Search in sources :

Example 1 with RunAsWork

use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project alfresco-remote-api by Alfresco.

the class RepoUsageGet method executeImpl.

@Override
protected Map<String, Object> executeImpl(final WebScriptRequest req, final Status status, final Cache cache) {
    // Runas system to obtain the info
    RunAsWork<Map<String, Object>> runAs = new RunAsWork<Map<String, Object>>() {

        @Override
        public Map<String, Object> doWork() throws Exception {
            Map<String, Object> model = new HashMap<String, Object>(7);
            RepoUsageStatus usageStatus = repoAdminService.getUsageStatus();
            RepoUsage usage = usageStatus.getUsage();
            putUsageInModel(model, usage, false);
            // Add usage messages
            model.put(JSON_KEY_LEVEL, usageStatus.getLevel().ordinal());
            model.put(JSON_KEY_WARNINGS, usageStatus.getWarnings());
            model.put(JSON_KEY_ERRORS, usageStatus.getErrors());
            // Done
            if (logger.isDebugEnabled()) {
                logger.debug("Result: \n\tRequest: " + req + "\n\tModel: " + model);
            }
            return model;
        }
    };
    return AuthenticationUtil.runAs(runAs, AuthenticationUtil.getSystemUserName());
}
Also used : RunAsWork(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork) HashMap(java.util.HashMap) RepoUsage(org.alfresco.service.cmr.admin.RepoUsage) Map(java.util.Map) HashMap(java.util.HashMap) RepoUsageStatus(org.alfresco.service.cmr.admin.RepoUsageStatus)

Example 2 with RunAsWork

use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project alfresco-remote-api by Alfresco.

the class DeleteMethod method executeImpl.

/**
 * Execute the request
 *
 * @exception WebDAVServerException
 */
protected void executeImpl() throws WebDAVServerException, Exception {
    if (logger.isDebugEnabled()) {
        logger.debug("WebDAV DELETE: " + getPath());
    }
    final FileFolderService fileFolderService = getFileFolderService();
    final PermissionService permissionService = getPermissionService();
    NodeRef rootNodeRef = getRootNodeRef();
    String path = getPath();
    FileInfo fileInfo = null;
    try {
        // get the node to delete
        fileInfo = getNodeForPath(rootNodeRef, path);
    } catch (FileNotFoundException e) {
        if (logger.isDebugEnabled()) {
            logger.debug("Node not found: " + getPath());
        }
        throw new WebDAVServerException(HttpServletResponse.SC_NOT_FOUND);
    }
    checkNode(fileInfo);
    final NodeService nodeService = getNodeService();
    final NodeRef nodeRef = fileInfo.getNodeRef();
    if (permissionService.hasPermission(nodeRef, PermissionService.DELETE) == AccessStatus.ALLOWED) {
        // As this content will be deleted, we need to extract some info before it's no longer available.
        String siteId = getSiteId();
        NodeRef deletedNodeRef = fileInfo.getNodeRef();
        FileInfo parentFile = getDAVHelper().getParentNodeForPath(getRootNodeRef(), path);
        // Don't post activity data for hidden files, resource forks etc.
        if (!getDAVHelper().isRenameShuffle(path)) {
            postActivity(parentFile, fileInfo, siteId);
        }
        // MNT-181: working copies and versioned nodes are hidden rather than deleted
        if (nodeService.hasAspect(nodeRef, ContentModel.ASPECT_WORKING_COPY) || nodeService.hasAspect(nodeRef, ContentModel.ASPECT_VERSIONABLE)) {
            // Mark content as hidden.  This breaks many contracts and will be fixed for "ALF-18619 WebDAV/SPP file shuffles"
            fileFolderService.setHidden(nodeRef, true);
            {
                // Workaround for MNT-8704: WebDAV:Content does not disappear after being deleted
                // Get the current user
                final String deleteDelayUser = AuthenticationUtil.getFullyAuthenticatedUser();
                // Add a timed task to really delete the file
                TimerTask deleteDelayTask = new TimerTask() {

                    @Override
                    public void run() {
                        RunAsWork<Void> deleteDelayRunAs = new RunAsWork<Void>() {

