Package org.alfresco.repo.security.permissions.impl

Class ExtendedPermissionServiceImpl

java.lang.Object

org.springframework.extensions.surf.util.AbstractLifecycleBean

org.alfresco.repo.security.permissions.impl.PermissionServiceImpl

org.alfresco.repo.security.permissions.impl.ExtendedPermissionServiceImpl

All Implemented Interfaces:

EventListener, ExtendedPermissionService, PermissionServiceSPI, PermissionService, Extensible, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.context.ApplicationListener

public class ExtendedPermissionServiceImpl
extends PermissionServiceImpl
implements ExtendedPermissionService

Extends the core permission service implementation allowing the consideration of the read records permission.

This is required for SOLR support.

Author:

Roy Wetherall

Nested Class Summary

Nested classes/interfaces inherited from class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl

PermissionServiceImpl.AclTest, PermissionServiceImpl.MutableBoolean, PermissionServiceImpl.NodeTest, PermissionServiceImpl.UnconditionalAclTest, PermissionServiceImpl.UnconditionalDeniedAclTest

Field Summary

Fields

Modifier and Type	Field	Description
protected List<String>	configuredFilePermissions	Configured Permission mapping.
protected List<String>	configuredReadPermissions	Configured Permission mapping.
protected SimpleCache<Serializable,Set<String>>	writersCache	Writers simple cache

Fields inherited from class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl

accessCache, aclDaoComponent, allPermissionReference, anyDenyDenies, authorityService, dictionaryService, dynamicAuthorities, fixedAclUpdater, modelDAO, nodeService, ownableService, permissionsDaoComponent, policyComponent, readersCache, readersDeniedCache, tenantService

Fields inherited from interface org.alfresco.service.cmr.security.PermissionService

ADD_CHILDREN, ADMINISTRATOR_AUTHORITY, ALL_AUTHORITIES, ALL_PERMISSIONS, ASPECTS, CANCEL_CHECK_OUT, CHANGE_PERMISSIONS, CHECK_IN, CHECK_OUT, CONSUMER, CONTRIBUTOR, COORDINATOR, CREATE_ASSOCIATIONS, CREATE_CHILDREN, DELETE, DELETE_ASSOCIATIONS, DELETE_CHILDREN, DELETE_NODE, EDITOR, EXECUTE, EXECUTE_CONTENT, FULL_CONTROL, GROUP_PREFIX, GUEST_AUTHORITY, LINK_CHILDREN, LOCK, LOCK_OWNER_AUTHORITY, OWNER_AUTHORITY, PROPERTIES, READ, READ_ASSOCIATIONS, READ_CHILDREN, READ_CONTENT, READ_PERMISSIONS, READ_PROPERTIES, ROLE_PREFIX, SET_OWNER, TAKE_OWNERSHIP, UNLOCK, WRITE, WRITE_CONTENT, WRITE_PROPERTIES

Constructor Summary

Constructors

Constructor	Description
ExtendedPermissionServiceImpl()

Method Summary

Modifier and Type	Method	Description
protected AccessStatus	canRead(Long aclId)
FilePlanService	getFilePlanService()	Gets the file plan service
Set<String>	getReaders(Long aclId)
Pair<Set<String>,Set<String>>	getReadersAndWriters(NodeRef nodeRef)	Get the readers and writers for a given node.
Set<String>	getReadersDenied(Long aclId)	Override with check for RM read
Set<String>	getWriters(Long aclId)	Get a set of all the authorities that have write access.
AccessStatus	hasPermission(NodeRef nodeRef, String perm)	Override to deal with the possibility of hard coded permission checks in core code.
protected AccessStatus	hasPermissionImpl(NodeRef nodeRef, String perm)	Implementation of hasPermission method call.
void	init()	Register the audit events.
protected void	onBootstrap(org.springframework.context.ApplicationEvent event)
void	setAnyDenyDenies(boolean anyDenyDenies)
void	setConfiguredFilePermissions(String fileMapping)	Maps the string set in the properties file (rm.haspermissionmap.write) to the list used in the hasPermission method
void	setConfiguredReadPermissions(String readMapping)	Maps the string from the properties file (rm.haspermissionmap.read) to the list used in the hasPermission method
void	setFilePlanService(FilePlanService filePlanService)	Sets the file plan service
void	setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
void	setPermissionProcessorRegistry(PermissionProcessorRegistry permissionProcessorRegistry)	Sets the permission processor registry
void	setRecordsManagementAuditService(RecordsManagementAuditService recordsManagementAuditService)	Set the RM audit service.
void	setWritersCache(SimpleCache<Serializable,Set<String>> writersCache)

