Package org.alfresco.module.org_alfresco_module_rm.model.security

Class ModelSecurityServiceImpl

java.lang.Object

org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl

org.alfresco.module.org_alfresco_module_rm.model.BaseBehaviourBean

org.alfresco.module.org_alfresco_module_rm.model.security.ModelSecurityServiceImpl

All Implemented Interfaces:

RecordsManagementCustomModel, RecordsManagementModel, ModelSecurityService, NodeServicePolicies.BeforeAddAspectPolicy, NodeServicePolicies.BeforeRemoveAspectPolicy, NodeServicePolicies.OnUpdatePropertiesPolicy, BehaviourRegistry, ClassPolicy, Policy, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware

public class ModelSecurityServiceImpl
extends BaseBehaviourBean
implements ModelSecurityService, NodeServicePolicies.BeforeAddAspectPolicy, NodeServicePolicies.BeforeRemoveAspectPolicy, NodeServicePolicies.OnUpdatePropertiesPolicy

Model security service implementation.

This service records the protected properties and aspects, ensuring that only those with the appropriate capabilities can edit them.

Since:

2.1

Author:

Roy Wetherall

Nested Class Summary

Nested classes/interfaces inherited from interface org.alfresco.repo.policy.Policy

Policy.Arg

Field Summary

Fields inherited from class org.alfresco.module.org_alfresco_module_rm.model.BaseBehaviourBean

behaviourFilter, behaviours, LOGGER, MULTIPLE_CHILDREN_TYPE_ERROR, UNIQUE_CHILD_TYPE_ERROR

Fields inherited from class org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl

applicationContext, authenticationUtil, contentService, dictionaryService, nodeService, nodeTypeUtility, renditionService, transactionalResourceHelper

Fields inherited from interface org.alfresco.repo.node.NodeServicePolicies.BeforeAddAspectPolicy

QNAME

Fields inherited from interface org.alfresco.repo.node.NodeServicePolicies.BeforeRemoveAspectPolicy

QNAME

Fields inherited from interface org.alfresco.repo.node.NodeServicePolicies.OnUpdatePropertiesPolicy

ARG_0, ARG_1, ARG_2, QNAME

Fields inherited from interface org.alfresco.repo.policy.Policy

NAMESPACE

Fields inherited from interface org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementCustomModel

ASPECT_CUSTOM_ASSOCIATIONS, ASPECT_SUPPLEMENTAL_MARKING_LIST, CONSTRAINT_CUSTOM_SMLIST, CUSTOM_REF_CROSSREFERENCE, CUSTOM_REF_OBSOLETES, CUSTOM_REF_RENDITION, CUSTOM_REF_SUPERSEDES, CUSTOM_REF_SUPPORTS, CUSTOM_REF_VERSIONS, PROP_SUPPLEMENTAL_MARKING_LIST, RM_CUSTOM_MODEL, RM_CUSTOM_PREFIX, RM_CUSTOM_URI

Fields inherited from interface org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel

ASPECT_ARCHIVED, ASPECT_ASCENDED, ASPECT_CAVEAT_CONFIG_ROOT, ASPECT_COMMON_RECORD_DETAILS, ASPECT_COUNTABLE, ASPECT_CUSTOM_RM_DATA, ASPECT_CUT_OFF, ASPECT_DECLARED_RECORD, ASPECT_DISPOSITION_LIFECYCLE, ASPECT_DISPOSITION_PROCESSED, ASPECT_EMAIL_CONFIG_ROOT, ASPECT_EXTENDED_SECURITY, ASPECT_FILABLE, ASPECT_FILE_PLAN_COMPONENT, ASPECT_FROZEN, ASPECT_GHOSTED, ASPECT_HELD_CHILDREN, ASPECT_LOADED_DATA_SET_ID, ASPECT_RECORD, ASPECT_RECORD_COMPONENT_ID, ASPECT_RECORD_META_DATA, ASPECT_RECORD_ORIGINATING_DETAILS, ASPECT_RECORD_REJECTION_DETAILS, ASPECT_RECORDS_MANAGEMENT_ROOT, ASPECT_RM_SEARCH, ASPECT_SAVED_SEARCH, ASPECT_SCHEDULED, ASPECT_TRANSFERRED, ASPECT_TRANSFERRING, ASPECT_UNCUT_OFF, ASPECT_UNPUBLISHED_UPDATE, ASPECT_VERSIONED_RECORD, ASPECT_VITAL_RECORD, ASPECT_VITAL_RECORD_DEFINITION, ASSOC_CAVEAT_CONFIG, ASSOC_DISPOSITION_ACTION_DEFINITIONS, ASSOC_DISPOSITION_ACTION_HISTORY, ASSOC_DISPOSITION_SCHEDULE, ASSOC_EMAIL_CONFIG, ASSOC_EVENT_EXECUTIONS, ASSOC_FROZEN_CONTENT, ASSOC_FROZEN_RECORDS, ASSOC_HOLDS, ASSOC_NEXT_DISPOSITION_ACTION, ASSOC_TRANSFERRED, ASSOC_TRANSFERS, GL_URI, PROP_COMBINE_DISPOSITION_STEP_CONDITIONS, PROP_COUNT, PROP_CUT_OFF_DATE, PROP_DATE_FILED, PROP_DB_UNIQUENESS_ID, PROP_DECLARED_AT, PROP_DECLARED_BY, PROP_DISPOSITION_ACTION, PROP_DISPOSITION_ACTION_COMPLETED_AT, PROP_DISPOSITION_ACTION_COMPLETED_BY, PROP_DISPOSITION_ACTION_GHOST_ON_DESTROY, PROP_DISPOSITION_ACTION_ID, PROP_DISPOSITION_ACTION_NAME, PROP_DISPOSITION_ACTION_STARTED_AT, PROP_DISPOSITION_ACTION_STARTED_BY, PROP_DISPOSITION_AS_OF, PROP_DISPOSITION_AUTHORITY, PROP_DISPOSITION_DESCRIPTION, PROP_DISPOSITION_EVENT, PROP_DISPOSITION_EVENT_COMBINATION, PROP_DISPOSITION_EVENTS_ELIGIBLE, PROP_DISPOSITION_INSTRUCTIONS, PROP_DISPOSITION_LOCATION, PROP_DISPOSITION_PERIOD, PROP_DISPOSITION_PERIOD_PROPERTY, PROP_EVENT_EXECUTION_AUTOMATIC, PROP_EVENT_EXECUTION_COMPLETE, PROP_EVENT_EXECUTION_COMPLETED_AT, PROP_EVENT_EXECUTION_COMPLETED_BY, PROP_EVENT_EXECUTION_NAME, PROP_FROZEN_AT, PROP_FROZEN_BY, PROP_HELD_CHILDREN_COUNT, PROP_HOLD_DELETION_REASON, PROP_HOLD_REASON, PROP_IDENTIFIER, PROP_IS_CLOSED, PROP_LOADED_DATA_SET_IDS, PROP_LOCATION, PROP_MANUALLY_SET_AS_OF, PROP_ORIGIONAL_NAME, PROP_PUBLISH_IN_PROGRESS, PROP_READERS, PROP_RECORD_LEVEL_DISPOSITION, PROP_RECORD_ORIGINATING_CREATION_DATE, PROP_RECORD_ORIGINATING_LOCATION, PROP_RECORD_ORIGINATING_USER_ID, PROP_RECORD_REJECTION_DATE, PROP_RECORD_REJECTION_REASON, PROP_RECORD_REJECTION_USER_ID, PROP_REVIEW_AS_OF, PROP_REVIEW_PERIOD, PROP_ROOT_NODEREF, PROP_RS_DECLASSIFICATION_REVIEW_COMPLETED_AT, PROP_RS_DECLASSIFICATION_REVIEW_COMPLETED_BY, PROP_RS_DISPOITION_AUTHORITY, PROP_RS_DISPOITION_INSTRUCTIONS, PROP_RS_DISPOSITION_ACTION_AS_OF, PROP_RS_DISPOSITION_ACTION_NAME, PROP_RS_DISPOSITION_EVENTS, PROP_RS_DISPOSITION_EVENTS_ELIGIBLE, PROP_RS_DISPOSITION_PERIOD, PROP_RS_DISPOSITION_PERIOD_EXPRESSION, PROP_RS_HAS_DISPOITION_SCHEDULE, PROP_RS_HOLD_REASON, PROP_RS_VITAL_RECORD_REVIEW_PERIOD, PROP_RS_VITAL_RECORD_REVIEW_PERIOD_EXPRESSION, PROP_TRANSFER_ACCESSION_INDICATOR, PROP_TRANSFER_LOCATION, PROP_TRANSFER_PDF_INDICATOR, PROP_UNPUBLISHED_UPDATE, PROP_UPDATE_TO, PROP_UPDATED_PROPERTIES, PROP_VITAL_RECORD_INDICATOR, PROP_WRITERS, RM_MODEL, RM_PREFIX, RM_URI, TYPE_CAVEAT_CONFIG, TYPE_DISPOSITION_ACTION, TYPE_DISPOSITION_ACTION_DEFINITION, TYPE_DISPOSITION_SCHEDULE, TYPE_EMAIL_CONFIG, TYPE_EVENT_EXECUTION, TYPE_FILE_PLAN, TYPE_HOLD, TYPE_HOLD_CONTAINER, TYPE_NON_ELECTRONIC_DOCUMENT, TYPE_RECORD_CATEGORY, TYPE_RECORD_FOLDER, TYPE_RECORDS_MANAGEMENT_CONTAINER, TYPE_RM_SITE, TYPE_TRANSFER, TYPE_TRANSFER_CONTAINER, TYPE_UNFILED_RECORD_CONTAINER, TYPE_UNFILED_RECORD_FOLDER, UPDATE_TO_DISPOSITION_ACTION_DEFINITION

