Add permissions for Site Administrators to manage groups

README.md

@@ -11,7 +11,8 @@ Downloading the ready-to-deploy-plugin
 --------------------------------------
 The binary distribution is made of one AMP file for repo and another AMP file for share:
 
-* [share AMP](https://github.com/keensoft/alfresco-site-groups/releases/download/1.0-SNAPSHOT/agreement-site-groups-1.0-SNAPSHOT.amp)
+* [repo AMP](https://github.com/keensoft/alfresco-site-groups/releases/download/1.0-SNAPSHOT/site-groups-repo-1.0-SNAPSHOT.amp)
+* [share AMP](https://github.com/keensoft/alfresco-site-groups/releases/download/1.0-SNAPSHOT/site-groups-share-1.0-SNAPSHOT.amp)
 
 You can install it by using standard [Alfresco deployment tools](http://docs.alfresco.com/community/tasks/dev-extensions-tutorials-simple-module-install-amp.html)
 

site-groups-repo/pom.xml

@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>es.keensoft.alfresco</groupId>
+    <artifactId>site-groups-repo</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <name>site-groups-repo Repository AMP project</name>
+    <packaging>amp</packaging>
+    <description>Manages the lifecycle of the site-groups-repo Repository AMP (Alfresco Module Package)</description>
+
+    <parent>
+        <groupId>org.alfresco.maven</groupId>
+        <artifactId>alfresco-sdk-parent</artifactId>
+        <version>2.1.0</version>
+    </parent>
+
+    <!-- 
+        SDK properties have sensible defaults in the SDK parent,
+        but you can override the properties below to use another version.
+        For more available properties see the alfresco-sdk-parent POM.
+       -->
+    <properties>
+        <!-- The following are default values for data location and Alfresco Community version.
+             Uncomment if you need to change (Note. current default version for Enterprise edition is 5.0.1)
+          <alfresco.version>5.0.d</alfresco.version>
+          <alfresco.data.location>alf_data_dev</alfresco.data.location> -->
+
+        <!-- This control the root logging level for all apps uncomment and change, defaults to WARN
+            <app.log.root.level>WARN</app.log.root.level>
+        -->
+
+        <!-- Set the enviroment to use, this controls which properties will be picked in src/test/properties
+             for embedded run, defaults to the 'local' environment. See SDK Parent POM for more info.
+        <env>local</env>
+        -->
+    </properties>
+
+    <!-- Here we realize the connection with the Alfresco selected platform 
+        (e.g.version and edition) -->
+    <dependencyManagement>
+        <dependencies>
+            <!-- Setup what versions of the different Alfresco artifacts that will be used (depends on alfresco.version),
+                 so we don't have to specify version in any of the dependency definitions in our POM.
+                 For more info see:
+                    http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Importing_Dependencies
+            -->
+            <dependency>
+                <groupId>${alfresco.groupId}</groupId>
+                <artifactId>alfresco-platform-distribution</artifactId>
+                <version>${alfresco.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+        <!-- Following dependencies are needed for compiling Java code in src/main/java;
+             <scope>provided</scope> is inherited for each of the following;
+             for more info, please refer to alfresco-platform-distribution POM -->
+        <dependency>
+            <groupId>${alfresco.groupId}</groupId>
+            <artifactId>alfresco-repository</artifactId>
+        </dependency>
+    </dependencies>
+
+    <profiles>
+        <!--
+            Brings in the extra Enterprise specific repository classes,
+            if the 'enterprise' profile has been activated, needs to be activated manually.
+            -->
+        <profile>
+            <id>enterprise</id>
+            <dependencies>
+                <dependency>
+                    <groupId>${alfresco.groupId}</groupId>
+                    <artifactId>alfresco-enterprise-repository</artifactId>
+                    <version>${alfresco.version}</version>
+                    <scope>provided</scope>
+                </dependency>
+            </dependencies>
+        </profile>
+
+        <!--
+            If the 'amp-to-war' profile is enabled then make sure to bring in the alfresco-rad module,
+            which has the H2 scripts and other RAD features.
+
+            TODO: TO INVESTIGATE: This dependency is already defined in the parent SDK pom in the 'amp-to-war' profile
+                  but this does not work, it is not include...
+            -->
+        <profile>
+            <id>amp-to-war</id>
+            <dependencies>
+                <dependency>
+                    <groupId>org.alfresco.maven</groupId>
+                    <artifactId>alfresco-rad</artifactId>
+                    <version>${maven.alfresco.version}</version>
+                </dependency>
+            </dependencies>
+        </profile>
+    </profiles>
+</project>

site-groups-repo/run.bat

@@ -0,0 +1,19 @@
+::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+::      Dev environment startup script for Alfresco Community.    ::
+::                                                                ::
+::      Downloads the spring-loaded lib if not existing and       ::
+::      runs the Repo AMP applied to Alfresco WAR.                ::
+::      Note. the Share WAR is not deployed.                      ::
+::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+@echo off
+
+set springloadedfile=%HOME%\.m2\repository\org\springframework\springloaded\1.2.3.RELEASE\springloaded-1.2.3.RELEASE.jar
+
+if not exist %springloadedfile% (
+  mvn validate -Psetup
+)
+
+set MAVEN_OPTS=-javaagent:"%springloadedfile%" -noverify -Xms256m -Xmx2G
+
+mvn integration-test -Pamp-to-war -nsu
+:: mvn integration-test -Pamp-to-war 

site-groups-repo/run.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+# Downloads the spring-loaded lib if not existing and      
+# runs the Repo AMP applied to Alfresco WAR.           
+# Note. the Share WAR is not deployed.              
+springloadedfile=~/.m2/repository/org/springframework/springloaded/1.2.3.RELEASE/springloaded-1.2.3.RELEASE.jar
+
+if [ ! -f $springloadedfile ]; then
+mvn validate -Psetup
+fi
+
+MAVEN_OPTS="-javaagent:$springloadedfile -noverify -Xms256m -Xmx2G" mvn integration-test -Pamp-to-war

site-groups-repo/src/main/amp/config/alfresco/module/site-groups-repo/alfresco-global.properties