                            @Override
                            public Void doWork() throws Exception {
                                // Ignore if it is NOT hidden: the shuffle may have finished; the operation may have failed
                                if (!nodeService.exists(nodeRef) || !fileFolderService.isHidden(nodeRef)) {
                                    return null;
                                }
                                // Since this will run in a different thread, the client thread-local must be set
                                // or else unhiding the node will not unhide it for WebDAV.
                                FileFilterMode.setClient(FileFilterMode.Client.webdav);
                                // Unhide the node, e.g. for archiving
                                fileFolderService.setHidden(nodeRef, false);
                                // This is the transaction-aware service
                                fileFolderService.delete(nodeRef);
                                return null;
                            }
                        };
                        try {
                            AuthenticationUtil.runAs(deleteDelayRunAs, deleteDelayUser);
                        } catch (Throwable e) {
                            // consume exception to avoid it leaking from the TimerTask and causing the Timer to
                            // no longer accept tasks to be scheduled.
                            logger.info("Exception thrown during WebDAV delete timer task.", e);
                        }
                    }
                };
                // Schedule a real delete 5 seconds after the current time
                deleteDelayTimer.schedule(deleteDelayTask, 5000L);
            }
            // node is is actually locked before unlocking to avoid access denied
            if (getDAVLockService().getLockInfo(nodeRef).isLocked()) {
                getDAVLockService().unlock(nodeRef);
            }
        } else // We just ensure already-hidden nodes are left unlocked
        if (fileFolderService.isHidden(nodeRef)) {
            getDAVLockService().unlock(nodeRef);
        } else // A 'real' delete
        {
            // Delete it
            fileFolderService.delete(deletedNodeRef);
        }
    } else {
        // access denied
        throw new WebDAVServerException(HttpServletResponse.SC_FORBIDDEN);
    }
}
Also used : RunAsWork(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork) NodeService(org.alfresco.service.cmr.repository.NodeService) FileNotFoundException(org.alfresco.service.cmr.model.FileNotFoundException) FileFolderService(org.alfresco.service.cmr.model.FileFolderService) FileNotFoundException(org.alfresco.service.cmr.model.FileNotFoundException) PermissionService(org.alfresco.service.cmr.security.PermissionService) NodeRef(org.alfresco.service.cmr.repository.NodeRef) FileInfo(org.alfresco.service.cmr.model.FileInfo) TimerTask(java.util.TimerTask)

Example 3 with RunAsWork

use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project alfresco-remote-api by Alfresco.

the class SiteMembershipRequestsImpl method inviteToPublicSite.

private SiteMembershipRequest inviteToPublicSite(final SiteInfo siteInfo, final String message, final String inviteeId, final String inviteeRole) {
    SiteMembershipRequest siteMembershipRequest = null;
    final String siteId = siteInfo.getShortName();
    NodeRef siteNodeRef = siteInfo.getNodeRef();
    String siteCreator = (String) nodeService.getProperty(siteNodeRef, ContentModel.PROP_CREATOR);
    final String siteNetwork = networksService.getUserDefaultNetwork(siteCreator);
    if (StringUtils.isNotEmpty(siteNetwork)) {
        // MT
        siteMembershipRequest = TenantUtil.runAsUserTenant(new TenantRunAsWork<SiteMembershipRequest>() {

            @Override
            public SiteMembershipRequest doWork() throws Exception {
                return inviteToSite(siteId, inviteeId, inviteeRole, message);
            }
        }, siteCreator, siteNetwork);
    } else {
        siteMembershipRequest = AuthenticationUtil.runAs(new RunAsWork<SiteMembershipRequest>() {

            @Override
            public SiteMembershipRequest doWork() throws Exception {
                return inviteToSite(siteId, inviteeId, inviteeRole, message);
            }
        }, siteCreator);
    }
    return siteMembershipRequest;
}
Also used : NodeRef(org.alfresco.service.cmr.repository.NodeRef) RunAsWork(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork) TenantRunAsWork(org.alfresco.repo.tenant.TenantUtil.TenantRunAsWork) TenantRunAsWork(org.alfresco.repo.tenant.TenantUtil.TenantRunAsWork) SiteMembershipRequest(org.alfresco.rest.api.model.SiteMembershipRequest)

Example 4 with RunAsWork

use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project alfresco-remote-api by Alfresco.

the class Invites method executeImpl.

