Example 16 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class ContentDiskDriver method cloneNode.
/**
* Clone node
*
* @param newName the new name of the node
* @param fromNode the node to copy from
* @param toNode the node to copy to
* @param ctx
*/
private void cloneNode(String newName, NodeRef fromNode, NodeRef toNode, ContentContext ctx) {
if (logger.isDebugEnabled()) {
logger.debug("clone node from fromNode:" + fromNode + "toNode:" + toNode);
}
cloneNodeAspects(newName, fromNode, toNode, ctx);
// copy over the node creator and owner properties
// need to disable the auditable aspect first to prevent default audit behaviour
policyBehaviourFilter.disableBehaviour(ContentModel.ASPECT_AUDITABLE);
try {
nodeService.setProperty(toNode, ContentModel.PROP_CREATOR, nodeService.getProperty(fromNode, ContentModel.PROP_CREATOR));
ownableService.setOwner(toNode, ownableService.getOwner(fromNode));
} finally {
policyBehaviourFilter.enableBehaviour(ContentModel.ASPECT_AUDITABLE);
}
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(fromNode);
boolean inheritParentPermissions = permissionService.getInheritParentPermissions(fromNode);
permissionService.deletePermissions(fromNode);
permissionService.setInheritParentPermissions(toNode, inheritParentPermissions);
for (AccessPermission permission : permissions) {
permissionService.setPermission(toNode, permission.getAuthority(), permission.getPermission(), (permission.getAccessStatus() == AccessStatus.ALLOWED));
}
// Need to take a new guess at the mimetype based upon the new file name.
ContentData content = (ContentData) nodeService.getProperty(toNode, ContentModel.PROP_CONTENT);
// Take a guess at the mimetype (if it has not been set by something already)
if (content != null && (content.getMimetype() == null || content.getMimetype().equals(MimetypeMap.MIMETYPE_BINARY))) {
String mimetype = mimetypeService.guessMimetype(newName);
if (logger.isDebugEnabled()) {
logger.debug("set new mimetype to:" + mimetype);
}
ContentData replacement = ContentData.setMimetype(content, mimetype);
nodeService.setProperty(toNode, ContentModel.PROP_CONTENT, replacement);
}
// Extract metadata pending change for ALF-5082
Action action = getActionService().createAction(ContentMetadataExtracter.EXECUTOR_NAME);
if (action != null) {
getActionService().executeAction(action, toNode);
}
}
Also used :
Action(org.alfresco.service.cmr.action.Action)
ContentData(org.alfresco.service.cmr.repository.ContentData)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
Example 17 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class DbNodeServiceImpl method archiveHierarchyImpl.
/**
* Archive (direct copy) a node hierarchy
*
* @param walker the node hierarchy to archive
* @param archiveStoreRef StoreRef
*/
private void archiveHierarchyImpl(NodeHierarchyWalker walker, StoreRef archiveStoreRef) {
// Start with the node we are archiving to
Pair<Long, NodeRef> archiveStoreRootNodePair = nodeDAO.getRootNode(archiveStoreRef);
// Work through the hierarchy from the top down and archive all the nodes
boolean firstNode = true;
Map<Long, Pair<Long, NodeRef>> archiveRecord = new HashMap<Long, Pair<Long, NodeRef>>(walker.getNodes(false).size() * 2);
for (VisitedNode node : walker.getNodes(false)) {
// Get node metadata
Map<QName, Serializable> archiveProperties = nodeDAO.getNodeProperties(node.id);
Set<QName> archiveAspects = nodeDAO.getNodeAspects(node.id);
// The first node gets special treatment as it contains the archival details
ChildAssociationRef archivePrimaryParentAssocRef = null;
final Pair<Long, NodeRef> archiveParentNodePair;
if (firstNode) {
// Attach top-level archival details
ChildAssociationRef primaryParentAssocRef = node.primaryParentAssocPair.getSecond();
archiveAspects.add(ContentModel.ASPECT_ARCHIVED);
archiveProperties.put(ContentModel.PROP_ARCHIVED_BY, AuthenticationUtil.getFullyAuthenticatedUser());
archiveProperties.put(ContentModel.PROP_ARCHIVED_DATE, new Date());
archiveProperties.put(ContentModel.PROP_ARCHIVED_ORIGINAL_PARENT_ASSOC, primaryParentAssocRef);
Serializable originalOwner = archiveProperties.get(ContentModel.PROP_OWNER);
archiveProperties.put(ContentModel.PROP_ARCHIVED_ORIGINAL_OWNER, originalOwner != null ? originalOwner : OwnableService.NO_OWNER);
// change the node ownership
