is no value specified on the site node
|
|
if (visibilityValue == null)
|
|
{
|
|
// Examine each permission to see if this is a public site or not
|
|
Set<AccessPermission> permissions;
|
|
try {
|
|
permissions = this.permissionService.getAllSetPermissions(siteNodeRef);
|
|
} catch (AccessDeniedException ae){
|
|
// We might not have permission to examine the permissions
|
|
return visibility;
|
|
}
|
|
for (AccessPermission permission : permissions)
|
|
{
|
|
if (permission.getAuthority().equals(PermissionService.ALL_AUTHORITIES) == true &&
|
|
permission.getPermission().equals(SITE_CONSUMER) == true)
|
|
{
|
|
visibility = SiteVisibility.PUBLIC;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Create the enum value from the string
|
|
visibility = SiteVisibility.valueOf(visibilityValue);
|
|
}
|
|
|
|
return visibility;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSite(java.lang.String)
|
|
*/
|
|
public SiteInfo getSite(final String shortName)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantName(shortName))
|
|
{
|
|
final String tenantDomain = tenantService.getDomain(shortName);
|
|
final String sName = tenantService.getBaseName(shortName, true);
|
|
|
|
return TenantUtil.runAsSystemTenant(new TenantRunAsWork<SiteInfo>()
|
|
{
|
|
public SiteInfo doWork() throws Exception
|
|
{
|
|
SiteInfo site = getSiteImpl(sName);
|
|
return new SiteInfoImpl(site.getSitePreset(), shortName, site.getTitle(), site.getDescription(), site.getVisibility(), site.getCustomProperties(), site.getNodeRef());
|
|
}
|
|
}, tenantDomain);
|
|
}
|
|
else
|
|
{
|
|
return getSiteImpl(shortName);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get the site implementation given a short name
|
|
*
|
|
* @param shortName
|
|
* @return
|
|
*/
|
|
private SiteInfo getSiteImpl(String shortName)
|
|
{
|
|
SiteInfo result = null;
|
|
|
|
// Get the site node
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef != null)
|
|
{
|
|
// Create the site info
|
|
result = createSiteInfo(siteNodeRef);
|
|
}
|
|
|
|
// Return the site information
|
|
return result;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSite(org.alfresco.service.cmr.repository.NodeRef)
|
|
*/
|
|
public SiteInfo getSite(NodeRef nodeRef)
|
|
{
|
|
SiteInfo siteInfo = null;
|
|
NodeRef siteNodeRef = getSiteNodeRef(nodeRef);
|
|
if (siteNodeRef != null)
|
|
{
|
|
siteInfo = createSiteInfo(siteNodeRef);
|
|
}
|
|
return siteInfo;
|
|
}
|
|
|
|
/**
|
|
* This method gets the <code>st:site</code> NodeRef for the Share Site which contains the given NodeRef.
|
|
* If the given NodeRef is not contained within a Share Site, then <code>null</code> is returned.
|
|
*
|
|
* @param nodeRef the node whose containing site is to be found.
|
|
* @return NodeRef site node reference or null if node is not in a site
|
|
*/
|
|
private NodeRef getSiteNodeRef(NodeRef nodeRef)
|
|
{
|
|
NodeRef siteNodeRef = null;
|
|
QName nodeRefType = directNodeService.getType(nodeRef);
|
|
if (dictionaryService.isSubClass(nodeRefType, TYPE_SITE) == true)
|
|
{
|
|
siteNodeRef = nodeRef;
|
|
}
|
|
else
|
|
{
|
|
ChildAssociationRef primaryParent = nodeService.getPrimaryParent(nodeRef);
|
|
if (primaryParent != null && primaryParent.getParentRef() != null)
|
|
{
|
|
siteNodeRef = getSiteNodeRef(primaryParent.getParentRef());
|
|
}
|
|
}
|
|
return siteNodeRef;
|
|
}
|
|
|
|
/**
|
|
* Gets the site's node reference based on its short name
|
|
*
|
|
* @param shortName short name
|
|
*
|
|
* @return NodeRef node reference
|
|
*/
|
|
private NodeRef getSiteNodeRef(final String shortName)
|
|
{
|
|
return getSiteNodeRef(shortName, true);
|
|
}
|
|
|
|
/**
|
|
* Gets the site's node reference based on its short name
|
|
*
|
|
* @param shortName short name
|
|
* @param enforcePermissions should we ensure that we have access to this node?
|
|
*
|
|
* @return NodeRef node reference
|
|
*/
|
|
private NodeRef getSiteNodeRef(final String shortName, boolean enforcePermissions)
|
|
{
|
|
NodeRef siteNodeRef = siteNodeRefCache.get(shortName);
|
|
if (siteNodeRef != null)
|
|
{
|
|
// test for existance - and remove from cache if no longer exists
|
|
if (!this.directNodeService.exists(siteNodeRef))
|
|
{
|
|
siteNodeRefCache.remove(shortName);
|
|
siteNodeRef = null;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// not in cache - find and store
|
|
final NodeRef siteRoot = getSiteParent(shortName);
|
|
|
|
siteNodeRef = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
// the site "short name" directly maps to the cm:name property
|
|
NodeRef siteNode = directNodeService.getChildByName(siteRoot, ContentModel.ASSOC_CONTAINS, shortName);
|
|
|
|
// cache the result if found - null results will be required to ensure new sites are found later
|
|
if (siteNode != null)
|
|
{
|
|
siteNodeRefCache.put(shortName, siteNode);
|
|
}
|
|
return siteNode;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
}
|
|
if (enforcePermissions)
|
|
{
|
|
return siteNodeRef == null
|
|
|| !this.permissionService.hasPermission(siteNodeRef, PermissionService.READ_PROPERTIES).equals(
|
|
AccessStatus.ALLOWED) ? null : siteNodeRef;
|
|
}
|
|
else
|
|
{
|
|
return siteNodeRef;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#updateSite(org.alfresco.service.cmr.site.SiteInfo)
|
|
*/
|
|
public void updateSite(SiteInfo siteInfo)
|
|
{
|
|
String shortName = siteInfo.getShortName();
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteServiceException(MSG_CAN_NOT_UPDATE, new Object[]{siteInfo.getShortName()});
|
|
}
|
|
|
|
// Get the sites properties
|
|
Map<QName, Serializable> properties = this.directNodeService.getProperties(siteNodeRef);
|
|
|
|
// Update the properties of the site
|
|
// Note: the site preset and short name should never be updated!