Methods inherited from class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl

adminRead, beforeDeleteChildAssociation, clearPermission, clearPermission, convertVersionNodeRefToVersionedNodeRef, deletePermission, deletePermission, deletePermission, deletePermission, deletePermission, deletePermissions, deletePermissions, deletePermissions, deletePermissions, explainPermission, getAllAuthorities, getAllPermission, getAllPermissionReference, getAllPermissionsImpl, getAllSetPermissions, getAllSetPermissions, getAnyDenyDenies, getAuthorisations, getAuthorisations, getAuthorisations, getCoreAuthorisations, getDynamicAuthorities, getDynamicAuthorities, getInheritParentPermissions, getOwnerAuthority, getPermission, getPermissionReference, getPermissionReference, getPermissions, getSetPermissions, getSetPermissions, getSettablePermissionReferences, getSettablePermissionReferences, getSettablePermissions, getSettablePermissions, getTrait, hasPermission, hasPermission, hasPermission, hasReadPermission, isVersionNodeRef, onCreateChildAssociation, onMoveNode, onShutdown, ownerRead, setAccessCache, setAclDAO, setAuthorityService, setDictionaryService, setDynamicAuthorities, setFixedAclUpdater, setInheritParentPermissions, setModelDAO, setNodeService, setOwnableService, setPermission, setPermission, setPermission, setPermission, setPermission, setPermission, setPermissionsDaoComponent, setPolicyComponent, setPolicyIgnoreUtil, setReadersCache, setReadersDeniedCache, setTenantService

Methods inherited from class org.springframework.extensions.surf.util.AbstractLifecycleBean

getApplicationContext, onApplicationEvent, setApplicationContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.alfresco.service.cmr.security.PermissionService

clearPermission, clearPermission, deletePermission, deletePermission, deletePermissions, deletePermissions, getAllAuthorities, getAllPermission, getAllSetPermissions, getAllSetPermissions, getAuthorisations, getInheritParentPermissions, getOwnerAuthority, getPermissions, getSettablePermissions, getSettablePermissions, hasPermission, hasReadPermission, setInheritParentPermissions, setPermission, setPermission

Field Details

writersCache

protected SimpleCache<Serializable,Set<String>> writersCache

Writers simple cache

configuredReadPermissions

protected List<String> configuredReadPermissions

Configured Permission mapping.

This string comes from alfresco-global.properties and allows fine tuning of the how permissions are mapped. This was added as a fix for MNT-16852 to enhance compatibility with our Outlook Integration.

configuredFilePermissions

protected List<String> configuredFilePermissions

Configured Permission mapping.

This string also comes from alfresco-global.properties.

Constructor Details

ExtendedPermissionServiceImpl

public ExtendedPermissionServiceImpl()

Method Details

init

public void init()

Register the audit events.

Overrides:

init in class PermissionServiceImpl

getFilePlanService

public FilePlanService getFilePlanService()

Gets the file plan service

Returns:

the filePlanService

setFilePlanService

public void setFilePlanService(FilePlanService filePlanService)

Sets the file plan service

Parameters:

filePlanService - the filePlanService to set

setPermissionProcessorRegistry

public void setPermissionProcessorRegistry(PermissionProcessorRegistry permissionProcessorRegistry)

Sets the permission processor registry

Parameters:

permissionProcessorRegistry - the permissions processor registry

setRecordsManagementAuditService

public void setRecordsManagementAuditService(RecordsManagementAuditService recordsManagementAuditService)

Set the RM audit service.

