Class ExtendedPermissionServiceImpl

  • All Implemented Interfaces:
    EventListener, ExtendedPermissionService, org.alfresco.repo.security.permissions.PermissionServiceSPI, org.alfresco.service.cmr.security.PermissionService, org.alfresco.traitextender.Extensible, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.context.ApplicationListener

    public class ExtendedPermissionServiceImpl
    extends org.alfresco.repo.security.permissions.impl.PermissionServiceImpl
    implements ExtendedPermissionService
    Extends the core permission service implementation allowing the consideration of the read records permission.

    This is required for SOLR support.

    Author:
    Roy Wetherall
    • Nested Class Summary

      • Nested classes/interfaces inherited from class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl

        org.alfresco.repo.security.permissions.impl.PermissionServiceImpl.AclTest, org.alfresco.repo.security.permissions.impl.PermissionServiceImpl.MutableBoolean, org.alfresco.repo.security.permissions.impl.PermissionServiceImpl.NodeTest, org.alfresco.repo.security.permissions.impl.PermissionServiceImpl.UnconditionalAclTest, org.alfresco.repo.security.permissions.impl.PermissionServiceImpl.UnconditionalDeniedAclTest
    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected List<String> configuredFilePermissions
      Configured Permission mapping.
      protected List<String> configuredReadPermissions
      Configured Permission mapping.
      protected org.alfresco.repo.cache.SimpleCache<Serializable,​Set<String>> writersCache
      Writers simple cache
      • Fields inherited from class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl

        accessCache, aclDaoComponent, allPermissionReference, anyDenyDenies, authorityService, dictionaryService, dynamicAuthorities, fixedAclUpdater, modelDAO, nodeService, ownableService, permissionsDaoComponent, policyComponent, readersCache, readersDeniedCache, tenantService
      • Fields inherited from interface org.alfresco.service.cmr.security.PermissionService

        ADD_CHILDREN, ADMINISTRATOR_AUTHORITY, ALL_AUTHORITIES, ALL_PERMISSIONS, ASPECTS, CANCEL_CHECK_OUT, CHANGE_PERMISSIONS, CHECK_IN, CHECK_OUT, CONSUMER, CONTRIBUTOR, COORDINATOR, CREATE_ASSOCIATIONS, CREATE_CHILDREN, DELETE, DELETE_ASSOCIATIONS, DELETE_CHILDREN, DELETE_NODE, EDITOR, EXECUTE, EXECUTE_CONTENT, FULL_CONTROL, GROUP_PREFIX, GUEST_AUTHORITY, LINK_CHILDREN, LOCK, LOCK_OWNER_AUTHORITY, OWNER_AUTHORITY, PROPERTIES, READ, READ_ASSOCIATIONS, READ_CHILDREN, READ_CONTENT, READ_PERMISSIONS, READ_PROPERTIES, ROLE_PREFIX, SET_OWNER, TAKE_OWNERSHIP, UNLOCK, WRITE, WRITE_CONTENT, WRITE_PROPERTIES
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected org.alfresco.service.cmr.security.AccessStatus canRead​(Long aclId)  
      FilePlanService getFilePlanService()
      Gets the file plan service
      Set<String> getReaders​(Long aclId)  
      org.alfresco.util.Pair<Set<String>,​Set<String>> getReadersAndWriters​(org.alfresco.service.cmr.repository.NodeRef nodeRef)
      Get the readers and writers for a given node.
      Set<String> getReadersDenied​(Long aclId)
      Override with check for RM read
      Set<String> getWriters​(Long aclId)
      Get a set of all the authorities that have write access.
      org.alfresco.service.cmr.security.AccessStatus hasPermission​(org.alfresco.service.cmr.repository.NodeRef nodeRef, String perm)
      Override to deal with the possibility of hard coded permission checks in core code.
      protected org.alfresco.service.cmr.security.AccessStatus hasPermissionImpl​(org.alfresco.service.cmr.repository.NodeRef nodeRef, String perm)
      Implementation of hasPermission method call.
      void init()
      Register the audit events.
      protected void onBootstrap​(org.springframework.context.ApplicationEvent event)  
      void setAnyDenyDenies​(boolean anyDenyDenies)  
      void setConfiguredFilePermissions​(String fileMapping)
      Maps the string set in the properties file (rm.haspermissionmap.write) to the list used in the hasPermission method
      void setConfiguredReadPermissions​(String readMapping)
      Maps the string from the properties file (rm.haspermissionmap.read) to the list used in the hasPermission method
      void setFilePlanService​(FilePlanService filePlanService)
      Sets the file plan service
      void setInheritParentPermissions​(org.alfresco.service.cmr.repository.NodeRef nodeRef, boolean inheritParentPermissions)  
      void setPermissionProcessorRegistry​(PermissionProcessorRegistry permissionProcessorRegistry)
      Sets the permission processor registry
      void setRecordsManagementAuditService​(RecordsManagementAuditService recordsManagementAuditService)
      Set the RM audit service.
      void setWritersCache​(org.alfresco.repo.cache.SimpleCache<Serializable,​Set<String>> writersCache)  
      • Methods inherited from class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl

        adminRead, beforeDeleteChildAssociation, clearPermission, clearPermission, convertVersionNodeRefToVersionedNodeRef, deletePermission, deletePermission, deletePermission, deletePermission, deletePermission, deletePermissions, deletePermissions, deletePermissions, deletePermissions, explainPermission, getAllAuthorities, getAllPermission, getAllPermissionReference, getAllPermissionsImpl, getAllSetPermissions, getAllSetPermissions, getAnyDenyDenies, getAuthorisations, getAuthorisations, getAuthorisations, getCoreAuthorisations, getDynamicAuthorities, getDynamicAuthorities, getInheritParentPermissions, getOwnerAuthority, getPermission, getPermissionReference, getPermissionReference, getPermissions, getSetPermissions, getSetPermissions, getSettablePermissionReferences, getSettablePermissionReferences, getSettablePermissions, getSettablePermissions, getTrait, hasPermission, hasPermission, hasPermission, hasReadPermission, isVersionNodeRef, onCreateChildAssociation, onMoveNode, onShutdown, ownerRead, setAccessCache, setAclDAO, setAuthorityService, setDictionaryService, setDynamicAuthorities, setFixedAclUpdater, setInheritParentPermissions, setModelDAO, setNodeService, setOwnableService, setPermission, setPermission, setPermission, setPermission, setPermission, setPermission, setPermissionsDaoComponent, setPolicyComponent, setPolicyIgnoreUtil, setReadersCache, setReadersDeniedCache, setTenantService
      • Methods inherited from class org.springframework.extensions.surf.util.AbstractLifecycleBean

        getApplicationContext, onApplicationEvent, setApplicationContext
      • Methods inherited from interface org.alfresco.service.cmr.security.PermissionService

        clearPermission, clearPermission, deletePermission, deletePermission, deletePermissions, deletePermissions, getAllAuthorities, getAllPermission, getAllSetPermissions, getAllSetPermissions, getAuthorisations, getInheritParentPermissions, getOwnerAuthority, getPermissions, getSettablePermissions, getSettablePermissions, hasPermission, hasReadPermission, setInheritParentPermissions, setPermission, setPermission
    • Field Detail

      • writersCache

        protected org.alfresco.repo.cache.SimpleCache<Serializable,​Set<String>> writersCache
        Writers simple cache
      • configuredReadPermissions

        protected List<String> configuredReadPermissions
        Configured Permission mapping.

        This string comes from alfresco-global.properties and allows fine tuning of the how permissions are mapped. This was added as a fix for MNT-16852 to enhance compatibility with our Outlook Integration.

      • configuredFilePermissions

        protected List<String> configuredFilePermissions
        Configured Permission mapping.

        This string also comes from alfresco-global.properties.