|
|
properties.put(ContentModel.PROP_TITLE, siteInfo.getTitle());
|
|
properties.put(ContentModel.PROP_DESCRIPTION, siteInfo.getDescription());
|
|
|
|
// Update the permissions based on the visibility
|
|
SiteVisibility currentVisibility = getSiteVisibility(siteNodeRef);
|
|
SiteVisibility updatedVisibility = siteInfo.getVisibility();
|
|
if (currentVisibility.equals(updatedVisibility) == false)
|
|
{
|
|
// visibility has changed
|
|
logger.debug("site:" + shortName + " visibility has changed from: " + currentVisibility + "to: " + updatedVisibility);
|
|
|
|
// Grab the Public Site Group and validate
|
|
final String sitePublicGroup = sysAdminParams.getSitePublicGroup();
|
|
boolean publicGroupExists = authorityService.authorityExists(sitePublicGroup);
|
|
if (!PermissionService.ALL_AUTHORITIES.equals(sitePublicGroup) && !publicGroupExists)
|
|
{
|
|
// If the group specified in the settings does not exist, we cannot update the site.
|
|
throw new SiteServiceException(MSG_VISIBILITY_GROUP_MISSING, new Object[]{sitePublicGroup});
|
|
}
|
|
|
|
// The site Visibility has changed.
|
|
// Remove current visibility permissions
|
|
if (SiteVisibility.PUBLIC.equals(currentVisibility) == true ||
|
|
SiteVisibility.MODERATED.equals(currentVisibility) == true)
|
|
{
|
|
// Remove the old Consumer permissions
|
|
// (Always remove both EVERYONE and the Publci Site Group, just to be safe)
|
|
this.permissionService.deletePermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER);
|
|
if (sitePublicGroup.equals(PermissionService.ALL_AUTHORITIES))
|
|
{
|
|
this.permissionService.deletePermission(siteNodeRef, PermissionService.ALL_AUTHORITIES, SITE_CONSUMER);
|
|
}
|
|
}
|
|
|
|
// If the site was moderated before, undo the work of #setModeratedPermissions
|
|
// by restoring inherited permissions on the containers
|
|
// (Leaving the old extra permissions on containers is fine)
|
|
if (SiteVisibility.MODERATED.equals(currentVisibility) == true)
|
|
{
|
|
List<FileInfo> folders = fileFolderService.listFolders(siteNodeRef);
|
|
for(FileInfo folder : folders)
|
|
{
|
|
NodeRef containerNodeRef = folder.getNodeRef();
|
|
this.permissionService.setInheritParentPermissions(containerNodeRef, true);
|
|
}
|
|
}
|
|
|
|
// Add new visibility permissions
|
|
// Note - these need to be kept in sync manually with those in #setupSitePermissions
|
|
if (SiteVisibility.PUBLIC.equals(updatedVisibility) == true)
|
|
{
|
|
this.permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
|
|
}
|
|
else if (SiteVisibility.MODERATED.equals(updatedVisibility) == true)
|
|
{
|
|
this.permissionService.setPermission(siteNodeRef, sitePublicGroup, SITE_CONSUMER, true);
|
|
|
|
// Set the moderated permissions on all the containers the site already has
|
|
List<FileInfo> folders = fileFolderService.listFolders(siteNodeRef);
|
|
for(FileInfo folder : folders)
|
|
{
|
|
NodeRef containerNodeRef = folder.getNodeRef();
|
|
setModeratedPermissions(shortName, containerNodeRef);
|
|
}
|
|
}
|
|
else if (SiteVisibility.PRIVATE.equals(updatedVisibility))
|
|
{
|
|
// No additional permissions need to be granted for a site become private
|
|
}
|
|
|
|
// Update the site node reference with the updated visibility value
|
|
properties.put(SiteModel.PROP_SITE_VISIBILITY, siteInfo.getVisibility().toString());
|
|
}
|
|
|
|
// Set the updated properties back onto the site node reference
|
|
this.nodeService.setProperties(siteNodeRef, properties);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#deleteSite(java.lang.String)
|
|
*/
|
|
public void deleteSite(final String shortName)
|
|
{
|
|
logger.debug("delete site :" + shortName);
|
|
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteServiceException(MSG_CAN_NOT_DELETE, new Object[]{shortName});
|
|
}
|
|
final QName siteType = this.directNodeService.getType(siteNodeRef);
|
|
|
|
// Delete the cached reference
|
|
siteNodeRefCache.remove(shortName);
|
|
|
|
// Collection for recording the group memberships present on the site
|
|
final Map<String, Set<String>> groupsMemberships = new HashMap<String, Set<String>>();
|
|
|
|
// Save the group memberships so we can use them later
|
|
this.nodeService.setProperty(siteNodeRef, QName.createQName(null, "memberships"), (Serializable)groupsMemberships);
|
|
|
|
// The default behaviour is that sites cannot be deleted. But we disable that behaviour here
|
|
// in order to allow site deletion only via this service. Share calls this service for deletion.