Parameters:

recordsManagementAuditService - The RM audit service.

setAnyDenyDenies

public void setAnyDenyDenies(boolean anyDenyDenies)

Overrides:

setAnyDenyDenies in class PermissionServiceImpl

See Also:

• PermissionServiceImpl.setAnyDenyDenies(boolean)

setWritersCache

public void setWritersCache(SimpleCache<Serializable,Set<String>> writersCache)

Parameters:

writersCache - the writersCache to set

setConfiguredReadPermissions

public void setConfiguredReadPermissions(String readMapping)

Maps the string from the properties file (rm.haspermissionmap.read) to the list used in the hasPermission method

Parameters:

readMapping - the mapping of permissions to ReadRecord

setConfiguredFilePermissions

public void setConfiguredFilePermissions(String fileMapping)

Maps the string set in the properties file (rm.haspermissionmap.write) to the list used in the hasPermission method

Parameters:

fileMapping - the mapping of permissions to FileRecord

onBootstrap

protected void onBootstrap(org.springframework.context.ApplicationEvent event)

Overrides:

onBootstrap in class PermissionServiceImpl

See Also:

• PermissionServiceImpl.onBootstrap(org.springframework.context.ApplicationEvent)

hasPermission

public AccessStatus hasPermission(NodeRef nodeRef,
 String perm)

Override to deal with the possibility of hard coded permission checks in core code. Note: Eventually we need to merge the RM permission model into the core to make this more robust.

Specified by:

hasPermission in interface PermissionService

Overrides:

hasPermission in class PermissionServiceImpl

See Also:

• PermissionService.hasPermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)

hasPermissionImpl

protected AccessStatus hasPermissionImpl(NodeRef nodeRef,
 String perm)

Implementation of hasPermission method call.

Separation also convenient for unit testing.

Parameters:

nodeRef - node reference

perm - permission

Returns:

AccessStatus access status result

canRead

protected AccessStatus canRead(Long aclId)

Overrides:

canRead in class PermissionServiceImpl

See Also:

• PermissionServiceImpl.canRead(java.lang.Long)

getReaders

public Set<String> getReaders(Long aclId)

Specified by:

getReaders in interface PermissionService

Overrides:

getReaders in class PermissionServiceImpl

See Also:

• PermissionServiceImpl.getReaders(java.lang.Long)

getReadersDenied

public Set<String> getReadersDenied(Long aclId)

Override with check for RM read

Specified by:

getReadersDenied in interface PermissionService

Overrides:

getReadersDenied in class PermissionServiceImpl

Parameters:

aclId -

Returns:

getWriters

public Set<String> getWriters(Long aclId)

Description copied from interface: ExtendedPermissionService

Get a set of all the authorities that have write access.

Specified by:

getWriters in interface ExtendedPermissionService

Parameters:

aclId - acl id

Returns:

Set<String> set of authorities with write access

See Also:

• ExtendedPermissionService.getWriters(java.lang.Long)

setInheritParentPermissions

public void setInheritParentPermissions(NodeRef nodeRef,
 boolean inheritParentPermissions)

Specified by:

setInheritParentPermissions in interface PermissionService

Overrides:

setInheritParentPermissions in class PermissionServiceImpl

See Also:

• PermissionServiceImpl.setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef, boolean)

getReadersAndWriters

public Pair<Set<String>,Set<String>> getReadersAndWriters(NodeRef nodeRef)

Description copied from interface: ExtendedPermissionService

Get the readers and writers for a given node.

The writers list includes the owner for the node.

Specified by:

getReadersAndWriters in interface ExtendedPermissionService

Parameters:

nodeRef - node reference

Returns:

Pair<Set<String>, Set<String>> first is a set containing all the authorities that have read permission on the document and second is a set containing all the authorities that have write permission on the document, including the owner.

See Also:

• ExtendedPermissionService.getReadersAndWriters(org.alfresco.service.cmr.repository.NodeRef)