Search in sources :

Example 11 with ConstraintDefinition

use of org.alfresco.service.cmr.dictionary.ConstraintDefinition in project records-management by Alfresco.

the class RMCaveatConfigComponentImpl method hasAccess.

/**
 * Check whether access to 'record component' node is vetoed for current user due to caveat(s)
 *
 * @param nodeRef
 * @return false, if caveat(s) veto access otherwise return true
 */
@SuppressWarnings("unchecked")
public boolean hasAccess(NodeRef nodeRef) {
    try {
        if ((!nodeService.exists(nodeRef)) || (caveatAspectQNames.size() == 0)) {
            return true;
        }
        boolean found = false;
        for (QName caveatAspectQName : caveatAspectQNames) {
            if (nodeService.hasAspect(nodeRef, caveatAspectQName)) {
                found = true;
                break;
            }
        }
        if (!found) {
            // no caveat aspect
            return true;
        } else {
            // check for caveats
            String userName = AuthenticationUtil.getRunAsUser();
            if (userName != null) {
                // check all text properties
                Map<QName, Serializable> props = nodeService.getProperties(nodeRef);
                for (Map.Entry<QName, Serializable> entry : props.entrySet()) {
                    QName propName = entry.getKey();
                    PropertyDefinition propDef = dictionaryService.getProperty(propName);
                    if ((propDef != null) && (propDef.getDataType().getName().equals(DATATYPE_TEXT))) {
                        List<ConstraintDefinition> conDefs = propDef.getConstraints();
                        for (ConstraintDefinition conDef : conDefs) {
                            Constraint con = conDef.getConstraint();
                            if (con instanceof RMListOfValuesConstraint) {
                                RMListOfValuesConstraint rmCon = ((RMListOfValuesConstraint) con);
                                String conName = rmCon.getShortName();
                                MatchLogic matchLogic = rmCon.getMatchLogicEnum();
                                Map<String, List<String>> caveatConstraintDef = caveatConfig.get(conName);
                                if (caveatConstraintDef == null) {
                                    continue;
                                } else {
                                    Set<String> userGroupNames = authorityService.getAuthoritiesForUser(userName);
                                    List<String> allowedValues = getRMAllowedValues(userName, userGroupNames, conName);
                                    List<String> propValues = null;
                                    Object val = entry.getValue();
                                    if (val instanceof String) {
                                        propValues = new ArrayList<String>(1);
                                        propValues.add((String) val);
                                    } else if (val instanceof List) {
                                        propValues = (List<String>) val;
                                    }
                                    if (propValues != null && !isAllowed(propValues, allowedValues, matchLogic)) {
                                        if (logger.isDebugEnabled()) {
                                            logger.debug("Veto access: caveat=" + conName + ", userName=" + userName + ", nodeRef=" + nodeRef + ", propName=" + propName + ", propValues=" + propValues + ", allowedValues=" + allowedValues);
                                        }
                                        return false;
                                    }
                                }
                            }
                        }
                    }
                }
            }
            return true;
        }
    } catch (AccessDeniedException ade) {
        return false;
    }
}
Also used : Serializable(java.io.Serializable) AccessDeniedException(net.sf.acegisecurity.AccessDeniedException) Constraint(org.alfresco.service.cmr.dictionary.Constraint) QName(org.alfresco.service.namespace.QName) MatchLogic(org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic) PropertyDefinition(org.alfresco.service.cmr.dictionary.PropertyDefinition) ConstraintDefinition(org.alfresco.service.cmr.dictionary.ConstraintDefinition) List(java.util.List) ArrayList(java.util.ArrayList) JSONObject(org.json.JSONObject) Map(java.util.Map) MimetypeMap(org.alfresco.repo.content.MimetypeMap) HashMap(java.util.HashMap)

Example 12 with ConstraintDefinition

use of org.alfresco.service.cmr.dictionary.ConstraintDefinition in project records-management by Alfresco.

the class RMCaveatConfigComponentImpl method getRMConstraint.

