Example 1 with ModelAccessDeniedException
use of org.alfresco.module.org_alfresco_module_rm.model.security.ModelAccessDeniedException in project records-management by Alfresco.
the class RecordServiceImpl method onUpdateProperties.
/**
* Ensure that the user only updates record properties that they have permission to.
*
* @see org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy#onUpdateProperties(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, java.util.Map)
*/
@Override
@Behaviour(name = "onUpdateProperties", kind = BehaviourKind.CLASS, type = "rma:record")
public void onUpdateProperties(final NodeRef nodeRef, final Map<QName, Serializable> before, final Map<QName, Serializable> after) {
if (AuthenticationUtil.getFullyAuthenticatedUser() != null && !AuthenticationUtil.isRunAsUserTheSystemUser() && nodeService.exists(nodeRef) && isRecord(nodeRef) && !transactionalResourceHelper.getSet(KEY_IGNORE_ON_UPDATE).contains(nodeRef)) {
for (Map.Entry<QName, Serializable> entry : after.entrySet()) {
Serializable beforeValue = null;
QName property = entry.getKey();
if (before != null) {
beforeValue = before.get(property);
}
Serializable afterValue = entry.getValue();
boolean propertyUnchanged = false;
if (beforeValue instanceof Date && afterValue instanceof Date) {
// deal with date values, remove the seconds and milliseconds for the
// comparison as they are removed from the submitted for data
Calendar beforeCal = Calendar.getInstance();
beforeCal.setTime((Date) beforeValue);
Calendar afterCal = Calendar.getInstance();
afterCal.setTime((Date) afterValue);
beforeCal.set(Calendar.SECOND, 0);
beforeCal.set(Calendar.MILLISECOND, 0);
afterCal.set(Calendar.SECOND, 0);
afterCal.set(Calendar.MILLISECOND, 0);
propertyUnchanged = (beforeCal.compareTo(afterCal) == 0);
} else if ((afterValue instanceof Boolean) && (beforeValue == null) && (afterValue.equals(Boolean.FALSE))) {
propertyUnchanged = true;
} else {
// otherwise
propertyUnchanged = EqualsHelper.nullSafeEquals(beforeValue, afterValue);
}
if (!propertyUnchanged && !(ContentModel.PROP_CONTENT.equals(property) && beforeValue == null) && !isPropertyEditable(nodeRef, property)) {
// the user can't edit the record property
throw new ModelAccessDeniedException("The user " + AuthenticationUtil.getFullyAuthenticatedUser() + " does not have the permission to edit the record property " + property.toString() + " on the node " + nodeRef.toString());
}
}
}
}
Also used :
Serializable(java.io.Serializable)
QName(org.alfresco.service.namespace.QName)
Calendar(java.util.Calendar)
Map(java.util.Map)
PropertyMap(org.alfresco.util.PropertyMap)
HashMap(java.util.HashMap)
ModelAccessDeniedException(org.alfresco.module.org_alfresco_module_rm.model.security.ModelAccessDeniedException)
Date(java.util.Date)
Behaviour(org.alfresco.repo.policy.annotation.Behaviour)
Aggregations
Serializable (java.io.Serializable)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
ModelAccessDeniedException (org.alfresco.module.org_alfresco_module_rm.model.security.ModelAccessDeniedException)1
Behaviour (org.alfresco.repo.policy.annotation.Behaviour)1
QName (org.alfresco.service.namespace.QName)1
PropertyMap (org.alfresco.util.PropertyMap)1