|
|
//
|
|
// See ALF-7888 for some background on this issue
|
|
this.behaviourFilter.disableBehaviour(siteNodeRef, ContentModel.ASPECT_UNDELETABLE);
|
|
|
|
NodeRef siteParent = getSiteParent(shortName);
|
|
this.behaviourFilter.disableBehaviour(siteParent, ContentModel.ASPECT_AUDITABLE);
|
|
|
|
try
|
|
{
|
|
this.nodeService.deleteNode(siteNodeRef);
|
|
}
|
|
finally
|
|
{
|
|
this.behaviourFilter.enableBehaviour(siteNodeRef, ContentModel.ASPECT_UNDELETABLE);
|
|
this.behaviourFilter.enableBehaviour(siteParent, ContentModel.ASPECT_AUDITABLE);
|
|
}
|
|
|
|
// Delete the associated groups
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
public Object doWork() throws Exception
|
|
{
|
|
// Delete the master site group
|
|
final String siteGroup = getSiteGroup(shortName, true);
|
|
if (authorityService.authorityExists(siteGroup))
|
|
{
|
|
authorityService.deleteAuthority(siteGroup, false);
|
|
|
|
// Iterate over the role related groups and delete then
|
|
Set<String> permissions = permissionService.getSettablePermissions(siteType);
|
|
for (String permission : permissions)
|
|
{
|
|
String siteRoleGroup = getSiteRoleGroup(shortName, permission, true);
|
|
|
|
// Collect up the memberships so we can potentially restore them later
|
|
Set<String> groupUsers = authorityService.getContainedAuthorities(null, siteRoleGroup, true);
|
|
groupsMemberships.put(siteRoleGroup, groupUsers);
|
|
|
|
// Delete the site role group
|
|
authorityService.deleteAuthority(siteRoleGroup);
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
|
|
logger.debug("site deleted :" + shortName);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.repo.node.NodeServicePolicies.OnRestoreNodePolicy#onRestoreNode(org.alfresco.service.cmr.repository.ChildAssociationRef)
|
|
*/
|
|
@SuppressWarnings("unchecked")
|
|
@Override
|
|
public void onRestoreNode(ChildAssociationRef childAssocRef)
|
|
{
|
|
// regenerate the groups for the site when it is restored from the Archive store
|
|
NodeRef siteRef = childAssocRef.getChildRef();
|
|
setupSitePermissions(
|
|
siteRef,
|
|
(String)directNodeService.getProperty(siteRef, ContentModel.PROP_NAME),
|
|
getSiteVisibility(siteRef),
|
|
(Map<String, Set<String>>)directNodeService.getProperty(siteRef, QName.createQName(null, "memberships")));
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listMembers(java.lang.String, java.lang.String, java.lang.String, int)
|
|
*/
|
|
public Map<String, String> listMembers(String shortName, String nameFilter, String roleFilter, int size)
|
|
{
|
|
return listMembers(shortName, nameFilter, roleFilter, size, false);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listMembers(String, String, String, int, boolean)
|
|
*/
|
|
public Map<String, String> listMembers(String shortName, final String nameFilter, final String roleFilter, final int size, final boolean collapseGroups)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled() && (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil.getRunAsUser())) && tenantService.isTenantName(shortName))
|
|
{
|
|
final String tenantDomain = tenantService.getDomain(shortName);
|
|
final String sName = tenantService.getBaseName(shortName, true);
|
|
|
|
return TenantUtil.runAsSystemTenant(new TenantRunAsWork<Map<String, String>>()
|
|
{
|
|
public Map<String, String> doWork() throws Exception
|
|
{
|
|
return listMembersImpl(sName, nameFilter, roleFilter, size, collapseGroups);
|
|
}
|
|
}, tenantDomain);
|
|
}
|
|
else
|
|
{
|
|
return listMembersImpl(shortName, nameFilter, roleFilter, size, collapseGroups);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#listMembersInfo(String,
|
|
* String, String, int, boolean)
|
|
*/
|
|
public List<SiteMemberInfo> listMembersInfo(String shortName, final String nameFilter, final String roleFilter, final int size, final boolean collapseGroups)
|
|
{
|
|
// MT share - for activity service system callback
|
|
if (tenantService.isEnabled()
|
|
&& (AuthenticationUtil.SYSTEM_USER_NAME.equals(AuthenticationUtil
|
|
.getRunAsUser())) && tenantService.isTenantName(shortName))
|
|
{
|
|
final String tenantDomain = tenantService.getDomain(shortName);
|
|
final String sName = tenantService.getBaseName(shortName, true);
|
|
|
|
return AuthenticationUtil.runAs(
|
|
new AuthenticationUtil.RunAsWork<List<SiteMemberInfo>>()
|
|
{
|
|
public List<SiteMemberInfo> doWork() throws Exception
|
|
{
|
|
return listMembersInfoImpl(sName, nameFilter, roleFilter, size,
|
|
collapseGroups);
|
|
}
|
|
}, tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(),
|
|
tenantDomain));
|
|
}
|
|
else
|
|
{
|
|
return listMembersInfoImpl(shortName, nameFilter, roleFilter, size, collapseGroups);
|
|
}
|
|
}
|
|
|
|
private Map<String, String> listMembersImpl(String shortName, String nameFilter, String roleFilter, int size, boolean collapseGroups)
|
|
{
|
|
Map<String, String> members = new HashMap<String, String>(32);
|
|
|
|
List<SiteMemberInfo> list = listMembersInfoImpl(shortName, nameFilter, roleFilter, size,
|
|
collapseGroups);
|
|
for (SiteMemberInfo info : list)
|
|
members.put(info.getMemberName(), info.getMemberRole());
|
|
|
|
return members;
|
|
}
|
|
|
|
private List<SiteMemberInfo> listMembersInfoImpl(String shortName, String nameFilter,
|
|
String roleFilter, int size, boolean collapseGroups)
|
|
{
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// max size limit
|
|
if (size <= 0)
|
|
{
|
|
size = Integer.MAX_VALUE;
|
|
}
|
|
|
|
// Build an array of name filter tokens pre lowercased to test against person properties
|
|
// We require that matching people have at least one match against one of these on
|
|
// either their firstname or last name
|
|
String nameFilterLower = null;
|
|
String[] nameFilters = new String[0];
|
|
if (nameFilter != null && nameFilter.length() != 0)
|
|
{
|
|
StringTokenizer t = new StringTokenizer(nameFilter, " ");
|
|
nameFilters = new String[t.countTokens()];
|
|
for (int i = 0; t.hasMoreTokens(); i++)
|
|
{
|
|
nameFilters[i] = t.nextToken().toLowerCase();
|
|
}
|
|
nameFilterLower = nameFilter.toLowerCase();
|
|
}
|
|
|
|
List<SiteMemberInfo> members = new ArrayList<SiteMemberInfo>(32);
|
|
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
Set<String> permissions = this.permissionService.getSettablePermissions(siteType);
|
|
Map<String, String> groupsToExpand = new HashMap<String, String>(32);
|
|
|
|
AUTHORITY_FIND: for (String permission : permissions)
|
|
{
|
|
if (roleFilter == null || roleFilter.length() == 0 || roleFilter.equals(permission))
|
|
{
|
|
String groupName = getSiteRoleGroup(shortName, permission, true);
|
|
Set<String> authorities = this.authorityService.getContainedAuthorities(null, groupName, true);
|
|
for (String authority : authorities)
|
|
{
|
|
switch (AuthorityType.getAuthorityType(authority))
|
|
{
|
|
case USER:
|
|
boolean addUser = true;
|
|
if (nameFilter != null && nameFilter.length() != 0 && !nameFilter.equals(authority))
|
|
{
|
|
// found a filter - does it match person first/last name?