    • Constructor Detail

      • ExtendedPermissionServiceImpl

        public ExtendedPermissionServiceImpl()
    • Method Detail

      • init

        public void init()
        Register the audit events.
        Overrides:
        init in class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl
      • getFilePlanService

        public FilePlanService getFilePlanService()
        Gets the file plan service
        Returns:
        the filePlanService
      • setFilePlanService

        public void setFilePlanService​(FilePlanService filePlanService)
        Sets the file plan service
        Parameters:
        filePlanService - the filePlanService to set
      • setPermissionProcessorRegistry

        public void setPermissionProcessorRegistry​(PermissionProcessorRegistry permissionProcessorRegistry)
        Sets the permission processor registry
        Parameters:
        permissionProcessorRegistry - the permissions processor registry
      • setRecordsManagementAuditService

        public void setRecordsManagementAuditService​(RecordsManagementAuditService recordsManagementAuditService)
        Set the RM audit service.
        Parameters:
        recordsManagementAuditService - The RM audit service.
      • setAnyDenyDenies

        public void setAnyDenyDenies​(boolean anyDenyDenies)
        Overrides:
        setAnyDenyDenies in class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl
        See Also:
        PermissionServiceImpl.setAnyDenyDenies(boolean)
      • setWritersCache

        public void setWritersCache​(org.alfresco.repo.cache.SimpleCache<Serializable,​Set<String>> writersCache)
        Parameters:
        writersCache - the writersCache to set
      • setConfiguredReadPermissions

        public void setConfiguredReadPermissions​(String readMapping)
        Maps the string from the properties file (rm.haspermissionmap.read) to the list used in the hasPermission method
        Parameters:
        readMapping - the mapping of permissions to ReadRecord
      • setConfiguredFilePermissions

        public void setConfiguredFilePermissions​(String fileMapping)
        Maps the string set in the properties file (rm.haspermissionmap.write) to the list used in the hasPermission method
        Parameters:
        fileMapping - the mapping of permissions to FileRecord
      • onBootstrap

        protected void onBootstrap​(org.springframework.context.ApplicationEvent event)
        Overrides:
        onBootstrap in class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl
        See Also:
        PermissionServiceImpl.onBootstrap(org.springframework.context.ApplicationEvent)
      • hasPermission

        public org.alfresco.service.cmr.security.AccessStatus hasPermission​(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                                                            String perm)
        Override to deal with the possibility of hard coded permission checks in core code. Note: Eventually we need to merge the RM permission model into the core to make this more robust.
        Specified by:
        hasPermission in interface org.alfresco.service.cmr.security.PermissionService
        Overrides:
        hasPermission in class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl
        See Also:
        PermissionService.hasPermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
      • hasPermissionImpl

        protected org.alfresco.service.cmr.security.AccessStatus hasPermissionImpl​(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                                                                   String perm)
        Implementation of hasPermission method call.

        Separation also convenient for unit testing.

        Parameters:
        nodeRef - node reference
        perm - permission
        Returns:
        AccessStatus access status result
      • canRead

        protected org.alfresco.service.cmr.security.AccessStatus canRead​(Long aclId)
        Overrides:
        canRead in class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl
        See Also:
        PermissionServiceImpl.canRead(java.lang.Long)
      • getReaders

        public Set<String> getReaders​(Long aclId)
        Specified by:
        getReaders in interface org.alfresco.service.cmr.security.PermissionService
        Overrides:
        getReaders in class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl
        See Also:
        PermissionServiceImpl.getReaders(java.lang.Long)
      • getReadersDenied

        public Set<String> getReadersDenied​(Long aclId)
        Override with check for RM read
        Specified by:
        getReadersDenied in interface org.alfresco.service.cmr.security.PermissionService
        Overrides:
        getReadersDenied in class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl
        Parameters:
        aclId -
        Returns:
      • setInheritParentPermissions

        public void setInheritParentPermissions​(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                                boolean inheritParentPermissions)
        Specified by:
        setInheritParentPermissions in interface org.alfresco.service.cmr.security.PermissionService
        Overrides:
        setInheritParentPermissions in class org.alfresco.repo.security.permissions.impl.PermissionServiceImpl
        See Also:
        PermissionServiceImpl.setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef, boolean)