/*
     * (non-Javadoc)
     * 
     * @see
     * org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco
     * .web.scripts.WebScriptRequest,
     * org.alfresco.web.scripts.WebScriptResponse)
     */
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status) {
    // initialise model to pass on for template to render
    Map<String, Object> model = new HashMap<String, Object>();
    // Get parameter names
    String[] paramNames = req.getParameterNames();
    // handle no parameters given on URL
    if ((paramNames == null) || (paramNames.length == 0)) {
        throw new WebScriptException(Status.STATUS_BAD_REQUEST, "No parameters have been provided on URL");
    }
    // get URL request parameters, checking if at least one has been provided
    // check if 'inviterUserName' parameter provided
    String inviterUserName = req.getParameter(PARAM_INVITER_USER_NAME);
    boolean inviterUserNameProvided = (inviterUserName != null) && (inviterUserName.length() != 0);
    // check if 'inviteeUserName' parameter provided
    String inviteeUserName = req.getParameter(PARAM_INVITEE_USER_NAME);
    boolean inviteeUserNameProvided = (inviteeUserName != null) && (inviteeUserName.length() != 0);
    // check if 'siteShortName' parameter provided
    String siteShortName = req.getParameter(PARAM_SITE_SHORT_NAME);
    boolean siteShortNameProvided = (siteShortName != null) && (siteShortName.length() != 0);
    // check if 'inviteId' parameter provided
    String inviteId = req.getParameter(PARAM_INVITE_ID);
    boolean inviteIdProvided = (inviteId != null) && (inviteId.length() != 0);
    // 'inviteId' URL request parameters has not been provided
    if (!(inviterUserNameProvided || inviteeUserNameProvided || siteShortNameProvided || inviteIdProvided)) {
        throw new WebScriptException(Status.STATUS_BAD_REQUEST, "At least one of the following URL request parameters must be provided in URL " + "'inviterUserName', 'inviteeUserName', 'siteShortName' or 'inviteId'");
    }
    // InviteInfo List to place onto model
    List<InviteInfo> inviteInfoList = new ArrayList<InviteInfo>();
    // query properties
    if (inviteIdProvided) {
        NominatedInvitation invitation = (NominatedInvitation) invitationService.getInvitation(inviteId);
        Map<String, SiteInfo> siteInfoCache = new HashMap<String, SiteInfo>(2);
        inviteInfoList.add(toInviteInfo(siteInfoCache, invitation));
    } else // 'inviteId' has not been provided, so create the query properties from
    // the invite URL request
    // parameters
    // - because this web script class will terminate with a web script
    // exception if none of the required
    // request parameters are provided, at least one of these query
    // properties will be set
    // at this point
    {
        InvitationSearchCriteriaImpl criteria = new InvitationSearchCriteriaImpl();
        criteria.setInvitationType(InvitationSearchCriteria.InvitationType.NOMINATED);
        criteria.setResourceType(Invitation.ResourceType.WEB_SITE);
        if (inviterUserNameProvided) {
            criteria.setInviter(inviterUserName);
        }
        if (inviteeUserNameProvided) {
            criteria.setInvitee(inviteeUserName);
        }
        if (siteShortNameProvided) {
            criteria.setResourceName(siteShortName);
        }
        // MNT-9905 Pending Invites created by one site manager aren't visible to other site managers
        String currentUser = AuthenticationUtil.getRunAsUser();
        List<Invitation> invitations;
        if (siteShortNameProvided == true && (SiteModel.SITE_MANAGER).equals(siteService.getMembersRole(siteShortName, currentUser)) && inviterUserNameProvided == false && inviteeUserNameProvided == false) {
            final InvitationSearchCriteriaImpl crit = criteria;
            RunAsWork<List<Invitation>> runAsSystem = new RunAsWork<List<Invitation>>() {