archiveAspects.add(ContentModel.ASPECT_OWNABLE);
archiveProperties.put(ContentModel.PROP_OWNER, AuthenticationUtil.getFullyAuthenticatedUser());
// Create new primary association
archivePrimaryParentAssocRef = new ChildAssociationRef(ContentModel.ASSOC_CHILDREN, archiveStoreRootNodePair.getSecond(), NodeArchiveService.QNAME_ARCHIVED_ITEM, new NodeRef(archiveStoreRef, node.nodeRef.getId()), true, -1);
archiveParentNodePair = archiveStoreRootNodePair;
} else {
ChildAssociationRef primaryParentAssocRef = node.primaryParentAssocPair.getSecond();
NodeRef parentNodeRef = primaryParentAssocRef.getParentRef();
// Look it up
VisitedNode parentNode = walker.getNode(parentNodeRef);
if (parentNode == null) {
throw new IllegalStateException("Expected that a child has a visited primary parent: " + primaryParentAssocRef);
}
// This needs to have been mapped to a new parent
archiveParentNodePair = archiveRecord.get(parentNode.id);
if (archiveParentNodePair == null) {
throw new IllegalStateException("Expected to have archived primary parent: " + primaryParentAssocRef);
}
// Build the primary association details
archivePrimaryParentAssocRef = new ChildAssociationRef(primaryParentAssocRef.getTypeQName(), archiveParentNodePair.getSecond(), primaryParentAssocRef.getQName(), new NodeRef(archiveStoreRef, node.nodeRef.getId()), true, primaryParentAssocRef.getNthSibling());
}
// Invoke behaviours
invokeBeforeCreateNode(archivePrimaryParentAssocRef.getParentRef(), archivePrimaryParentAssocRef.getTypeQName(), archivePrimaryParentAssocRef.getQName(), node.nodeType);
// Create a new node
boolean attempted = false;
Node archiveNode = null;
while (true) {
try {
ChildAssocEntity archiveChildAssocEntity = nodeDAO.newNode(archiveParentNodePair.getFirst(), archivePrimaryParentAssocRef.getTypeQName(), archivePrimaryParentAssocRef.getQName(), archiveStoreRef, node.nodeRef.getId(), node.nodeType, (Locale) archiveProperties.get(ContentModel.PROP_LOCALE), (String) archiveProperties.get(ContentModel.PROP_NAME), archiveProperties);
archiveNode = archiveChildAssocEntity.getChildNode();
// Store the archive mapping for this node
archiveRecord.put(node.id, archiveNode.getNodePair());
break;
} catch (NodeExistsException e) {
if (!attempted) {
// There is a conflict, so delete the currently-archived node
NodeRef conflictingNodeRef = e.getNodePair().getSecond();
deleteNode(conflictingNodeRef);
attempted = true;
} else {
throw e;
}
}
}
// Carry any explicit permissions over to the new node
Set<AccessPermission> originalNodePermissions = permissionService.getAllSetPermissions(node.nodeRef);
for (AccessPermission originalPermission : originalNodePermissions) {
if (originalPermission.isInherited()) {
// Ignore inherited permissions
continue;
}
NodeRef archiveNodeRef = archiveNode.getNodeRef();
permissionService.setPermission(archiveNodeRef, originalPermission.getAuthority(), originalPermission.getPermission(), originalPermission.getAccessStatus() == AccessStatus.ALLOWED);
}
// Check if it inherits permissions or not
if (!permissionService.getInheritParentPermissions(node.nodeRef)) {
permissionService.setInheritParentPermissions(archiveNode.getNodeRef(), false);
}
// Add properties and aspects
Long archiveNodeId = archiveNode.getId();
NodeRef archiveNodeRef = archiveNode.getNodeRef();
nodeDAO.addNodeAspects(archiveNodeId, archiveAspects);
nodeDAO.addNodeProperties(archiveNodeId, archiveProperties);
// username is linked to the document
if (firstNode) {
// Attach archiveRoot aspect to root
// TODO: In time, this can be moved into a patch
Long archiveStoreRootNodeId = archiveStoreRootNodePair.getFirst();
NodeRef archiveStoreRootNodeRef = archiveStoreRootNodePair.getSecond();
if (!nodeDAO.hasNodeAspect(archiveStoreRootNodeId, ContentModel.ASPECT_ARCHIVE_ROOT)) {
addAspect(archiveStoreRootNodeRef, ContentModel.ASPECT_ARCHIVE_ROOT, null);
}
// Ensure that the user has a folder for archival
String username = AuthenticationUtil.getFullyAuthenticatedUser();
if (username == null) {
username = AuthenticationUtil.getAdminUserName();
}
Pair<Long, ChildAssociationRef> userArchiveAssocPair = nodeDAO.getChildAssoc(archiveStoreRootNodeId, ContentModel.ASSOC_ARCHIVE_USER_LINK, username);
NodeRef userArchiveNodeRef = null;
if (userArchiveAssocPair == null) {
// User has no node entry. Create a new one.