Constructor Summary

Constructors

Constructor	Description
ModelSecurityServiceImpl()

Method Summary

Modifier and Type	Method	Description
void	beforeAddAspect(NodeRef nodeRef, QName aspect)
void	beforeRemoveAspect(NodeRef nodeRef, QName aspect)
boolean	canEditProtectedAspect(NodeRef nodeRef, QName aspect)	Indicates whether the current user can edit (ie add or remove) a protected aspect in the context of a given node.
boolean	canEditProtectedProperty(NodeRef nodeRef, QName property)	Indicates whether the current user can edit a protected property in the context of a given node.
void	disable()	Disable model security checks for the current thread.
void	enable()	Enable model security checks for the current thread.
ProtectedAspect	getProtectedAspect(QName name)	Get the details of the protected aspect, returns null if aspect is not protected.
Set<QName>	getProtectedAspects()	Get the protected aspects.
Set<QName>	getProtectedProperties()	Get the protected properties
ProtectedProperty	getProtectedProperty(QName name)	Get the details of the protected property, returns null if property is not protected.
boolean	isEnabled()	Indicates whether model security is enabled or not.
boolean	isProtectedAspect(QName aspect)	Indicates whether an aspect is protected or not.
boolean	isProtectedProperty(QName property)	Indicates whether a property is protected or not.
void	onUpdateProperties(NodeRef nodeRef, Map<QName,Serializable> before, Map<QName,Serializable> after)
void	register(ProtectedModelArtifact artifact)	Registers a protected model artifact with the service.
void	setEnabled(boolean enabled)	Sets whether model security is enabled globally or not.
void	setFilePlanService(FilePlanService filePlanService)
void	setNamespaceService(NamespaceService namespaceService)

Methods inherited from class org.alfresco.module.org_alfresco_module_rm.model.BaseBehaviourBean

getBehaviour, registerBehaviour, setBehaviourFilter, validateNewChildAssociation, validateNewChildAssociationSubTypesIncluded

Methods inherited from class org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl

getFilePlan, getFilePlanComponentKind, getFilePlanComponentKindFromType, getInternalNodeService, getNextCount, getTypeAndApsects, instanceOf, instanceOf, isDeclared, isFilePlan, isFilePlanComponent, isFilePlanContainer, isHold, isRecord, isRecordCategory, isRecordFolder, isTransfer, isUnfiledRecordsContainer, setApplicationContext, setAuthenticationUtil, setContentService, setDictionaryService, setNodeService, setNodeTypeUtility, setRenditionService, setTransactionalResourceHelper

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ModelSecurityServiceImpl

public ModelSecurityServiceImpl()

Method Details

setEnabled

public void setEnabled(boolean enabled)

Description copied from interface: ModelSecurityService

Sets whether model security is enabled globally or not.

Specified by:

setEnabled in interface ModelSecurityService

See Also:

• ModelSecurityService.setEnabled(boolean)

isEnabled

public boolean isEnabled()

Description copied from interface: ModelSecurityService

Indicates whether model security is enabled or not.

Specified by:

isEnabled in interface ModelSecurityService

Returns:

See Also:

• ModelSecurityService.isEnabled()

setNamespaceService

public void setNamespaceService(NamespaceService namespaceService)

Parameters:

namespaceService - namespace service

setFilePlanService

public void setFilePlanService(FilePlanService filePlanService)

Parameters:

filePlanService - file plan service

disable

public void disable()

Description copied from interface: ModelSecurityService

Disable model security checks for the current thread.

Specified by:

disable in interface ModelSecurityService

See Also:

• ModelSecurityService.disable()

enable

public void enable()

Description copied from interface: ModelSecurityService

Enable model security checks for the current thread.

Specified by:

enable in interface ModelSecurityService

See Also:

• ModelSecurityService.enable()

register

public void register(ProtectedModelArtifact artifact)

Description copied from interface: ModelSecurityService

Registers a protected model artifact with the service.