                @Override
                public List<Invitation> doWork() throws Exception {
                    return invitationService.searchInvitation(crit);
                }
            };
            invitations = AuthenticationUtil.runAs(runAsSystem, AuthenticationUtil.getSystemUserName());
        } else {
            invitations = invitationService.searchInvitation(criteria);
        }
        // Put InviteInfo objects (containing workflow path properties
        // wf:inviterUserName, wf:inviteeUserName, wf:siteShortName,
        // and invite id property (from workflow instance id))
        // onto model for each invite workflow task returned by the query
        Map<String, SiteInfo> siteInfoCache = new HashMap<String, SiteInfo>(invitations.size() * 2);
        for (Invitation invitation : invitations) {
            inviteInfoList.add(toInviteInfo(siteInfoCache, (NominatedInvitation) invitation));
        }
    }
    // put the list of invite infos onto model to be passed onto template
    // for rendering
    model.put(MODEL_KEY_NAME_INVITES, inviteInfoList);
    return model;
}
Also used : InviteInfo(org.alfresco.repo.invitation.site.InviteInfo) SiteInfo(org.alfresco.service.cmr.site.SiteInfo) NominatedInvitation(org.alfresco.service.cmr.invitation.NominatedInvitation) HashMap(java.util.HashMap) RunAsWork(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork) ArrayList(java.util.ArrayList) NominatedInvitation(org.alfresco.service.cmr.invitation.NominatedInvitation) Invitation(org.alfresco.service.cmr.invitation.Invitation) InvitationSearchCriteriaImpl(org.alfresco.repo.invitation.InvitationSearchCriteriaImpl) WebScriptException(org.springframework.extensions.webscripts.WebScriptException) ArrayList(java.util.ArrayList) List(java.util.List)

Example 5 with RunAsWork

use of org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork in project records-management by Alfresco.

the class CreateTransferFolderAsNonAdminUserTest method testCreateTransferFolderAsNonAdminUser.

public void testCreateTransferFolderAsNonAdminUser() {
    doBehaviourDrivenTest(new BehaviourDrivenTest(testUser) {

        // Records folder
        private NodeRef recordsFolder = null;

        // Transfer folder
        private NodeRef transferFolder = null;

        /**
         * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
         */
        @Override
        public void given() {
            runAs(new RunAsWork<Void>() {

                public Void doWork() {
                    // Create category
                    NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
                    // Give filing permissions for the test users on the category
                    filePlanPermissionService.setPermission(category, testUser, FILING);
                    // Create disposition schedule
                    utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
                    // Create folder
                    recordsFolder = recordFolderService.createRecordFolder(category, generate());
                    // Make eligible for cut off
                    Map<String, Serializable> params = new HashMap<String, Serializable>(1);
                    params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
                    rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
                    // Cut off folder
                    rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
                    return null;
                }
            }, getAdminUserName());
            // FIXME: This step should be executed in "when()".
            // See RM-3931
            transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
        }

        /**
         * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
         */
        @Override
        public void when() {
        // FIXME: If the transfer step is executed here the test fails?!? See RM-3931
        // transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
        }

        /**
         * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
         */
        @Override
        public void then() {
            // Check transfer folder
            assertNotNull(transferFolder);
            // User should have read permissions on the transfers container
            assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
            // Check if the user has filing permissions on the transfer folder
            assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
        }
    });
}
Also used : NodeRef(org.alfresco.service.cmr.repository.NodeRef) Serializable(java.io.Serializable) RunAsWork(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork) HashMap(java.util.HashMap)

Aggregations

RunAsWork (org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork)34 NodeRef (org.alfresco.service.cmr.repository.NodeRef)26 HashMap (java.util.HashMap)11 Serializable (java.io.Serializable)8 AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)7 FileNotFoundException (org.alfresco.service.cmr.model.FileNotFoundException)5 ArrayList (java.util.ArrayList)4 List (java.util.List)4 FileExistsException (org.alfresco.service.cmr.model.FileExistsException)4 ContentWriter (org.alfresco.service.cmr.repository.ContentWriter)4 QName (org.alfresco.service.namespace.QName)4 HashSet (java.util.HashSet)3 Map (java.util.Map)3 Set (java.util.Set)3 AccessDeniedException (org.alfresco.repo.security.permissions.AccessDeniedException)3 ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)3 SiteInfo (org.alfresco.service.cmr.site.SiteInfo)3 Version (org.alfresco.service.cmr.version.Version)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2