use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project alfresco-remote-api by Alfresco.
the class RepoUsageGet method executeImpl.
@Override
protected Map<String, Object> executeImpl(final WebScriptRequest req, final Status status, final Cache cache) {
// Runas system to obtain the info
RunAsWork<Map<String, Object>> runAs = new RunAsWork<Map<String, Object>>() {
@Override
public Map<String, Object> doWork() throws Exception {
Map<String, Object> model = new HashMap<String, Object>(7);
RepoUsageStatus usageStatus = repoAdminService.getUsageStatus();
RepoUsage usage = usageStatus.getUsage();
putUsageInModel(model, usage, false);
// Add usage messages
model.put(JSON_KEY_LEVEL, usageStatus.getLevel().ordinal());
model.put(JSON_KEY_WARNINGS, usageStatus.getWarnings());
model.put(JSON_KEY_ERRORS, usageStatus.getErrors());
// Done
if (logger.isDebugEnabled()) {
logger.debug("Result: \n\tRequest: " + req + "\n\tModel: " + model);
}
return model;
}
};
return AuthenticationUtil.runAs(runAs, AuthenticationUtil.getSystemUserName());
}
use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project alfresco-remote-api by Alfresco.
the class DeleteMethod method executeImpl.
/**
* Execute the request
*
* @exception WebDAVServerException
*/
protected void executeImpl() throws WebDAVServerException, Exception {
if (logger.isDebugEnabled()) {
logger.debug("WebDAV DELETE: " + getPath());
}
final FileFolderService fileFolderService = getFileFolderService();
final PermissionService permissionService = getPermissionService();
NodeRef rootNodeRef = getRootNodeRef();
String path = getPath();
FileInfo fileInfo = null;
try {
// get the node to delete
fileInfo = getNodeForPath(rootNodeRef, path);
} catch (FileNotFoundException e) {
if (logger.isDebugEnabled()) {
logger.debug("Node not found: " + getPath());
}
throw new WebDAVServerException(HttpServletResponse.SC_NOT_FOUND);
}
checkNode(fileInfo);
final NodeService nodeService = getNodeService();
final NodeRef nodeRef = fileInfo.getNodeRef();
if (permissionService.hasPermission(nodeRef, PermissionService.DELETE) == AccessStatus.ALLOWED) {
// As this content will be deleted, we need to extract some info before it's no longer available.
String siteId = getSiteId();
NodeRef deletedNodeRef = fileInfo.getNodeRef();
FileInfo parentFile = getDAVHelper().getParentNodeForPath(getRootNodeRef(), path);
// Don't post activity data for hidden files, resource forks etc.
if (!getDAVHelper().isRenameShuffle(path)) {
postActivity(parentFile, fileInfo, siteId);
}
// MNT-181: working copies and versioned nodes are hidden rather than deleted
if (nodeService.hasAspect(nodeRef, ContentModel.ASPECT_WORKING_COPY) || nodeService.hasAspect(nodeRef, ContentModel.ASPECT_VERSIONABLE)) {
// Mark content as hidden. This breaks many contracts and will be fixed for "ALF-18619 WebDAV/SPP file shuffles"
fileFolderService.setHidden(nodeRef, true);
{
// Workaround for MNT-8704: WebDAV:Content does not disappear after being deleted
// Get the current user
final String deleteDelayUser = AuthenticationUtil.getFullyAuthenticatedUser();
// Add a timed task to really delete the file
TimerTask deleteDelayTask = new TimerTask() {
@Override
public void run() {
RunAsWork<Void> deleteDelayRunAs = new RunAsWork<Void>() {
@Override
public Void doWork() throws Exception {
// Ignore if it is NOT hidden: the shuffle may have finished; the operation may have failed
if (!nodeService.exists(nodeRef) || !fileFolderService.isHidden(nodeRef)) {
return null;
}
// Since this will run in a different thread, the client thread-local must be set
// or else unhiding the node will not unhide it for WebDAV.
