Example 1 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class CapabilitiesGet method executeImpl.
/**
* @see org.alfresco.repo.web.scripts.content.StreamContent#executeImpl(org.springframework.extensions.webscripts.WebScriptRequest, org.springframework.extensions.webscripts.Status, org.springframework.extensions.webscripts.Cache)
*/
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache) {
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
String storeType = templateVars.get("store_type");
String storeId = templateVars.get("store_id");
String nodeId = templateVars.get("id");
NodeRef nodeRef = null;
if (StringUtils.isNotBlank(storeType) && StringUtils.isNotBlank(storeId) && StringUtils.isNotBlank(nodeId)) {
nodeRef = new NodeRef(new StoreRef(storeType, storeId), nodeId);
} else {
// we are talking about the file plan node
// TODO we are making the assumption there is only one file plan here!
nodeRef = filePlanService.getFilePlanBySiteId(FilePlanService.DEFAULT_RM_SITE_ID);
if (nodeRef == null) {
throw new WebScriptException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "The default file plan node could not be found.");
}
}
boolean grouped = false;
String groupedString = req.getParameter("grouped");
if (StringUtils.isNotBlank(groupedString)) {
grouped = Boolean.parseBoolean(groupedString);
}
Map<String, Object> model = new TreeMap<String, Object>();
if (grouped) {
// Construct the map which is needed to build the model
Map<String, GroupedCapabilities> groupedCapabilitiesMap = new TreeMap<String, GroupedCapabilities>();
List<Group> groups = capabilityService.getGroups();
for (Group group : groups) {
String capabilityGroupTitle = group.getTitle();
if (StringUtils.isNotBlank(capabilityGroupTitle)) {
String capabilityGroupId = group.getId();
List<Capability> capabilities = capabilityService.getCapabilitiesByGroupId(capabilityGroupId);
for (Capability capability : capabilities) {
String capabilityName = capability.getName();
String capabilityTitle = capability.getTitle();
if (groupedCapabilitiesMap.containsKey(capabilityGroupId)) {
groupedCapabilitiesMap.get(capabilityGroupId).addCapability(capabilityName, capabilityTitle);
} else {
GroupedCapabilities groupedCapabilities = new GroupedCapabilities(capabilityGroupId, capabilityGroupTitle, capabilityName, capabilityTitle);
groupedCapabilities.addCapability(capabilityName, capabilityTitle);
groupedCapabilitiesMap.put(capabilityGroupId, groupedCapabilities);
}
}
}
}
model.put("groupedCapabilities", groupedCapabilitiesMap);
} else {
boolean includePrivate = false;
String includePrivateString = req.getParameter("includeAll");
if (StringUtils.isNotBlank(includePrivateString)) {
includePrivate = Boolean.parseBoolean(includePrivateString);
}
Map<Capability, AccessStatus> map = capabilityService.getCapabilitiesAccessState(nodeRef, includePrivate);
List<String> list = new ArrayList<String>(map.size());
for (Map.Entry<Capability, AccessStatus> entry : map.entrySet()) {
AccessStatus accessStatus = entry.getValue();
if (!AccessStatus.DENIED.equals(accessStatus)) {
Capability capability = entry.getKey();
list.add(capability.getName());
}
}
model.put("capabilities", list);
}
return model;
}
Also used :
StoreRef(org.alfresco.service.cmr.repository.StoreRef)
Group(org.alfresco.module.org_alfresco_module_rm.capability.Group)
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
ArrayList(java.util.ArrayList)
TreeMap(java.util.TreeMap)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
WebScriptException(org.springframework.extensions.webscripts.WebScriptException)
TreeMap(java.util.TreeMap)
Map(java.util.Map)
Example 2 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class RmSiteType method beforeDeleteNode.
/**
* @see org.alfresco.repo.node.NodeServicePolicies.BeforeDeleteNodePolicy#beforeDeleteNode(org.alfresco.service.cmr.repository.NodeRef)
*/
@Behaviour(kind = BehaviourKind.CLASS, notificationFrequency = NotificationFrequency.FIRST_EVENT)
public void beforeDeleteNode(NodeRef nodeRef) {
final SiteInfo siteInfo = siteService.getSite(nodeRef);
if (siteInfo != null) {
// grab the file plan for the RM site
NodeRef filePlan = AuthenticationUtil.runAsSystem(new RunAsWork<NodeRef>() {
@Override
public NodeRef doWork() {
return siteService.getContainer(siteInfo.getShortName(), COMPONENT_DOCUMENT_LIBRARY);
}
});
if (filePlan != null) {
// determine whether the current user has delete capability on the file plan node
AccessStatus accessStatus = capabilityService.getCapabilityAccessState(filePlan, "Delete");
if (AccessStatus.DENIED.equals(accessStatus)) {
throw new AlfrescoRuntimeException("The records management site can not be deleted, because the user doesn't have sufficient privillages to delete the file plan.");
}
// work around for MNT-11038 .. we want to ensure that the RM site can be created once it's been deleted since we only
// allow one short name for the RM site
AuthenticationUtil.runAsSystem(new RunAsWork<Void>() {
@Override
public Void doWork() {
// delete the authority
String siteGroup = siteService.getSiteGroup(siteInfo.getShortName());
authorityService.deleteAuthority(siteGroup, true);
return null;
}
});
filePlanType.disable();
}
}
}
Also used :
SiteInfo(org.alfresco.service.cmr.site.SiteInfo)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AlfrescoRuntimeException(org.alfresco.error.AlfrescoRuntimeException)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Behaviour(org.alfresco.repo.policy.annotation.Behaviour)
Example 3 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class ScriptRecordsManagmentNode method hasCapability.
