Class ModelSecurityServiceImpl
java.lang.Object
org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl
org.alfresco.module.org_alfresco_module_rm.model.BaseBehaviourBean
org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityServiceImpl
- All Implemented Interfaces:
RecordsManagementCustomModel
,RecordsManagementModel
,ModelSecurityService
,NodeServicePolicies.BeforeAddAspectPolicy
,NodeServicePolicies.BeforeRemoveAspectPolicy
,NodeServicePolicies.OnUpdatePropertiesPolicy
,BehaviourRegistry
,ClassPolicy
,Policy
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationContextAware
public class ModelSecurityServiceImpl
extends BaseBehaviourBean
implements ModelSecurityService, NodeServicePolicies.BeforeAddAspectPolicy, NodeServicePolicies.BeforeRemoveAspectPolicy, NodeServicePolicies.OnUpdatePropertiesPolicy
Model security service implementation.
This service records the protected properties and aspects, ensuring that only those with the appropriate capabilities can edit them.
- Since:
- 2.1
- Author:
- Roy Wetherall
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.alfresco.repo.policy.Policy
Policy.Arg
-
Field Summary
Fields inherited from class org.alfresco.module.org_alfresco_module_rm.model.BaseBehaviourBean
behaviourFilter, behaviours, LOGGER, MULTIPLE_CHILDREN_TYPE_ERROR, UNIQUE_CHILD_TYPE_ERROR
Fields inherited from class org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl
applicationContext, authenticationUtil, contentService, dictionaryService, nodeService, nodeTypeUtility, renditionService, transactionalResourceHelper
Fields inherited from interface org.alfresco.repo.node.NodeServicePolicies.BeforeAddAspectPolicy
QNAME
Fields inherited from interface org.alfresco.repo.node.NodeServicePolicies.BeforeRemoveAspectPolicy
QNAME
Fields inherited from interface org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy
ARG_0, ARG_1, ARG_2, QNAME
Fields inherited from interface org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel
ASPECT_CUSTOM_ASSOCIATIONS, ASPECT_SUPPLEMENTAL_MARKING_LIST, CONSTRAINT_CUSTOM_SMLIST, CUSTOM_REF_CROSSREFERENCE, CUSTOM_REF_OBSOLETES, CUSTOM_REF_RENDITION, CUSTOM_REF_SUPERSEDES, CUSTOM_REF_SUPPORTS, CUSTOM_REF_VERSIONS, PROP_SUPPLEMENTAL_MARKING_LIST, RM_CUSTOM_MODEL, RM_CUSTOM_PREFIX, RM_CUSTOM_URI
Fields inherited from interface org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel
ASPECT_ARCHIVED, ASPECT_ASCENDED, ASPECT_CAVEAT_CONFIG_ROOT, ASPECT_COMMON_RECORD_DETAILS, ASPECT_COUNTABLE, ASPECT_CUSTOM_RM_DATA, ASPECT_CUT_OFF, ASPECT_DECLARED_RECORD, ASPECT_DISPOSITION_LIFECYCLE, ASPECT_DISPOSITION_PROCESSED, ASPECT_EMAIL_CONFIG_ROOT, ASPECT_EXTENDED_SECURITY, ASPECT_FILABLE, ASPECT_FILE_PLAN_COMPONENT, ASPECT_FROZEN, ASPECT_GHOSTED, ASPECT_HELD_CHILDREN, ASPECT_LOADED_DATA_SET_ID, ASPECT_RECORD, ASPECT_RECORD_COMPONENT_ID, ASPECT_RECORD_META_DATA, ASPECT_RECORD_ORIGINATING_DETAILS, ASPECT_RECORD_REJECTION_DETAILS, ASPECT_RECORDS_MANAGEMENT_ROOT, ASPECT_RM_SEARCH, ASPECT_SAVED_SEARCH, ASPECT_SCHEDULED, ASPECT_TRANSFERRED, ASPECT_TRANSFERRING, ASPECT_UNCUT_OFF, ASPECT_UNPUBLISHED_UPDATE, ASPECT_VERSIONED_RECORD, ASPECT_VITAL_RECORD, ASPECT_VITAL_RECORD_DEFINITION, ASSOC_CAVEAT_CONFIG, ASSOC_DISPOSITION_ACTION_DEFINITIONS, ASSOC_DISPOSITION_ACTION_HISTORY, ASSOC_DISPOSITION_SCHEDULE, ASSOC_EMAIL_CONFIG, ASSOC_EVENT_EXECUTIONS, ASSOC_FROZEN_CONTENT, ASSOC_FROZEN_RECORDS, ASSOC_HOLDS, ASSOC_NEXT_DISPOSITION_ACTION, ASSOC_TRANSFERRED, ASSOC_TRANSFERS, GL_URI, PROP_COMBINE_DISPOSITION_STEP_CONDITIONS, PROP_COUNT, PROP_CUT_OFF_DATE, PROP_DATE_FILED, PROP_DB_UNIQUENESS_ID, PROP_DECLARED_AT, PROP_DECLARED_BY, PROP_DISPOSITION_ACTION, PROP_DISPOSITION_ACTION_COMPLETED_AT, PROP_DISPOSITION_ACTION_COMPLETED_BY, PROP_DISPOSITION_ACTION_GHOST_ON_DESTROY, PROP_DISPOSITION_ACTION_ID, PROP_DISPOSITION_ACTION_NAME, PROP_DISPOSITION_ACTION_STARTED_AT, PROP_DISPOSITION_ACTION_STARTED_BY, PROP_DISPOSITION_AS_OF, PROP_DISPOSITION_AUTHORITY, PROP_DISPOSITION_DESCRIPTION, PROP_DISPOSITION_EVENT, PROP_DISPOSITION_EVENT_COMBINATION, PROP_DISPOSITION_EVENTS_ELIGIBLE, PROP_DISPOSITION_INSTRUCTIONS, PROP_DISPOSITION_LOCATION, PROP_DISPOSITION_PERIOD, PROP_DISPOSITION_PERIOD_PROPERTY, PROP_EVENT_EXECUTION_AUTOMATIC, PROP_EVENT_EXECUTION_COMPLETE, PROP_EVENT_EXECUTION_COMPLETED_AT, PROP_EVENT_EXECUTION_COMPLETED_BY, PROP_EVENT_EXECUTION_NAME, PROP_FROZEN_AT, PROP_FROZEN_BY, PROP_HELD_CHILDREN_COUNT, PROP_HOLD_REASON, PROP_IDENTIFIER, PROP_IS_CLOSED, PROP_LOADED_DATA_SET_IDS, PROP_LOCATION, PROP_MANUALLY_SET_AS_OF, PROP_ORIGIONAL_NAME, PROP_PUBLISH_IN_PROGRESS, PROP_READERS, PROP_RECORD_LEVEL_DISPOSITION, PROP_RECORD_ORIGINATING_CREATION_DATE, PROP_RECORD_ORIGINATING_LOCATION, PROP_RECORD_ORIGINATING_USER_ID, PROP_RECORD_REJECTION_DATE, PROP_RECORD_REJECTION_REASON, PROP_RECORD_REJECTION_USER_ID, PROP_REVIEW_AS_OF, PROP_REVIEW_PERIOD, PROP_ROOT_NODEREF, PROP_RS_DECLASSIFICATION_REVIEW_COMPLETED_AT, PROP_RS_DECLASSIFICATION_REVIEW_COMPLETED_BY, PROP_RS_DISPOITION_AUTHORITY, PROP_RS_DISPOITION_INSTRUCTIONS, PROP_RS_DISPOSITION_ACTION_AS_OF, PROP_RS_DISPOSITION_ACTION_NAME, PROP_RS_DISPOSITION_EVENTS, PROP_RS_DISPOSITION_EVENTS_ELIGIBLE, PROP_RS_DISPOSITION_PERIOD, PROP_RS_DISPOSITION_PERIOD_EXPRESSION, PROP_RS_HAS_DISPOITION_SCHEDULE, PROP_RS_HOLD_REASON, PROP_RS_VITAL_RECORD_REVIEW_PERIOD, PROP_RS_VITAL_RECORD_REVIEW_PERIOD_EXPRESSION, PROP_TRANSFER_ACCESSION_INDICATOR, PROP_TRANSFER_LOCATION, PROP_TRANSFER_PDF_INDICATOR, PROP_UNPUBLISHED_UPDATE, PROP_UPDATE_TO, PROP_UPDATED_PROPERTIES, PROP_VITAL_RECORD_INDICATOR, PROP_WRITERS, RM_MODEL, RM_PREFIX, RM_URI, TYPE_CAVEAT_CONFIG, TYPE_DISPOSITION_ACTION, TYPE_DISPOSITION_ACTION_DEFINITION, TYPE_DISPOSITION_SCHEDULE, TYPE_EMAIL_CONFIG, TYPE_EVENT_EXECUTION, TYPE_FILE_PLAN, TYPE_HOLD, TYPE_HOLD_CONTAINER, TYPE_NON_ELECTRONIC_DOCUMENT, TYPE_RECORD_CATEGORY, TYPE_RECORD_FOLDER, TYPE_RECORDS_MANAGEMENT_CONTAINER, TYPE_RM_SITE, TYPE_TRANSFER, TYPE_TRANSFER_CONTAINER, TYPE_UNFILED_RECORD_CONTAINER, TYPE_UNFILED_RECORD_FOLDER, UPDATE_TO_DISPOSITION_ACTION_DEFINITION
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
beforeAddAspect
(NodeRef nodeRef, QName aspect) void
beforeRemoveAspect
(NodeRef nodeRef, QName aspect) boolean
canEditProtectedAspect
(NodeRef nodeRef, QName aspect) Indicates whether the current user can edit (ie add or remove) a protected aspect in the context of a given node.boolean
