use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.
the class ScriptCommentService method createCommentsFolder.
public ScriptNode createCommentsFolder(ScriptNode node) {
final NodeRef nodeRef = node.getNodeRef();
if (permissionService.hasPermission(nodeRef, PermissionService.ADD_CHILDREN) == AccessStatus.DENIED) {
throw new AccessDeniedException("User '" + AuthenticationUtil.getFullyAuthenticatedUser() + "' doesn't have permission to create discussion on node '" + nodeRef + "'");
}
// Run as system user to allow Contributor create discussions
NodeRef commentsFolder = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>() {
public NodeRef doWork() throws Exception {
NodeRef commentsFolder = null;
// ALF-5240: turn off auditing round the discussion node creation to prevent
// the source document from being modified by the first user leaving a comment
behaviourFilter.disableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE);
try {
nodeService.addAspect(nodeRef, QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "discussable"), null);
nodeService.addAspect(nodeRef, QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "commentsRollup"), null);
List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "discussion"), RegexQNamePattern.MATCH_ALL);
if (assocs.size() != 0) {
NodeRef forumFolder = assocs.get(0).getChildRef();
Map<QName, Serializable> props = new HashMap<QName, Serializable>(1, 1.0f);
props.put(ContentModel.PROP_NAME, COMMENTS_TOPIC_NAME);
commentsFolder = nodeService.createNode(forumFolder, ContentModel.ASSOC_CONTAINS, QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, COMMENTS_TOPIC_NAME), QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "topic"), props).getChildRef();
}
} finally {
behaviourFilter.enableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE);
}
return commentsFolder;
}
}, AuthenticationUtil.getSystemUserName());
return new ScriptNode(commentsFolder, serviceRegistry, getScope());
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.
the class DocLinksDelete method executeImpl.
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache) {
NodeRef destinationNodeRef = null;
/* Parse the template vars */
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
destinationNodeRef = parseNodeRefFromTemplateArgs(templateVars);
/* Delete links */
DeleteLinksStatusReport report;
try {
report = documentLinkService.deleteLinksToDocument(destinationNodeRef);
} catch (IllegalArgumentException ex) {
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid Arguments: " + ex.getMessage());
} catch (AccessDeniedException e) {
throw new WebScriptException(Status.STATUS_FORBIDDEN, "You don't have permission to perform this operation");
}
/* Build response */
Map<String, Object> model = new HashMap<String, Object>();
model.put("total_count", report.getTotalLinksFoundCount());
model.put("deleted_count", report.getDeletedLinksCount());
Map<String, String> errorDetails = new HashMap<String, String>();
Iterator<Entry<NodeRef, Throwable>> it = report.getErrorDetails().entrySet().iterator();
while (it.hasNext()) {
Map.Entry<NodeRef, Throwable> pair = it.next();
Throwable th = pair.getValue();
errorDetails.put(pair.getKey().toString(), th.getMessage());
}
model.put("error_details", errorDetails);
return model;
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project acs-community-packaging by Alfresco.
the class NavigationBean method getGuestHomeNode.
/**
* @return Node representing the Guest Home Space folder
*/
public Node getGuestHomeNode() {
if (this.guestHomeNode == null) {
try {
FacesContext fc = FacesContext.getCurrentInstance();
String xpath = Application.getRootPath(fc) + "/" + Application.getGuestHomeFolderName(fc);
List<NodeRef> guestHomeRefs = this.getSearchService().selectNodes(this.getNodeService().getRootNode(Repository.getStoreRef()), xpath, null, this.getNamespaceService(), false);
if (guestHomeRefs.size() == 1) {
this.guestHomeNode = new Node(guestHomeRefs.get(0));
}
} catch (InvalidNodeRefException err1) {
// cannot continue if this occurs
} catch (AccessDeniedException err2) {
// cannot see node if this occurs
}
}
return this.guestHomeNode;
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project acs-community-packaging by Alfresco.
the class TemplateSupportBean method selectDictionaryNodes.