FileFilterMode.setClient(FileFilterMode.Client.webdav);
// Unhide the node, e.g. for archiving
fileFolderService.setHidden(nodeRef, false);
// This is the transaction-aware service
fileFolderService.delete(nodeRef);
return null;
}
};
try {
AuthenticationUtil.runAs(deleteDelayRunAs, deleteDelayUser);
} catch (Throwable e) {
// consume exception to avoid it leaking from the TimerTask and causing the Timer to
// no longer accept tasks to be scheduled.
logger.info("Exception thrown during WebDAV delete timer task.", e);
}
}
};
// Schedule a real delete 5 seconds after the current time
deleteDelayTimer.schedule(deleteDelayTask, 5000L);
}
// node is is actually locked before unlocking to avoid access denied
if (getDAVLockService().getLockInfo(nodeRef).isLocked()) {
getDAVLockService().unlock(nodeRef);
}
} else // We just ensure already-hidden nodes are left unlocked
if (fileFolderService.isHidden(nodeRef)) {
getDAVLockService().unlock(nodeRef);
} else // A 'real' delete
{
// Delete it
fileFolderService.delete(deletedNodeRef);
}
} else {
// access denied
throw new WebDAVServerException(HttpServletResponse.SC_FORBIDDEN);
}
}
use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project alfresco-remote-api by Alfresco.
the class SiteMembershipRequestsImpl method inviteToPublicSite.
private SiteMembershipRequest inviteToPublicSite(final SiteInfo siteInfo, final String message, final String inviteeId, final String inviteeRole) {
SiteMembershipRequest siteMembershipRequest = null;
final String siteId = siteInfo.getShortName();
NodeRef siteNodeRef = siteInfo.getNodeRef();
String siteCreator = (String) nodeService.getProperty(siteNodeRef, ContentModel.PROP_CREATOR);
final String siteNetwork = networksService.getUserDefaultNetwork(siteCreator);
if (StringUtils.isNotEmpty(siteNetwork)) {
// MT
siteMembershipRequest = TenantUtil.runAsUserTenant(new TenantRunAsWork<SiteMembershipRequest>() {
@Override
public SiteMembershipRequest doWork() throws Exception {
return inviteToSite(siteId, inviteeId, inviteeRole, message);
}
}, siteCreator, siteNetwork);
} else {
siteMembershipRequest = AuthenticationUtil.runAs(new RunAsWork<SiteMembershipRequest>() {
@Override
public SiteMembershipRequest doWork() throws Exception {
return inviteToSite(siteId, inviteeId, inviteeRole, message);
}
}, siteCreator);
}
return siteMembershipRequest;
}
use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project alfresco-remote-api by Alfresco.
the class Invites method executeImpl.
/*
* (non-Javadoc)
*
* @see
* org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco
* .web.scripts.WebScriptRequest,
* org.alfresco.web.scripts.WebScriptResponse)
*/
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status) {
// initialise model to pass on for template to render
Map<String, Object> model = new HashMap<String, Object>();
// Get parameter names
String[] paramNames = req.getParameterNames();
// handle no parameters given on URL
if ((paramNames == null) || (paramNames.length == 0)) {
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "No parameters have been provided on URL");
}
// get URL request parameters, checking if at least one has been provided
// check if 'inviterUserName' parameter provided
String inviterUserName = req.getParameter(PARAM_INVITER_USER_NAME);
boolean inviterUserNameProvided = (inviterUserName != null) && (inviterUserName.length() != 0);
// check if 'inviteeUserName' parameter provided
String inviteeUserName = req.getParameter(PARAM_INVITEE_USER_NAME);
boolean inviteeUserNameProvided = (inviteeUserName != null) && (inviteeUserName.length() != 0);
// check if 'siteShortName' parameter provided
String siteShortName = req.getParameter(PARAM_SITE_SHORT_NAME);
boolean siteShortNameProvided = (siteShortName != null) && (siteShortName.length() != 0);
// check if 'inviteId' parameter provided
String inviteId = req.getParameter(PARAM_INVITE_ID);
boolean inviteIdProvided = (inviteId != null) && (inviteId.length() != 0);
// 'inviteId' URL request parameters has not been provided
if (!(inviterUserNameProvided || inviteeUserNameProvided || siteShortNameProvided || inviteIdProvided)) {
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "At least one of the following URL request parameters must be provided in URL " + "'inviterUserName', 'inviteeUserName', 'siteShortName' or 'inviteId'");
}
// InviteInfo List to place onto model
List<InviteInfo> inviteInfoList = new ArrayList<InviteInfo>();