canEditProtectedProperty
(NodeRef nodeRef, QName property) Indicates whether the current user can edit a protected property in the context of a given node.void
disable()
Disable model security checks for the current thread.void
enable()
Enable model security checks for the current thread.getProtectedAspect
(QName name) Get the details of the protected aspect, returns null if aspect is not protected.Get the protected aspects.Get the protected propertiesgetProtectedProperty
(QName name) Get the details of the protected property, returns null if property is not protected.boolean
Indicates whether model security is enabled or not.boolean
isProtectedAspect
(QName aspect) Indicates whether an aspect is protected or not.boolean
isProtectedProperty
(QName property) Indicates whether a property is protected or not.void
onUpdateProperties
(NodeRef nodeRef, Map<QName, Serializable> before, Map<QName, Serializable> after) void
register
(ProtectedModelArtifact artifact) Registers a protected model artifact with the service.void
setEnabled
(boolean enabled) Sets whether model security is enabled globally or not.void
setFilePlanService
(FilePlanService filePlanService) void
setNamespaceService
(NamespaceService namespaceService) Methods inherited from class org.alfresco.module.org_alfresco_module_rm.model.BaseBehaviourBean
getBehaviour, registerBehaviour, setBehaviourFilter, validateNewChildAssociation, validateNewChildAssociationSubTypesIncluded
Methods inherited from class org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl
getFilePlan, getFilePlanComponentKind, getFilePlanComponentKindFromType, getInternalNodeService, getNextCount, getTypeAndApsects, instanceOf, instanceOf, isDeclared, isFilePlan, isFilePlanComponent, isFilePlanContainer, isHold, isRecord, isRecordCategory, isRecordFolder, isTransfer, isUnfiledRecordsContainer, setApplicationContext, setAuthenticationUtil, setContentService, setDictionaryService, setNodeService, setNodeTypeUtility, setRenditionService, setTransactionalResourceHelper
-
Constructor Details
-
ModelSecurityServiceImpl
public ModelSecurityServiceImpl()
-
-
Method Details
-
setEnabled
public void setEnabled(boolean enabled) Description copied from interface:ModelSecurityService
Sets whether model security is enabled globally or not.- Specified by:
setEnabled
in interfaceModelSecurityService
- See Also:
-
isEnabled
public boolean isEnabled()Description copied from interface:ModelSecurityService
Indicates whether model security is enabled or not.- Specified by:
isEnabled
in interfaceModelSecurityService
- Returns:
- See Also:
-
setNamespaceService
- Parameters:
namespaceService
- namespace service
-
setFilePlanService
- Parameters:
filePlanService
- file plan service
-
disable
public void disable()Description copied from interface:ModelSecurityService
Disable model security checks for the current thread.- Specified by:
disable
in interfaceModelSecurityService
- See Also:
-
enable
public void enable()Description copied from interface:ModelSecurityService
Enable model security checks for the current thread.- Specified by:
enable
in interfaceModelSecurityService
- See Also:
-
register
Description copied from interface:ModelSecurityService
