Example 21 with AccessStatus
use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.
the class RecordServiceImpl method isPropertyEditable.
/**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isPropertyEditable(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
*/
@Override
public boolean isPropertyEditable(NodeRef record, QName property) {
ParameterCheck.mandatory("record", record);
ParameterCheck.mandatory("property", property);
if (!isRecord(record)) {
throw new AlfrescoRuntimeException("Cannot check if the property " + property.toString() + " is editable, because node reference is not a record.");
}
NodeRef filePlan = getFilePlan(record);
// DEBUG ...
boolean debugEnabled = LOGGER.isDebugEnabled();
if (debugEnabled) {
LOGGER.debug("Checking whether property " + property.toString() + " is editable for user " + AuthenticationUtil.getRunAsUser());
Set<Role> roles = filePlanRoleService.getRolesByUser(filePlan, AuthenticationUtil.getRunAsUser());
LOGGER.debug(" ... users roles");
for (Role role : roles) {
LOGGER.debug(" ... user has role " + role.getName() + " with capabilities ");
for (Capability cap : role.getCapabilities()) {
LOGGER.debug(" ... " + cap.getName());
}
}
LOGGER.debug(" ... user has the following set permissions on the file plan");
Set<AccessPermission> perms = permissionService.getAllSetPermissions(filePlan);
for (AccessPermission perm : perms) {
if ((perm.getPermission().contains(RMPermissionModel.EDIT_NON_RECORD_METADATA) || perm.getPermission().contains(RMPermissionModel.EDIT_RECORD_METADATA))) {
LOGGER.debug(" ... " + perm.getAuthority() + " - " + perm.getPermission() + " - " + perm.getAccessStatus().toString());
}
}
if (permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_NON_RECORD_METADATA).equals(AccessStatus.ALLOWED)) {
LOGGER.debug(" ... user has the edit non record metadata permission on the file plan");
}
}
// END DEBUG ...
boolean result = alwaysEditProperty(property);
if (result) {
LOGGER.debug(" ... property marked as always editable.");
} else {
boolean allowRecordEdit = false;
boolean allowNonRecordEdit = false;
AccessStatus accessNonRecord = capabilityService.getCapabilityAccessState(record, RMPermissionModel.EDIT_NON_RECORD_METADATA);
AccessStatus accessDeclaredRecord = capabilityService.getCapabilityAccessState(record, RMPermissionModel.EDIT_DECLARED_RECORD_METADATA);
AccessStatus accessRecord = capabilityService.getCapabilityAccessState(record, RMPermissionModel.EDIT_RECORD_METADATA);
if (AccessStatus.ALLOWED.equals(accessNonRecord)) {
LOGGER.debug(" ... user has edit nonrecord metadata capability");
allowNonRecordEdit = true;
}
if (AccessStatus.ALLOWED.equals(accessRecord) || AccessStatus.ALLOWED.equals(accessDeclaredRecord)) {
LOGGER.debug(" ... user has edit record or declared metadata capability");
allowRecordEdit = true;
}
if (allowNonRecordEdit && allowRecordEdit) {
LOGGER.debug(" ... so all properties can be edited.");
result = true;
} else if (allowNonRecordEdit && !allowRecordEdit) {
// can only edit non record properties
if (!isRecordMetadata(filePlan, property)) {
LOGGER.debug(" ... property is not considered record metadata so editable.");
result = true;
} else {
LOGGER.debug(" ... property is considered record metadata so not editable.");
}
} else if (!allowNonRecordEdit && allowRecordEdit) {
// can only edit record properties
if (isRecordMetadata(filePlan, property)) {
LOGGER.debug(" ... property is considered record metadata so editable.");
result = true;
} else {
LOGGER.debug(" ... property is not considered record metadata so not editable.");
}
}
// otherwise we can't edit any properties so just return the empty set
}
return result;
}
Also used :
Role(org.alfresco.module.org_alfresco_module_rm.role.Role)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
Capability(org.alfresco.module.org_alfresco_module_rm.capability.Capability)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
AlfrescoRuntimeException(org.alfresco.error.AlfrescoRuntimeException)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Aggregations
AccessStatus (org.alfresco.service.cmr.security.AccessStatus)21
NodeRef (org.alfresco.service.cmr.repository.NodeRef)13
Test (org.junit.Test)6
ArrayList (java.util.ArrayList)5
HashMap (java.util.HashMap)5
Capability (org.alfresco.module.org_alfresco_module_rm.capability.Capability)4
AccessPermission (org.alfresco.service.cmr.security.AccessPermission)4
BaseUnitTest (org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest)3
QName (org.alfresco.service.namespace.QName)3
Date (java.util.Date)2
HashSet (java.util.HashSet)2
Map (java.util.Map)2
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)2
CalendarEntry (org.alfresco.service.cmr.calendar.CalendarEntry)2
SiteInfo (org.alfresco.service.cmr.site.SiteInfo)2
JSONObject (org.json.simple.JSONObject)2
Serializable (java.io.Serializable)1
SimpleDateFormat (java.text.SimpleDateFormat)1
LinkedHashSet (java.util.LinkedHashSet)1
ResourceBundle (java.util.ResourceBundle)1