|
|
addUser = matchPerson(nameFilters, authority);
|
|
}
|
|
if (addUser)
|
|
{
|
|
// Add the user and their permission to the returned map
|
|
members.add(new SiteMemberInfoImpl(authority, permission, false));
|
|
|
|
// break on max size limit reached
|
|
if (members.size() >= size)
|
|
{
|
|
break AUTHORITY_FIND;
|
|
}
|
|
}
|
|
break;
|
|
case GROUP:
|
|
if (collapseGroups)
|
|
{
|
|
if (!groupsToExpand.containsKey(authority))
|
|
{
|
|
groupsToExpand.put(authority, permission);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (nameFilter != null && nameFilter.length() != 0)
|
|
{
|
|
// found a filter - does it match Group name part?
|
|
if (matchByFilter(authority.substring(GROUP_PREFIX_LENGTH).toLowerCase(), nameFilterLower))
|
|
{
|
|
members.add(new SiteMemberInfoImpl(authority, permission, false));
|
|
}
|
|
else
|
|
{
|
|
// Does it match on the Group Display Name part instead?
|
|
String displayName = authorityService.getAuthorityDisplayName(authority);
|
|
if (displayName != null && matchByFilter(displayName.toLowerCase(), nameFilterLower))
|
|
{
|
|
members.add(new SiteMemberInfoImpl(authority, permission, false));
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// No name filter add this group
|
|
members.add(new SiteMemberInfoImpl(authority, permission, false));
|
|
}
|
|
|
|
// break on max size limit reached
|
|
if (members.size() >= size)
|
|
{
|
|
break AUTHORITY_FIND;
|
|
}
|
|
}
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if ((collapseGroups) && (members.size() < size))
|
|
{
|
|
GROUP_EXPAND: for (Map.Entry<String, String> entry : groupsToExpand.entrySet())
|
|
{
|
|
Set<String> subUsers = this.authorityService.getContainedAuthorities(AuthorityType.USER, entry.getKey(), false);
|
|
for (String subUser : subUsers)
|
|
{
|
|
boolean addUser = true;
|
|
if (nameFilter != null && nameFilter.length() != 0 && !nameFilter.equals(subUser))
|
|
{
|
|
// found a filter - does it match person first/last name?
|
|
addUser = matchPerson(nameFilters, subUser);
|
|
}
|
|
|
|
if (addUser)
|
|
{
|
|
SiteMemberInfo memberInfo = new SiteMemberInfoImpl(subUser,entry.getValue(), true);
|
|
// Add the collapsed user into the members list if they do not already appear in the list
|
|
if (members.contains(memberInfo) == false)
|
|
{
|
|
members.add(memberInfo);
|
|
}
|
|
|
|
// break on max size limit reached
|
|
if (members.size() >= size)
|
|
{
|
|
break GROUP_EXPAND;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return members;
|
|
}
|
|
|
|
/**
|
|
* Helper to match name filters to Person properties.
|
|
*
|
|
* One of the user's firstname or lastname must match at least
|
|
* one of the filters given.
|
|
*
|
|
* @param filter
|
|
* @param username
|
|
* @return
|
|
*/
|
|
private boolean matchPerson(final String[] nameFilters, final String username)
|
|
{
|
|
boolean addUser = false;
|
|
|
|
try
|
|
{
|
|
NodeRef person = personService.getPerson(username, false);
|
|
String firstName = (String)directNodeService.getProperty(person, ContentModel.PROP_FIRSTNAME);
|
|
String lastName = (String)directNodeService.getProperty(person, ContentModel.PROP_LASTNAME);
|
|
String userName = (String)directNodeService.getProperty(person, ContentModel.PROP_USERNAME);
|
|
|
|
final String lowFirstName = (firstName != null ? firstName.toLowerCase() : "");
|
|
final String lowLastName = (lastName != null ? lastName.toLowerCase() : "");
|
|
final String lowUserName = (userName != null ? userName.toLowerCase() : "");
|
|
for (int i=0; i<nameFilters.length; i++)
|
|
{
|
|
if (matchByFilter(lowUserName, nameFilters[i]) ||
|
|
matchByFilter(lowFirstName, nameFilters[i]) ||
|
|
matchByFilter(lowLastName, nameFilters[i]))
|
|
{
|
|
addUser = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
catch(NoSuchPersonException e)
|
|
{
|
|
// Group references a deleted user, shouldn't normally happen
|
|
}
|
|
|
|
return addUser;
|
|
}
|
|
|
|
private boolean matchByFilter(String compareString, String patternString)
|
|
{
|
|
if (compareString==null || compareString.isEmpty())
|
|
{
|
|
return false;
|
|
}
|
|
if (patternString==null || patternString.isEmpty())
|
|
{
|
|
return true;
|
|
}
|
|
StringBuilder paternStr=new StringBuilder();
|
|
for (char c: patternString.toCharArray())
|
|
{
|
|
if (c=='*')
|
|
{
|
|
paternStr.append(".*");
|
|
}
|
|
else if (c=='(' || c==')')
|
|
{
|
|
paternStr.append("\\"+c);
|
|
}
|
|
else if (Character.isLetterOrDigit(c) || c=='*')
|
|
{
|
|
paternStr.append(c);
|
|
}
|
|
else paternStr.append("\\"+c);
|
|
|
|
}
|
|
Pattern p=Pattern.compile(paternStr.toString(), Pattern.CASE_INSENSITIVE);
|
|
Matcher matcher=p.matcher(compareString);
|
|
return matcher.matches();
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getMembersRoleInfo(java.lang.String, java.lang.String)
|
|
*/
|
|
public SiteMemberInfo getMembersRoleInfo(String shortName, String authorityName)
|
|
{
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
Set<String> permissions = this.permissionService.getSettablePermissions(siteType);
|
|
// This set is a lazily evaluated one, so merely getting it in advance as we do here is not expensive
|
|
Set<String> userAuthoritySet = this.authorityService.getAuthoritiesForUser(authorityName);
|
|
for (String role : permissions)
|
|
{
|
|
String roleGroup = getSiteRoleGroup(shortName, role, true);