QName archiveUserAssocQName = QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, QName.createValidLocalName(username));
Map<QName, Serializable> userArchiveNodeProps = Collections.singletonMap(ContentModel.PROP_NAME, (Serializable) username);
userArchiveNodeRef = createNode(archiveStoreRootNodeRef, ContentModel.ASSOC_ARCHIVE_USER_LINK, archiveUserAssocQName, ContentModel.TYPE_ARCHIVE_USER, userArchiveNodeProps).getChildRef();
} else {
userArchiveNodeRef = userArchiveAssocPair.getSecond().getChildRef();
}
// Link user node to archived item via secondary child association
String archiveNodeName = (String) archiveProperties.get(ContentModel.PROP_NAME);
if (archiveNodeName == null) {
archiveNodeName = archiveNodeRef.getId();
}
QName archiveAssocQName = QName.createQNameWithValidLocalName(NamespaceService.SYSTEM_MODEL_1_0_URI, archiveNodeName);
addChild(userArchiveNodeRef, archiveNodeRef, ContentModel.ASSOC_ARCHIVED_LINK, archiveAssocQName);
}
// Invoke behaviours
invokeOnCreateNode(archivePrimaryParentAssocRef);
firstNode = false;
}
}
Also used :
Serializable(java.io.Serializable)
HashMap(java.util.HashMap)
QName(org.alfresco.service.namespace.QName)
NodeExistsException(org.alfresco.repo.domain.node.NodeExistsException)
VisitedNode(org.alfresco.repo.node.db.NodeHierarchyWalker.VisitedNode)
Node(org.alfresco.repo.domain.node.Node)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
ChildAssociationRef(org.alfresco.service.cmr.repository.ChildAssociationRef)
Date(java.util.Date)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
ChildAssocEntity(org.alfresco.repo.domain.node.ChildAssocEntity)
VisitedNode(org.alfresco.repo.node.db.NodeHierarchyWalker.VisitedNode)
Pair(org.alfresco.util.Pair)
Example 18 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class SiteServiceImpl method getSiteVisibility.
/**
* Helper method to get the visibility of the site. If no value is present in the repository then it is calculated from the
* set permissions. This will maintain backwards compatibility with earlier versions of the service implementation.