/**
 * Get an RMConstraintInfo
 * @param listQName
 * @return the constraint or null if it does not exist
 */
public RMConstraintInfo getRMConstraint(QName listQName) {
    ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName);
    if (dictionaryDef != null) {
        Constraint con = dictionaryDef.getConstraint();
        if (con instanceof RMListOfValuesConstraint) {
            final RMListOfValuesConstraint def = (RMListOfValuesConstraint) con;
            RMConstraintInfo info = new RMConstraintInfo();
            info.setName(listQName.toPrefixString());
            info.setTitle(con.getTitle());
            List<String> allowedValues = AuthenticationUtil.runAs(new RunAsWork<List<String>>() {

                public List<String> doWork() {
                    return def.getAllowedValues();
                }
            }, AuthenticationUtil.getSystemUserName());
            info.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()]));
            info.setCaseSensitive(def.isCaseSensitive());
            return info;
        }
    }
    return null;
}
Also used : Constraint(org.alfresco.service.cmr.dictionary.Constraint) List(java.util.List) ArrayList(java.util.ArrayList) ConstraintDefinition(org.alfresco.service.cmr.dictionary.ConstraintDefinition)

Example 13 with ConstraintDefinition

use of org.alfresco.service.cmr.dictionary.ConstraintDefinition in project records-management by Alfresco.

the class RMCaveatConfigServiceImpl method updateRMConstraintAllowedValues.

/**
 * Update The allowed values for an RM Constraint.
 *
 * @param listName  The name of the list.
 * @param allowedValues the new alowed values
 */
public RMConstraintInfo updateRMConstraintAllowedValues(String listName, String[] allowedValues) {
    QName listQName = QName.createQName(listName, namespaceService);
    if (allowedValues != null) {
        List<String> allowedValueList = new ArrayList<String>();
        for (String value : allowedValues) {
            allowedValueList.add(value);
        }
        ConstraintDefinition dictionaryDef = dictionaryService.getConstraint(listQName);
        Constraint con = dictionaryDef.getConstraint();
        if (con instanceof RMListOfValuesConstraint) {
            final RMListOfValuesConstraint def = (RMListOfValuesConstraint) con;
            List<String> oldAllowedValues = AuthenticationUtil.runAs(new RunAsWork<List<String>>() {

                public List<String> doWork() {
                    return def.getAllowedValues();
                }
            }, AuthenticationUtil.getSystemUserName());
            /**
             * Deal with any additions
             */
            for (String newValue : allowedValueList) {
                if (!oldAllowedValues.contains(newValue) && logger.isDebugEnabled()) {
                    // This is an addition
                    logger.debug("value added to list:" + listQName + ":" + newValue);
                }
            }
            /**
             * Deal with any deletions
             */
            for (String oldValue : oldAllowedValues) {
                if (!allowedValueList.contains(oldValue)) {
                    // This is a deletion
                    if (logger.isDebugEnabled()) {
                        logger.debug("value removed from list:" + listQName + ":" + oldValue);
                    }
                    removeRMConstraintListValue(listName, oldValue);
                }
            }
        }
        recordsManagementAdminService.changeCustomConstraintValues(listQName, allowedValueList);
    }
    return getRMConstraint(listName);
}
Also used : Constraint(org.alfresco.service.cmr.dictionary.Constraint) QName(org.alfresco.service.namespace.QName) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) ConstraintDefinition(org.alfresco.service.cmr.dictionary.ConstraintDefinition)

Example 14 with ConstraintDefinition

use of org.alfresco.service.cmr.dictionary.ConstraintDefinition in project records-management by Alfresco.

the class RMCaveatConfigServiceImpl method getAllRMConstraints.