|
|
Set<String> authorities = this.authorityService.getContainedAuthorities(null, roleGroup, true);
|
|
if (authorities.contains(authorityName))
|
|
{
|
|
// found a direct membership for this user - return this role info
|
|
return new SiteMemberInfoImpl(authorityName, role, false);
|
|
}
|
|
// crawl the cache from the role group down to find the authority
|
|
else if (userAuthoritySet.contains(roleGroup))
|
|
{
|
|
return new SiteMemberInfoImpl(authorityName, role, true);
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getMembersRole(java.lang.String,
|
|
* java.lang.String)
|
|
*/
|
|
public String getMembersRole(String shortName, String authorityName)
|
|
{
|
|
String result = null;
|
|
List<String> roles = getMembersRoles(shortName, authorityName);
|
|
if (roles.size() != 0)
|
|
{
|
|
if (roles.size() > 1 && roleComparator != null)
|
|
{
|
|
// Need to sort the roles into the most important first.
|
|
SortedSet<String> sortedRoles = new TreeSet<String>(roleComparator);
|
|
for (String role : roles)
|
|
{
|
|
sortedRoles.add(role);
|
|
}
|
|
result = sortedRoles.first();
|
|
}
|
|
else
|
|
{
|
|
// don't search on precedence or only one result
|
|
result = roles.get(0);
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
public List<String> getMembersRoles(String shortName, String authorityName)
|
|
{
|
|
List<String> result = new ArrayList<String>(5);
|
|
List<String> groups = getPermissionGroups(shortName, authorityName);
|
|
for (String group : groups)
|
|
{
|
|
int index = group.lastIndexOf('_');
|
|
if (index != -1)
|
|
{
|
|
result.add(group.substring(index + 1));
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the permission groups for a given authority on a site.
|
|
* Returns empty List if the user does not have a explicit membership to the site.
|
|
*
|
|
* A user permission will take precedence over a permission obtained via a group.
|
|
*
|
|
* @param siteShortName site short name
|
|
* @param authorityName authority name
|
|
* @return List<String> Permission groups, empty list if no explicit membership set
|
|
*/
|
|
private List<String> getPermissionGroups(String siteShortName, String authorityName)
|
|
{
|
|
NodeRef siteNodeRef = getSiteNodeRef(siteShortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(siteShortName);
|
|
}
|
|
|
|
List<String> fullResult = new ArrayList<String>(5);
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
Set<String> roles = this.permissionService.getSettablePermissions(siteType);
|
|
|
|
// First use the authority's cached recursive group memberships to answer the question quickly
|
|
Set<String> authorities = authorityService.getAuthoritiesForUser(authorityName);
|
|
for (String role : roles)
|
|
{
|
|
String roleGroup = getSiteRoleGroup(siteShortName, role, true);
|
|
if (authorities.contains(roleGroup))
|
|
{
|
|
fullResult.add(roleGroup);
|
|
}
|
|
}
|
|
|
|
// Unfortunately, due to direct membership taking precedence, we can't answer the question quickly if more than one role has been inherited
|
|
if (fullResult.size() <= 1)
|
|
{
|
|
return fullResult;
|
|
}
|
|
|
|
// Check direct group memberships
|
|
List<String> result = new ArrayList<String>(5);
|
|
Set <String> authorityGroups = this.authorityService.getContainingAuthorities(AuthorityType.GROUP,
|
|
authorityName, true);
|
|
for (String role : roles)
|
|
{
|
|
String roleGroup = getSiteRoleGroup(siteShortName, role, true);
|
|
if (authorityGroups.contains(roleGroup))
|
|
{
|
|
result.add(roleGroup);
|
|
}
|
|
}
|
|
|
|
// If there are user permissions then they take priority
|
|
return result.size() > 0 ? result : fullResult;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteRoles()
|
|
*/
|
|
public List<String> getSiteRoles()
|
|
{
|
|
return getSiteRoles(SiteModel.TYPE_SITE);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteRoles(String)
|
|
*/
|
|
public List<String> getSiteRoles(String shortName)
|
|
{
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
return getSiteRoles(siteType);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteRoles()
|
|
* @see org.alfresco.service.cmr.site.SiteService#getSiteRoles(String)
|
|
*/
|
|
public List<String> getSiteRoles(QName type)
|
|
{
|
|
Set<String> permissions = permissionService.getSettablePermissions(type);
|
|
return new ArrayList<String>(permissions);
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#isMember(java.lang.String, java.lang.String)
|
|
*/
|
|
public boolean isMember(String shortName, String authorityName)
|
|
{
|
|
return (!getPermissionGroups(shortName, authorityName).isEmpty());
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#removeMembership(java.lang.String, java.lang.String)
|
|
*/
|
|
public void removeMembership(final String shortName, final String authorityName)
|
|
{
|
|
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// TODO what do we do about the user if they are in a group that has
|
|
// rights to the site?
|
|
|
|
// Get the current user
|
|
String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
|
|
|
|
// Get the user current role
|
|
final String role = getMembersRole(shortName, authorityName);
|
|
if (role != null)
|
|
{
|
|
// Check that we are not about to remove the last site manager
|
|
checkLastManagerRemoval(shortName, authorityName, role);
|
|
|
|
// If ...