/**
* @param fc FacesContext
* @param xpath XPath to the nodes to select
* @param noSelectionLabel Label to add to the list if no items are found in the search
* @param mimetype Optional mimetype of items to add, will not add to list if mimetype does not match
*
* @return List of SelectItem wrapper objects for the nodes found at the XPath
*/
private List<SelectItem> selectDictionaryNodes(FacesContext fc, String xpath, String noSelectionLabel, String mimetype) {
List<SelectItem> wrappers = null;
try {
NodeRef rootNodeRef = this.getNodeService().getRootNode(Repository.getStoreRef());
NamespaceService resolver = Repository.getServiceRegistry(fc).getNamespaceService();
List<NodeRef> results = this.getSearchService().selectNodes(rootNodeRef, xpath, null, resolver, false);
wrappers = new ArrayList<SelectItem>(results.size() + 1);
if (results.size() != 0) {
DictionaryService dd = Repository.getServiceRegistry(fc).getDictionaryService();
for (NodeRef ref : results) {
if (this.getNodeService().exists(ref) == true) {
Node childNode = new Node(ref);
ContentData content = (ContentData) childNode.getProperties().get(ContentModel.PROP_CONTENT);
if (dd.isSubClass(childNode.getType(), ContentModel.TYPE_CONTENT) && (mimetype == null || mimetype.equals(content.getMimetype()))) {
wrappers.add(new SelectItem(childNode.getId(), childNode.getName()));
}
}
}
// make sure the list is sorted by the label
QuickSort sorter = new QuickSort(wrappers, "label", true, IDataContainer.SORT_CASEINSENSITIVE);
sorter.sort();
}
} catch (AccessDeniedException accessErr) {
// ignore the result if we cannot access the root
}
// add an entry (at the start) to instruct the user to select an item
if (wrappers == null) {
wrappers = new ArrayList<SelectItem>(1);
}
wrappers.add(0, new SelectItem(NO_SELECTION, Application.getMessage(FacesContext.getCurrentInstance(), noSelectionLabel)));
return wrappers;
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project acs-community-packaging by Alfresco.
the class UIAssociationEditor method renderReadOnlyAssociations.
/**
* @see org.alfresco.web.ui.repo.component.property.BaseAssociationEditor#renderReadOnlyAssociations(javax.faces.context.FacesContext, javax.faces.context.ResponseWriter, org.alfresco.service.cmr.repository.NodeService)
*/
protected void renderReadOnlyAssociations(FacesContext context, ResponseWriter out, NodeService nodeService) throws IOException {
if (this.originalAssocs.size() > 0) {
out.write("<table cellspacing='0' cellpadding='2' border='0'>");
Iterator iter = this.originalAssocs.values().iterator();
while (iter.hasNext()) {
out.write("<tr><td>");
AssociationRef assoc = (AssociationRef) iter.next();
NodeRef targetNode = assoc.getTargetRef();
if (nodeService.exists(targetNode)) {
if (ContentModel.TYPE_PERSON.equals(nodeService.getType(targetNode))) {
// if the node represents a person, show the username instead of the name
out.write(Utils.encode(User.getFullNameAndUserId(nodeService, targetNode)));
} else if (ContentModel.TYPE_AUTHORITY_CONTAINER.equals(nodeService.getType(targetNode))) {
// if the node represents a group, show the group display name instead of the name
String groupDisplayName = (String) nodeService.getProperty(targetNode, ContentModel.PROP_AUTHORITY_DISPLAY_NAME);
if (groupDisplayName == null || groupDisplayName.length() == 0) {
String group = (String) nodeService.getProperty(targetNode, ContentModel.PROP_AUTHORITY_NAME);
groupDisplayName = group.substring(PermissionService.GROUP_PREFIX.length());
}
out.write(Utils.encode(groupDisplayName));
} else {
// use the standard cm:name property
// Fix AWC-1301
String displayString = null;
try {
displayString = Repository.getDisplayPath(nodeService.getPath(targetNode)) + "/" + Repository.getNameForNode(nodeService, targetNode);
} catch (AccessDeniedException ade) {
displayString = Application.getMessage(context, MSG_WARN_CANNOT_VIEW_TARGET_DETAILS);
}
out.write(Utils.encode(displayString));
}
} else {
String message = Application.getMessage(context, MSG_WARN_USER_WAS_DELETED);
out.write(message);
}
out.write("</td></tr>");
}
out.write("</table>");
}
}
Aggregations