Registers a protected model artifact with the service.- Specified by:
register
in interfaceModelSecurityService
- Parameters:
artifact
- protected model artifact- See Also:
-
isProtectedProperty
Description copied from interface:ModelSecurityService
Indicates whether a property is protected or not.- Specified by:
isProtectedProperty
in interfaceModelSecurityService
- Parameters:
property
- name of property- Returns:
- boolean true if property is protected, false otherwise
- See Also:
-
getProtectedProperties
Description copied from interface:ModelSecurityService
Get the protected properties- Specified by:
getProtectedProperties
in interfaceModelSecurityService
- Returns:
Set
<QName
> all the protected properties- See Also:
-
getProtectedProperty
Description copied from interface:ModelSecurityService
Get the details of the protected property, returns null if property is not protected.- Specified by:
getProtectedProperty
in interfaceModelSecurityService
- Parameters:
name
- name of the protected property- Returns:
ProtectedProperty
protected property details, null otherwise- See Also:
-
canEditProtectedProperty
Description copied from interface:ModelSecurityService
Indicates whether the current user can edit a protected property in the context of a given node.If the property is not protected then returns true.
- Specified by:
canEditProtectedProperty
in interfaceModelSecurityService
- Parameters:
nodeRef
- node referenceproperty
- name of the property- Returns:
- boolean true if the current user can edit the protected property or the property is not protected, false otherwise
- See Also:
-
isProtectedAspect
Description copied from interface:ModelSecurityService
Indicates whether an aspect is protected or not.- Specified by:
isProtectedAspect
in interfaceModelSecurityService
- Parameters:
aspect
- aspect name- Returns:
- boolean true if aspect is protected, false otherwise
- See Also:
-
getProtectedAspects
Description copied from interface:ModelSecurityService
Get the protected aspects.- Specified by:
getProtectedAspects
in interfaceModelSecurityService
- Returns:
Set
<QName
> all the protected aspects- See Also:
-
getProtectedAspect
Description copied from interface:ModelSecurityService
Get the details of the protected aspect, returns null if aspect is not protected.- Specified by:
getProtectedAspect
in interfaceModelSecurityService
- Parameters:
name
- name of the aspect- Returns:
ProtectedAspect
protected aspect details, null otherwise- See Also:
-
canEditProtectedAspect
Description copied from interface:ModelSecurityService
Indicates whether the current user can edit (ie add or remove) a protected aspect in the context of a given node.If the aspect is not protected then returns true.
- Specified by:
canEditProtectedAspect
in interfaceModelSecurityService
- Parameters:
nodeRef
- node referenceaspect
- name of the of aspect- Returns:
- boolean true if the current user can edit the protected aspect or the the aspect is not protected, false otherwise
- See Also:
-
beforeAddAspect
-
beforeRemoveAspect
-
onUpdateProperties
public void onUpdateProperties(NodeRef nodeRef, Map<QName, Serializable> before, Map<QName, Serializable> after)
-