|
|
// -- the current user has change permissions rights on the site
|
|
// or
|
|
// -- the user is ourselves
|
|
if ((currentUserName.equals(authorityName) == true) ||
|
|
(permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED))
|
|
{
|
|
// Run as system user
|
|
AuthenticationUtil.runAs(
|
|
new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
public Object doWork() throws Exception
|
|
{
|
|
// Remove the user from the current permission
|
|
// group
|
|
String currentGroup = getSiteRoleGroup(shortName, role, true);
|
|
authorityService.removeAuthority(currentGroup, authorityName);
|
|
|
|
return null;
|
|
}
|
|
}, AuthenticationUtil.SYSTEM_USER_NAME);
|
|
|
|
// Raise events
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
|
|
if (authorityType == AuthorityType.USER)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_USER_REMOVED, shortName,
|
|
ACTIVITY_TOOL, getActivityUserData(authorityName, ""));
|
|
}
|
|
else if (authorityType == AuthorityType.GROUP)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_GROUP_REMOVED, shortName,
|
|
ACTIVITY_TOOL, getActivityGroupData(authorityName, ""));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Throw an exception
|
|
throw new SiteServiceException(MSG_CAN_NOT_REMOVE_MSHIP, new Object[]{shortName});
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Throw an exception
|
|
throw new SiteServiceException(MSG_CAN_NOT_REMOVE_MSHIP, new Object[]{shortName});
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#setMembership(java.lang.String,
|
|
* java.lang.String, java.lang.String)
|
|
*/
|
|
public void setMembership(final String shortName,
|
|
final String authorityName,
|
|
final String role)
|
|
{
|
|
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// Get the user's current role
|
|
final String currentRole = getMembersRole(shortName, authorityName);
|
|
|
|
// Do nothing if the role of the user is not being changed
|
|
if (currentRole == null || role.equals(currentRole) == false)
|
|
{
|
|
// TODO if this is the only site manager do not down grade their
|
|
// permissions
|
|
|
|
// Get the visibility of the site
|
|
SiteVisibility visibility = getSiteVisibility(siteNodeRef);
|
|
|
|
// If we are ...
|
|
// -- the current user has change permissions rights on the site
|
|
// or we are ...
|
|
// -- referring to a public site and
|
|
// -- the role being set is consumer and
|
|
// -- the user being added is ourselves and
|
|
// -- the member does not already have permissions
|
|
// ... then we can set the permissions as system user
|
|
final String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
|
|
if ((permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED) ||
|
|
(SiteVisibility.PUBLIC.equals(visibility) == true &&
|
|
role.equals(SiteModel.SITE_CONSUMER) == true &&
|
|
authorityName.equals(currentUserName) == true &&
|
|
currentRole == null))
|
|
{
|
|
// Check that we are not about to remove the last site manager
|
|
checkLastManagerRemoval(shortName, authorityName, currentRole);
|
|
|
|
// Run as system user
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
|
|
{
|
|
public Object doWork() throws Exception
|
|
{
|
|
if (currentRole != null)
|
|
{
|
|
// Remove the user from the current
|
|
// permission group
|
|
String currentGroup = getSiteRoleGroup(shortName, currentRole, true);
|
|
authorityService.removeAuthority(currentGroup, authorityName);
|
|
}
|
|
|
|
// Add the user to the new permission group
|
|
String newGroup = getSiteRoleGroup(shortName, role, true);
|
|
authorityService.addAuthority(newGroup, authorityName);
|
|
|
|
return null;
|
|
}
|
|
|
|
}, AuthenticationUtil.SYSTEM_USER_NAME);
|
|
|
|
if (currentRole == null)
|
|
{
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
|
|
if (authorityType == AuthorityType.USER)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_USER_JOINED, shortName,
|
|
ACTIVITY_TOOL, getActivityUserData(authorityName, role), authorityName);
|
|
}
|
|
else if (authorityType == AuthorityType.GROUP)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_GROUP_ADDED, shortName,
|
|
ACTIVITY_TOOL, getActivityGroupData(authorityName, role));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
|
|
if (authorityType == AuthorityType.USER)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_USER_ROLE_UPDATE, shortName,
|
|
ACTIVITY_TOOL, getActivityUserData(authorityName, role));
|
|
}
|
|
else if (authorityType == AuthorityType.GROUP)
|
|
{
|
|
activityService.postActivity(
|
|
ActivityType.SITE_GROUP_ROLE_UPDATE, shortName,
|
|
ACTIVITY_TOOL, getActivityGroupData(authorityName, role));
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Raise a permission exception
|
|
throw new SiteServiceException(MSG_CAN_NOT_CHANGE_MSHIP, new Object[]{shortName});
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#createContainer(java.lang.String,
|
|
* java.lang.String, org.alfresco.service.namespace.QName,
|
|
* java.util.Map)
|
|
*/
|
|
public NodeRef createContainer(String shortName,
|
|
String componentId,
|
|
QName containerType,
|
|
Map<QName, Serializable> containerProperties)
|
|
{
|
|
// Check for the component id
|
|
ParameterCheck.mandatoryString("componentId", componentId);
|
|
|
|
// retrieve site
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// Update the isPublic flag
|
|
SiteVisibility siteVisibility = getSiteVisibility(siteNodeRef);
|
|
|
|
// retrieve component folder within site
|
|
NodeRef containerNodeRef = null;
|
|
try
|
|
{
|
|
containerNodeRef = findContainer(siteNodeRef, componentId);
|
|
}
|
|
catch (FileNotFoundException e)
|
|
{
|
|
//NOOP
|
|
}
|
|
|
|
// create the container node reference
|
|
if (containerNodeRef == null)
|
|
{
|
|
if (containerType == null)
|
|
{
|
|
containerType = ContentModel.TYPE_FOLDER;
|
|
}
|
|
|
|
// create component folder
|
|
FileInfo fileInfo = fileFolderService.create(siteNodeRef,
|
|
componentId, containerType);
|
|
|
|
// Get the created container
|
|
containerNodeRef = fileInfo.getNodeRef();
|
|
|
|
// Set the properties if they have been provided
|
|
if (containerProperties != null)
|
|
{
|
|
Map<QName, Serializable> props = this.directNodeService
|
|
.getProperties(containerNodeRef);
|
|
props.putAll(containerProperties);
|
|
this.nodeService.setProperties(containerNodeRef, props);
|
|
}
|
|
|
|
// Add the container aspect
|
|
Map<QName, Serializable> aspectProps = new HashMap<QName, Serializable>(1, 1.0f);
|
|
aspectProps.put(SiteModel.PROP_COMPONENT_ID, componentId);
|
|
this.nodeService.addAspect(containerNodeRef, ASPECT_SITE_CONTAINER,
|
|
aspectProps);
|
|
|
|
// Set permissions on the container
|
|
if(SiteVisibility.MODERATED.equals(siteVisibility))
|
|
{
|
|
setModeratedPermissions(shortName, containerNodeRef);
|
|
}
|
|
|
|
// Make the container a tag scope
|
|
this.taggingService.addTagScope(containerNodeRef);
|
|
}
|
|
|
|
return containerNodeRef;
|
|
}
|
|
|
|
/**
|
|
* This method recursively cleans the site permissions on the specified NodeRef and all its primary
|
|
* descendants. This consists of
|
|
* <ul>
|
|
* <li>the removal of all site permissions pertaining to a site other than the containingSite</li>
|
|
* </ul>
|
|
* If the containingSite is <code>null</code> then the targetNode's current containing site is used.