Specified by:

register in interface ModelSecurityService

Parameters:

artifact - protected model artifact

See Also:

• ModelSecurityService.register(org.alfresco.module.org_alfresco_module_rm.model.security.ProtectedModelArtifact)

isProtectedProperty

public boolean isProtectedProperty(QName property)

Description copied from interface: ModelSecurityService

Indicates whether a property is protected or not.

Specified by:

isProtectedProperty in interface ModelSecurityService

Parameters:

property - name of property

Returns:

boolean true if property is protected, false otherwise

See Also:

• ModelSecurityService.isProtectedProperty(org.alfresco.service.namespace.QName)

getProtectedProperties

public Set<QName> getProtectedProperties()

Description copied from interface: ModelSecurityService

Get the protected properties

Specified by:

getProtectedProperties in interface ModelSecurityService

Returns:

Set<QName > all the protected properties

See Also:

• ModelSecurityService.getProtectedProperties()

getProtectedProperty

public ProtectedProperty getProtectedProperty(QName name)

Description copied from interface: ModelSecurityService

Get the details of the protected property, returns null if property is not protected.

Specified by:

getProtectedProperty in interface ModelSecurityService

Parameters:

name - name of the protected property

Returns:

ProtectedProperty protected property details, null otherwise

See Also:

• ModelSecurityService.getProtectedProperty(org.alfresco.service.namespace.QName)

canEditProtectedProperty

public boolean canEditProtectedProperty(NodeRef nodeRef,
 QName property)

Description copied from interface: ModelSecurityService

Indicates whether the current user can edit a protected property in the context of a given node.

If the property is not protected then returns true.

Specified by:

canEditProtectedProperty in interface ModelSecurityService

Parameters:

nodeRef - node reference

property - name of the property

Returns:

boolean true if the current user can edit the protected property or the property is not protected, false otherwise

See Also:

• ModelSecurityService.canEditProtectedProperty(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)

isProtectedAspect

public boolean isProtectedAspect(QName aspect)

Description copied from interface: ModelSecurityService

Indicates whether an aspect is protected or not.

Specified by:

isProtectedAspect in interface ModelSecurityService

Parameters:

aspect - aspect name

Returns:

boolean true if aspect is protected, false otherwise

See Also:

• ModelSecurityService.isProtectedAspect(org.alfresco.service.namespace.QName)

getProtectedAspects

public Set<QName> getProtectedAspects()

Description copied from interface: ModelSecurityService

Get the protected aspects.

Specified by:

getProtectedAspects in interface ModelSecurityService

Returns:

Set<QName> all the protected aspects

See Also:

• ModelSecurityService.getProtectedAspects()

getProtectedAspect

public ProtectedAspect getProtectedAspect(QName name)

Description copied from interface: ModelSecurityService

Get the details of the protected aspect, returns null if aspect is not protected.

Specified by:

getProtectedAspect in interface ModelSecurityService

Parameters:

name - name of the aspect

Returns:

ProtectedAspect protected aspect details, null otherwise

See Also:

• ModelSecurityService.getProtectedAspect(org.alfresco.service.namespace.QName)

canEditProtectedAspect

public boolean canEditProtectedAspect(NodeRef nodeRef,
 QName aspect)

Description copied from interface: ModelSecurityService

Indicates whether the current user can edit (ie add or remove) a protected aspect in the context of a given node.

If the aspect is not protected then returns true.

Specified by:

canEditProtectedAspect in interface ModelSecurityService

Parameters:

nodeRef - node reference

aspect - name of the of aspect

Returns:

boolean true if the current user can edit the protected aspect or the the aspect is not protected, false otherwise

See Also:

• ModelSecurityService.canEditProtectedAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)

beforeAddAspect

public void beforeAddAspect(NodeRef nodeRef,
 QName aspect)

Specified by:

beforeAddAspect in interface NodeServicePolicies.BeforeAddAspectPolicy

See Also:

• NodeServicePolicies.BeforeAddAspectPolicy.beforeAddAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)

beforeRemoveAspect

public void beforeRemoveAspect(NodeRef nodeRef,
 QName aspect)

Specified by:

beforeRemoveAspect in interface NodeServicePolicies.BeforeRemoveAspectPolicy

See Also:

• NodeServicePolicies.BeforeRemoveAspectPolicy.beforeRemoveAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)

onUpdateProperties

public void onUpdateProperties(NodeRef nodeRef,
 Map<QName,Serializable> before,
 Map<QName,Serializable> after)

Specified by:

onUpdateProperties in interface NodeServicePolicies.OnUpdatePropertiesPolicy

See Also:

• NodeServicePolicies.OnUpdatePropertiesPolicy.onUpdateProperties(org.alfresco.service.cmr.repository.NodeRef, java.util.Map, java.util.Map)