public boolean hasCapability(String capabilityName) {
boolean result = false;
CapabilityService capabilityService = (CapabilityService) rmServices.getCapabilityService();
Capability capability = capabilityService.getCapability(capabilityName);
if (capability != null) {
Map<Capability, AccessStatus> map = capabilityService.getCapabilitiesAccessState(nodeRef, Collections.singletonList(capabilityName));
if (map.containsKey(capability)) {
AccessStatus accessStatus = map.get(capability);
if (!accessStatus.equals(AccessStatus.DENIED)) {
result = true;
}
}
}
return result;
}
Also used :
CapabilityService(org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService)
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Example 4 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class ExtendedPermissionServiceImplUnitTest method preProcessorDoesNotDeny.
/**
* Given a permission pre-processor has been registered
* And does not DENY
* When hasPermission is called
* Then the pre-processor is executed
* And the ACL's are evaluated as normal
*/
@Test
public void preProcessorDoesNotDeny() {
NodeRef nodeRef = generateCmContent("anyname");
String perm = AlfMock.generateText();
when(mockedPermissionProcessorRegistry.getPermissionPreProcessors()).thenReturn(asList(mockedPermissionPreProcessor));
when(mockedPermissionPreProcessor.process(nodeRef, perm)).thenReturn(AccessStatus.UNDETERMINED);
AccessStatus result = extendedPermissionServiceImpl.hasPermission(nodeRef, perm);
assertEquals(AccessStatus.UNDETERMINED, result);
verify(mockedPermissionPreProcessor).process(nodeRef, perm);
verify(extendedPermissionServiceImpl).hasPermissionImpl(nodeRef, perm);
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
BaseUnitTest(org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest)
Test(org.junit.Test)
Example 5 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class ExtendedPermissionServiceImplUnitTest method postProcessorRegistered.
/**
* Given a permission post-processor has been registered
* When hasPermission is called
* Then the permission post-processor is called
*/
@Test
public void postProcessorRegistered() {
NodeRef nodeRef = generateCmContent("anyname");
String perm = AlfMock.generateText();
List<String> configuredReadPermissions = asList("ReadProperties", "ReadChildren");
List<String> configuredFilePermissions = asList("WriteProperties", "AddChildren");
extendedPermissionServiceImpl.setConfiguredReadPermissions("ReadProperties,ReadChildren");
extendedPermissionServiceImpl.setConfiguredFilePermissions("WriteProperties,AddChildren");
when(mockedPermissionProcessorRegistry.getPermissionPostProcessors()).thenReturn(asList(mockedPermissionPostProcessor));
when(mockedPermissionPostProcessor.process(AccessStatus.UNDETERMINED, nodeRef, perm, configuredReadPermissions, configuredFilePermissions)).thenReturn(AccessStatus.ALLOWED);
AccessStatus result = extendedPermissionServiceImpl.hasPermission(nodeRef, perm);
assertEquals(AccessStatus.ALLOWED, result);
verify(mockedPermissionPostProcessor).process(AccessStatus.UNDETERMINED, nodeRef, perm, configuredReadPermissions, configuredFilePermissions);
verify(extendedPermissionServiceImpl).hasPermissionImpl(nodeRef, perm);
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
BaseUnitTest(org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest)
Test(org.junit.Test)
Aggregations
AccessStatus (org.alfresco.service.cmr.security.AccessStatus)21
NodeRef (org.alfresco.service.cmr.repository.NodeRef)12
Test (org.junit.Test)6
ArrayList (java.util.ArrayList)5
HashMap (java.util.HashMap)4
Capability (org.alfresco.module.org_alfresco_module_rm.capability.Capability)4
AccessPermission (org.alfresco.service.cmr.security.AccessPermission)4
BaseUnitTest (org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest)3
Date (java.util.Date)2
HashSet (java.util.HashSet)2
Map (java.util.Map)2
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)2
CalendarEntry (org.alfresco.service.cmr.calendar.CalendarEntry)2
SiteInfo (org.alfresco.service.cmr.site.SiteInfo)2
QName (org.alfresco.service.namespace.QName)2
JSONObject (org.json.simple.JSONObject)2
SimpleDateFormat (java.text.SimpleDateFormat)1
LinkedHashSet (java.util.LinkedHashSet)1
ResourceBundle (java.util.ResourceBundle)1
TreeMap (java.util.TreeMap)1