|
|
*
|
|
* @param targetNode
|
|
* @param containingSite the site which the site is a member of. If <code>null</code>, it will be calculated.
|
|
*/
|
|
@Override
|
|
public void cleanSitePermissions(final NodeRef targetNode, SiteInfo containingSite)
|
|
{
|
|
this.sitesPermissionsCleaner.cleanSitePermissions(targetNode, containingSite);
|
|
}
|
|
|
|
/**
|
|
* Moderated sites have separate ACLs on each component and don't inherit from the
|
|
* site which has consumer role for everyone.
|
|
*/
|
|
private void setModeratedPermissions(String shortName, NodeRef containerNodeRef)
|
|
{
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
QName siteType = directNodeService.getType(siteNodeRef);
|
|
Set<String> permissions = permissionService.getSettablePermissions(siteType);
|
|
for (String permission : permissions)
|
|
{
|
|
String permissionGroup = getSiteRoleGroup(shortName, permission, true);
|
|
// Assign the group the relevant permission on the site
|
|
permissionService.setPermission(containerNodeRef, permissionGroup, permission, true);
|
|
}
|
|
permissionService.setPermission(containerNodeRef,
|
|
PermissionService.ALL_AUTHORITIES,
|
|
PermissionService.READ_PERMISSIONS, true);
|
|
|
|
this.permissionService.setInheritParentPermissions(containerNodeRef, false);
|
|
}
|
|
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#getContainer(java.lang.String)
|
|
*/
|
|
public NodeRef getContainer(String shortName, String componentId)
|
|
{
|
|
ParameterCheck.mandatoryString("componentId", componentId);
|
|
|
|
// retrieve site
|
|
NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// retrieve component folder within site
|
|
// NOTE: component id is used for folder name
|
|
NodeRef containerNodeRef = null;
|
|
try
|
|
{
|
|
containerNodeRef = findContainer(siteNodeRef, componentId);
|
|
}
|
|
catch (FileNotFoundException e)
|
|
{
|
|
//NOOP
|
|
}
|
|
|
|
return containerNodeRef;
|
|
}
|
|
|
|
/**
|
|
* @see org.alfresco.service.cmr.site.SiteService#hasContainer(java.lang.String)
|
|
*/
|
|
public boolean hasContainer(final String shortName, final String componentId)
|
|
{
|
|
ParameterCheck.mandatoryString("componentId", componentId);
|
|
|
|
// retrieve site
|
|
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
|
|
if (siteNodeRef == null)
|
|
{
|
|
throw new SiteDoesNotExistException(shortName);
|
|
}
|
|
|
|
// retrieve component folder within site
|
|
// NOTE: component id is used for folder name
|
|
boolean hasContainer = false;
|
|
|
|
NodeRef containerRef = AuthenticationUtil.runAs(new RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
return retryingTransactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
|
|
{
|
|
public NodeRef execute() throws Exception
|
|
{
|
|
try
|
|
{
|
|
return findContainer(siteNodeRef, componentId);
|
|
}
|
|
catch (FileNotFoundException e)
|
|
{
|
|
return null;
|
|
}
|
|
}
|
|
}, true);
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
|
|
if(containerRef != null)
|
|
{
|
|
hasContainer = true;
|
|
}
|
|
|
|
return hasContainer;
|
|
}
|
|
|
|
/**
|
|
* Locate site "container" folder for component
|
|
*
|
|
* @param siteNodeRef
|
|
* site
|
|
* @param componentId
|
|
* component id
|
|
* @return "container" node ref, if it exists
|
|
* @throws FileNotFoundException
|
|
*/
|
|
private NodeRef findContainer(NodeRef siteNodeRef, String componentId)
|
|
throws FileNotFoundException
|
|
{
|
|
List<String> paths = new ArrayList<String>(1);
|
|
paths.add(componentId);
|
|
FileInfo fileInfo = fileFolderService.resolveNamePath(siteNodeRef,
|
|
paths);
|
|
if (!fileInfo.isFolder())
|
|
{
|
|
throw new SiteServiceException(MSG_SITE_CONTAINER_NOT_FOLDER, new Object[]{fileInfo.getName()});
|
|
}
|
|
return fileInfo.getNodeRef();
|
|
}
|
|
|
|
/**
|
|
* Helper method to create a container if missing, and mark it as a
|
|
* tag scope if it isn't already one
|
|
*/
|
|
public static NodeRef getSiteContainer(final String siteShortName,
|
|
final String componentName, final boolean create,
|
|
final SiteService siteService, final TransactionService transactionService,
|
|
final TaggingService taggingService)
|
|
{
|
|
// Does the site exist?