/**
 * Get all Constraint Lists
 */
public Set<RMConstraintInfo> getAllRMConstraints() {
    Set<RMConstraintInfo> info = new HashSet<RMConstraintInfo>();
    List<ConstraintDefinition> defs = new ArrayList<ConstraintDefinition>(10);
    for (QName caveatModelQName : rmCaveatConfigComponent.getRMCaveatModels()) {
        defs.addAll(recordsManagementAdminService.getCustomConstraintDefinitions(caveatModelQName));
    }
    for (ConstraintDefinition dictionaryDef : defs) {
        Constraint con = dictionaryDef.getConstraint();
        if (con instanceof RMListOfValuesConstraint) {
            final RMListOfValuesConstraint def = (RMListOfValuesConstraint) con;
            RMConstraintInfo i = new RMConstraintInfo();
            i.setName(def.getShortName());
            i.setTitle(def.getTitle());
            // note: assumes only one caveat/LOV against a given property
            List<String> allowedValues = AuthenticationUtil.runAs(new RunAsWork<List<String>>() {

                public List<String> doWork() {
                    return def.getAllowedValues();
                }
            }, AuthenticationUtil.getSystemUserName());
            i.setAllowedValues(allowedValues.toArray(new String[allowedValues.size()]));
            i.setCaseSensitive(def.isCaseSensitive());
            info.add(i);
        }
    }
    return info;
}
Also used : Constraint(org.alfresco.service.cmr.dictionary.Constraint) QName(org.alfresco.service.namespace.QName) ArrayList(java.util.ArrayList) ConstraintDefinition(org.alfresco.service.cmr.dictionary.ConstraintDefinition) ArrayList(java.util.ArrayList) List(java.util.List) HashSet(java.util.HashSet)

Example 15 with ConstraintDefinition

use of org.alfresco.service.cmr.dictionary.ConstraintDefinition in project records-management by Alfresco.

the class RecordsManagementAdminServiceImplTest method testCreateCustomConstraints.

public void testCreateCustomConstraints() throws Exception {
    final int beforeCnt = retryingTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Integer>() {

        public Integer execute() throws Throwable {
            List<ConstraintDefinition> result = rmAdminService.getCustomConstraintDefinitions(RecordsManagementCustomModel.RM_CUSTOM_MODEL);
            assertNotNull(result);
            return result.size();
        }
    });
    final String conTitle = "test title - " + testRunID;
    final List<String> allowedValues = new ArrayList<String>(3);
    allowedValues.add("RED");
    allowedValues.add("AMBER");
    allowedValues.add("GREEN");
    final QName testCon = retryingTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<QName>() {

        public QName execute() throws Throwable {
            String conLocalName = "test-" + testRunID;
            final QName result = QName.createQName(RecordsManagementCustomModel.RM_CUSTOM_URI, conLocalName);
            rmAdminService.addCustomConstraintDefinition(result, conTitle, true, allowedValues, MatchLogic.AND);
            return result;
        }
    });
    // Set the current security context as System - to see allowed values (unless caveat config is also updated for admin)
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
    retryingTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>() {

        public Void execute() throws Throwable {
            List<ConstraintDefinition> customConstraintDefs = rmAdminService.getCustomConstraintDefinitions(RecordsManagementCustomModel.RM_CUSTOM_MODEL);
            assertEquals(beforeCnt + 1, customConstraintDefs.size());
            boolean found = false;
            for (ConstraintDefinition conDef : customConstraintDefs) {
                if (conDef.getName().equals(testCon)) {
                    assertEquals(conTitle, conDef.getTitle(dictionaryService));
                    Constraint con = conDef.getConstraint();
                    assertTrue(con instanceof RMListOfValuesConstraint);
                    assertEquals("LIST", ((RMListOfValuesConstraint) con).getType());
                    assertEquals(3, ((RMListOfValuesConstraint) con).getAllowedValues().size());
                    found = true;
                    break;
                }
            }
            assertTrue(found);
            return null;
        }
    });
    // Set the current security context as admin
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
    retryingTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>() {