*
* @param siteNodeRef site node reference
* @return SiteVisibility site visibility
*/
private SiteVisibility getSiteVisibility(NodeRef siteNodeRef) {
SiteVisibility visibility = SiteVisibility.PRIVATE;
// Get the visibility value stored in the repo
String visibilityValue = (String) this.directNodeService.getProperty(siteNodeRef, SiteModel.PROP_SITE_VISIBILITY);
// if there is no value specified on the site node
if (visibilityValue == null) {
// Examine each permission to see if this is a public site or not
Set<AccessPermission> permissions;
try {
permissions = this.permissionService.getAllSetPermissions(siteNodeRef);
} catch (AccessDeniedException ae) {
// We might not have permission to examine the permissions
return visibility;
}
for (AccessPermission permission : permissions) {
if (permission.getAuthority().equals(PermissionService.ALL_AUTHORITIES) == true && permission.getPermission().equals(SITE_CONSUMER) == true) {
visibility = SiteVisibility.PUBLIC;
break;
}
}
} else {
// Create the enum value from the string
visibility = SiteVisibility.valueOf(visibilityValue);
}
return visibility;
}
Also used :
AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
FilterTypeString(org.alfresco.repo.node.getchildren.FilterPropString.FilterTypeString)
FilterPropString(org.alfresco.repo.node.getchildren.FilterPropString)
SiteVisibility(org.alfresco.service.cmr.site.SiteVisibility)
Example 19 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class ScriptNode method getSortedACLs.
/**
* @return Sorted list of <code>AccessPermission</code> based on <code>CMISConnector.AccessPermissionComparator</code>
* and <code>AccessStatus</code> of the permission for an authority.
*/
public static List<AccessPermission> getSortedACLs(Set<AccessPermission> acls) {
ArrayList<AccessPermission> ordered = new ArrayList<AccessPermission>(acls);
Map<String, AccessPermission> deDuplicatedPermissions = new HashMap<String, AccessPermission>(acls.size());
Collections.sort(ordered, new CMISConnector.AccessPermissionComparator());
for (AccessPermission current : ordered) {
String composedKey = current.getAuthority() + current.getPermission();
if (current.getAccessStatus() == AccessStatus.ALLOWED) {
deDuplicatedPermissions.put(composedKey, current);
} else if (current.getAccessStatus() == AccessStatus.DENIED) {
deDuplicatedPermissions.remove(composedKey);
}
}
return new ArrayList<AccessPermission>(deDuplicatedPermissions.values());
}
Also used :
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
CMISConnector(org.alfresco.opencmis.CMISConnector)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
ArrayList(java.util.ArrayList)
Example 20 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class ScriptNode method retrieveAllSetPermissions.
/**
* Helper to construct the response object for the various getPermissions() calls.
*
* @param direct True to only retrieve direct permissions, false to get inherited also
* @param full True to retrieve full data string with [INHERITED|DIRECT] element
* This exists to maintain backward compatibility with existing permission APIs.
*
* @return Object[] of packed permission strings.
*/
protected Object[] retrieveAllSetPermissions(boolean direct, boolean full) {
Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
List<Object> permissions = new ArrayList<Object>(acls.size());
List<AccessPermission> ordered = getSortedACLs(acls);
for (AccessPermission permission : ordered) {
if (!direct || permission.isSetDirectly()) {
StringBuilder buf = new StringBuilder(64);
buf.append(permission.getAccessStatus()).append(';').append(permission.getAuthority()).append(';').append(permission.getPermission());
if (full) {
buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
}
permissions.add(buf.toString());
}
}
return (Object[]) permissions.toArray(new Object[permissions.size()]);
}
Also used :
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
ArrayList(java.util.ArrayList)
JSONObject(org.json.JSONObject)
ScriptableObject(org.mozilla.javascript.ScriptableObject)
Aggregations
AccessPermission (org.alfresco.service.cmr.security.AccessPermission)52
NodeRef (org.alfresco.service.cmr.repository.NodeRef)21
ArrayList (java.util.ArrayList)15
HashSet (java.util.HashSet)14
HashMap (java.util.HashMap)13
ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)7
Test (org.junit.Test)7
Serializable (java.io.Serializable)5
List (java.util.List)5
Map (java.util.Map)5
Set (java.util.Set)5
AccessPermissionImpl (org.alfresco.repo.security.permissions.impl.AccessPermissionImpl)5
AccessStatus (org.alfresco.service.cmr.security.AccessStatus)5
QName (org.alfresco.service.namespace.QName)5
LinkedHashSet (java.util.LinkedHashSet)4
AccessDeniedException (org.alfresco.repo.security.permissions.AccessDeniedException)4
FacesContext (javax.faces.context.FacesContext)3
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)3
FilterPropString (org.alfresco.repo.node.getchildren.FilterPropString)3
PermissionReference (org.alfresco.repo.security.permissions.PermissionReference)3