|
|
if(siteService.getSite(siteShortName) == null) {
|
|
// Either the site doesn't exist, or you're not allowed to see it
|
|
if(! create)
|
|
{
|
|
// Just say there's no container
|
|
return null;
|
|
}
|
|
else
|
|
{
|
|
// We can't create on a non-existant site
|
|
throw new AlfrescoRuntimeException(
|
|
"Unable to create the " + componentName + " container from a hidden or non-existant site"
|
|
);
|
|
}
|
|
}
|
|
|
|
// Check about the container
|
|
if(! siteService.hasContainer(siteShortName, componentName))
|
|
{
|
|
if(create)
|
|
{
|
|
if(transactionService.isReadOnly())
|
|
{
|
|
throw new AlfrescoRuntimeException(
|
|
"Unable to create the " + componentName + " container from a read only transaction"
|
|
);
|
|
}
|
|
|
|
// Have the site container created
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Creating " + componentName + " container in site " + siteShortName);
|
|
}
|
|
|
|
NodeRef container = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
|
|
{
|
|
public NodeRef doWork() throws Exception
|
|
{
|
|
// Create the site container
|
|
NodeRef container = siteService.createContainer(
|
|
siteShortName, componentName, null, null
|
|
);
|
|
|
|
// Done
|
|
return container;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName()
|
|
);
|
|
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Created " + componentName + " as " + container + " for " + siteShortName);
|
|
}
|
|
|
|
// Container is setup and ready to use
|
|
return container;
|
|
}
|
|
else
|
|
{
|
|
// No container for this site, and not allowed to create
|
|
// Have the site container created
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("No " + componentName + " component in " + siteShortName + " and not creating");
|
|
}
|
|
return null;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Container is already there
|
|
NodeRef containerTmp = null;
|
|
try
|
|
{
|
|
containerTmp = siteService.getContainer(siteShortName, componentName);
|
|
}
|
|
catch(AccessDeniedException e)
|
|
{
|
|
if(!create)
|
|
{
|
|
// Just pretend it isn't there, as they can't see it
|
|
return null;
|
|
}
|
|
else
|
|
{
|
|
// It's there, they can't see it, and they need it
|
|
throw e;
|
|
}
|
|
}
|
|
final NodeRef container = containerTmp;
|
|
|
|
// Ensure the calendar container has the tag scope aspect applied to it
|
|
if(! taggingService.isTagScope(container))
|
|
{
|
|
if(logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Attaching tag scope to " + componentName + " " + container.toString() + " for " + siteShortName);
|
|
}
|
|
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>() {
|
|
public Void doWork() throws Exception
|
|
{
|
|
transactionService.getRetryingTransactionHelper().doInTransaction(
|
|
new RetryingTransactionCallback<Void>() {
|
|
public Void execute() throws Throwable {
|
|
// Add the tag scope aspect
|
|
taggingService.addTagScope(container);
|
|
return null;
|
|
}
|
|
}, false, true
|
|
);
|
|
return null;
|
|
}
|
|
}, AuthenticationUtil.getSystemUserName());
|
|
}
|
|
|
|
// Container is appropriately setup and configured
|
|
return container;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the activity data for a user
|
|
*
|
|
* @param userName user name
|
|
* @param role role
|
|
* @return
|
|
*/
|
|
private String getActivityUserData(String userName, String role)
|
|
{
|
|
String memberFN = "";
|
|
String memberLN = "";
|
|
NodeRef person = personService.getPerson(userName);
|
|
if (person != null)
|
|
{
|
|
memberFN = (String) directNodeService.getProperty(person,
|
|
ContentModel.PROP_FIRSTNAME);
|
|
memberLN = (String) directNodeService.getProperty(person,
|
|
ContentModel.PROP_LASTNAME);
|
|
}
|
|
|
|
try
|
|
{
|
|
JSONObject activityData = new JSONObject();
|
|
activityData.put("role", role);
|
|
activityData.put("memberUserName", userName);
|
|
activityData.put("memberFirstName", memberFN);
|
|
activityData.put("memberLastName", memberLN);
|
|
activityData.put("title", (memberFN + " " + memberLN + " ("
|
|
+ userName + ")").trim());
|
|
return activityData.toString();
|
|
} catch (JSONException je)
|
|
{
|
|
// log error, subsume exception
|
|
logger.error("Failed to get activity data: " + je);
|
|
return "";
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Helper method to get the activity data for a group
|
|
*
|
|
* @param groupName user name
|
|
* @param role role
|
|
* @return Activity data in JSON format
|
|
*/
|
|
private String getActivityGroupData(String groupName, String role)
|
|
{
|
|
try
|
|
{
|
|
JSONObject activityData = new JSONObject();
|
|
activityData.put("role", role);
|
|
activityData.put("groupName", groupName);
|
|
|
|
return activityData.toString();
|
|
}
|
|
catch (JSONException je)
|
|
{
|
|
// log error, subsume exception
|
|
logger.error("Failed to get activity data: " + je);
|
|
return "";
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Helper to check that we are not removing the last Site Manager from a site
|
|
*
|
|
* @param shortName
|
|
* @param authorityName
|
|
* @param role
|
|
*/
|
|
private void checkLastManagerRemoval(final String shortName, final String authorityName, final String role)
|
|
{
|
|
// Check that we are not about to remove the last site manager
|
|
if (SiteModel.SITE_MANAGER.equals(role) == true)
|
|
{
|
|
String mgrGroup = getSiteRoleGroup(shortName, SITE_MANAGER, true);
|
|
Set<String> siteUserMangers = this.authorityService.getContainedAuthorities(
|
|
AuthorityType.USER, mgrGroup, true);
|
|
if (siteUserMangers.size() <= 1)
|
|
{
|
|
Set<String> siteGroupManagers = this.authorityService.getContainedAuthorities(
|
|
AuthorityType.GROUP, mgrGroup, true);
|
|
|
|
if (siteUserMangers.size() + siteGroupManagers.size() == 1)
|
|
{
|
|
throw new SiteServiceException(MSG_DO_NOT_CHANGE_MGR, new Object[] {authorityName});
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|