// query properties
if (inviteIdProvided) {
NominatedInvitation invitation = (NominatedInvitation) invitationService.getInvitation(inviteId);
Map<String, SiteInfo> siteInfoCache = new HashMap<String, SiteInfo>(2);
inviteInfoList.add(toInviteInfo(siteInfoCache, invitation));
} else // 'inviteId' has not been provided, so create the query properties from
// the invite URL request
// parameters
// - because this web script class will terminate with a web script
// exception if none of the required
// request parameters are provided, at least one of these query
// properties will be set
// at this point
{
InvitationSearchCriteriaImpl criteria = new InvitationSearchCriteriaImpl();
criteria.setInvitationType(InvitationSearchCriteria.InvitationType.NOMINATED);
criteria.setResourceType(Invitation.ResourceType.WEB_SITE);
if (inviterUserNameProvided) {
criteria.setInviter(inviterUserName);
}
if (inviteeUserNameProvided) {
criteria.setInvitee(inviteeUserName);
}
if (siteShortNameProvided) {
criteria.setResourceName(siteShortName);
}
// MNT-9905 Pending Invites created by one site manager aren't visible to other site managers
String currentUser = AuthenticationUtil.getRunAsUser();
List<Invitation> invitations;
if (siteShortNameProvided == true && (SiteModel.SITE_MANAGER).equals(siteService.getMembersRole(siteShortName, currentUser)) && inviterUserNameProvided == false && inviteeUserNameProvided == false) {
final InvitationSearchCriteriaImpl crit = criteria;
RunAsWork<List<Invitation>> runAsSystem = new RunAsWork<List<Invitation>>() {
@Override
public List<Invitation> doWork() throws Exception {
return invitationService.searchInvitation(crit);
}
};
invitations = AuthenticationUtil.runAs(runAsSystem, AuthenticationUtil.getSystemUserName());
} else {
invitations = invitationService.searchInvitation(criteria);
}
// Put InviteInfo objects (containing workflow path properties
// wf:inviterUserName, wf:inviteeUserName, wf:siteShortName,
// and invite id property (from workflow instance id))
// onto model for each invite workflow task returned by the query
Map<String, SiteInfo> siteInfoCache = new HashMap<String, SiteInfo>(invitations.size() * 2);
for (Invitation invitation : invitations) {
inviteInfoList.add(toInviteInfo(siteInfoCache, (NominatedInvitation) invitation));
}
}
// put the list of invite infos onto model to be passed onto template
// for rendering
model.put(MODEL_KEY_NAME_INVITES, inviteInfoList);
return model;
}
use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project records-management by Alfresco.
the class CreateTransferFolderAsNonAdminUserTest method testCreateTransferFolderAsNonAdminUser.
public void testCreateTransferFolderAsNonAdminUser() {
doBehaviourDrivenTest(new BehaviourDrivenTest(testUser) {
// Records folder
private NodeRef recordsFolder = null;
// Transfer folder
private NodeRef transferFolder = null;
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
*/
@Override
public void given() {
runAs(new RunAsWork<Void>() {
public Void doWork() {
// Create category
NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
// Give filing permissions for the test users on the category
filePlanPermissionService.setPermission(category, testUser, FILING);
// Create disposition schedule
utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
// Create folder
recordsFolder = recordFolderService.createRecordFolder(category, generate());
// Make eligible for cut off
Map<String, Serializable> params = new HashMap<String, Serializable>(1);
params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
// Cut off folder
rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
return null;
}
}, getAdminUserName());
// FIXME: This step should be executed in "when()".
// See RM-3931
transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
*/
@Override
public void when() {
// FIXME: If the transfer step is executed here the test fails?!? See RM-3931
// transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
}
/**
* @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
*/
@Override
public void then() {
// Check transfer folder
assertNotNull(transferFolder);
// User should have read permissions on the transfers container
assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
// Check if the user has filing permissions on the transfer folder
assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
}
});
}
Aggregations