        public Void execute() throws Throwable {
            allowedValues.clear();
            allowedValues.add("RED");
            allowedValues.add("YELLOW");
            rmAdminService.changeCustomConstraintValues(testCon, allowedValues);
            return null;
        }
    });
    // Set the current security context as System - to see allowed values (unless caveat config is also updated for admin)
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName());
    retryingTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>() {

        public Void execute() throws Throwable {
            List<ConstraintDefinition> customConstraintDefs = rmAdminService.getCustomConstraintDefinitions(RecordsManagementCustomModel.RM_CUSTOM_MODEL);
            assertEquals(beforeCnt + 1, customConstraintDefs.size());
            boolean found = false;
            for (ConstraintDefinition conDef : customConstraintDefs) {
                if (conDef.getName().equals(testCon)) {
                    assertEquals(conTitle, conDef.getTitle(dictionaryService));
                    Constraint con = conDef.getConstraint();
                    assertTrue(con instanceof RMListOfValuesConstraint);
                    assertEquals("LIST", ((RMListOfValuesConstraint) con).getType());
                    assertEquals(2, ((RMListOfValuesConstraint) con).getAllowedValues().size());
                    found = true;
                    break;
                }
            }
            assertTrue(found);
            return null;
        }
    });
    // Set the current security context as admin
    AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
    // Add custom property to record with test constraint
    retryingTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>() {

        public Void execute() throws Throwable {
            String propLocalName = "myProp-" + testRunID;
            QName dataType = DataTypeDefinition.TEXT;
            String propTitle = "My property title";
            String description = "My property description";
            String defaultValue = null;
            boolean multiValued = false;
            boolean mandatory = false;
            boolean isProtected = false;
            QName propName = rmAdminService.addCustomPropertyDefinition(null, ASPECT_RECORD, propLocalName, dataType, propTitle, description, defaultValue, multiValued, mandatory, isProtected, testCon);
            createdCustomProperties.add(propName);
            return null;
        }
    });
}
Also used : RetryingTransactionHelper(org.alfresco.repo.transaction.RetryingTransactionHelper) RMListOfValuesConstraint(org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint) Constraint(org.alfresco.service.cmr.dictionary.Constraint) QName(org.alfresco.service.namespace.QName) ArrayList(java.util.ArrayList) RMListOfValuesConstraint(org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint) Constraint(org.alfresco.service.cmr.dictionary.Constraint) ConstraintDefinition(org.alfresco.service.cmr.dictionary.ConstraintDefinition) RMListOfValuesConstraint(org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint) ArrayList(java.util.ArrayList) List(java.util.List)

Aggregations

ConstraintDefinition (org.alfresco.service.cmr.dictionary.ConstraintDefinition)15 Constraint (org.alfresco.service.cmr.dictionary.Constraint)11 ArrayList (java.util.ArrayList)10 QName (org.alfresco.service.namespace.QName)9 List (java.util.List)8 PropertyDefinition (org.alfresco.service.cmr.dictionary.PropertyDefinition)5 ListOfValuesConstraint (org.alfresco.repo.dictionary.constraint.ListOfValuesConstraint)3 CustomModelConstraint (org.alfresco.rest.api.model.CustomModelConstraint)3 CustomModelDefinition (org.alfresco.service.cmr.dictionary.CustomModelDefinition)3 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 Map (java.util.Map)2 RMListOfValuesConstraint (org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint)2 MimetypeMap (org.alfresco.repo.content.MimetypeMap)2 InvalidArgumentException (org.alfresco.rest.framework.core.exceptions.InvalidArgumentException)2 JSONObject (org.json.JSONObject)2 Serializable (java.io.Serializable)1 Entry (java.util.Map.Entry)1 AccessDeniedException (net.sf.acegisecurity.AccessDeniedException)1 AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)1