@@ -0,0 +1,5 @@
+## This Alfresco Repo Configuration file should be used for custom properties that are introduced by this module.
+## Define default values for all properties here.
+## System Administrators can override these values in environment specific configurations in
+## alfresco/tomcat/shared/classes/alfresco-global.properties.
+## 

site-groups-repo/src/main/amp/config/alfresco/module/site-groups-repo/context/webscript-context.xml

@@ -0,0 +1,25 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+<!--
+	Licensed to the Apache Software Foundation (ASF) under one or more
+	contributor license agreements.  See the NOTICE file distributed with
+	this work for additional information regarding copyright ownership.
+	The ASF licenses this file to You under the Apache License, Version 2.0
+	(the "License"); you may not use this file except in compliance with
+	the License.  You may obtain a copy of the License at
+	
+	http://www.apache.org/licenses/LICENSE-2.0
+	
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+-->
+<beans>
+	<bean class="es.keensoft.alfresco.webscript.RunAsUtil" id="runAsAdminUtil" parent="baseJavaScriptExtension">
+		<property name="extensionName">
+			<value>runAsAdminUtil</value>
+		</property>
+	</bean> 
+</beans>

site-groups-repo/src/main/amp/config/alfresco/module/site-groups-repo/log4j.properties

@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#-----------------------------------------------------------------------
+# ${artifactId} module log4j.properties
+#
+#   NOTE
+#   ----
+#      Log4j uses the following logging levels:
+#      debug,info,warn,error,fatal
+#
+#      To set the logging level of {fullClassName} to {loglevel},
+#      add a line to this file of the following form:
+#   
+#               log4j.logger.{fullClassName}={loglevel}
+#
+#      For example, to make 'com.example.MyExample' produce 'debug'
+#      logs, add a line like this:
+#   
+#               log4j.logger.com.example.MyExample=debug
+#
+#
+#   WARNING
+#   -------
+#       Log properties in this log4j.properties file override/augment
+#       those in the webapp's main log4j.properties.
+#    
+#-----------------------------------------------------------------------

site-groups-repo/src/main/amp/config/alfresco/module/site-groups-repo/module-context.xml

@@ -0,0 +1,24 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!--
+	Licensed to the Apache Software Foundation (ASF) under one or more
+	contributor license agreements. 
+	The ASF licenses this file to You under the Apache License, Version 2.0
+	(the "License"); you may not use this file except in compliance with
+	the License.  You may obtain a copy of the License at
+	
+	http://www.apache.org/licenses/LICENSE-2.0
+	
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+	
+-->
+<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
+
+<beans>
+	<!-- This is filtered by Maven at build time, so that module name is single sourced. -->
+	<import resource="classpath:alfresco/module/${project.artifactId}/context/webscript-context.xml" />
+
+</beans>

site-groups-repo/src/main/amp/config/alfresco/templates/webscripts/org/alfresco/repository/groups/keensoft/children.delete.desc.xml

@@ -0,0 +1,15 @@
+<webscript>
+   <shortname>Remove an authority from a group</shortname>
+   <description><![CDATA[
+      Remove an authority (USER or GROUP) from a group.  A user will not be deleted by this method.
+      <br />
+      You must have "administrator" privileges to alter a group.
+      <br /> 
+   ]]>
+   </description>
+   <url>/api/keensoft/groups/{shortGroupName}/children/{fullAuthorityName}</url>
+   <format default="json">argument</format>
+   <authentication>user</authentication>
+   <transaction>required</transaction>
+   <lifecycle>draft_public_api</lifecycle>
+</webscript>

site-groups-repo/src/main/amp/config/alfresco/templates/webscripts/org/alfresco/repository/groups/keensoft/children.delete.js

@@ -0,0 +1,22 @@
+function main() {
+    runAsAdminUtil.runAsAdmin(deleteChildrenGroups);
+}
+
+var deleteChildrenGroups = function deleteChildrenGroups()
+{
+   var urlElements = url.extension.split("/");
+   var shortName = urlElements[0];
+   var fullAuthorityName = urlElements[2];
+
+   var group = groups.getGroup(shortName);
+   if (group == null)
+   {
+      // Group cannot be found
+      status.setCode(status.STATUS_NOT_FOUND, "The group :" + shortName + ", does not exist.");
+      return;
+   }
+
+   group.removeAuthority(fullAuthorityName);
+}
+
+main();

site-groups-repo/src/main/amp/config/alfresco/templates/webscripts/org/alfresco/repository/groups/keensoft/children.delete.json.ftl

@@ -0,0 +1,6 @@
+<#-- Remove Group -->
+
+<#import "../authority.lib.ftl" as authorityLib/>
+{
+
+}

site-groups-repo/src/main/amp/config/alfresco/templates/webscripts/org/alfresco/repository/groups/keensoft/children.post.desc.xml

@@ -0,0 +1,17 @@
+<webscript>
+   <shortname>Add group or user to a group</shortname>
+   <description><![CDATA[
+      Adds a group or user to a group. The webscript will create a sub group if one does not already exist, with the fullAuthorityName.
+      
+      <br />You must have "administrator" privileges to modify groups.
+      <br />If the authority is for a group and doe not exist then it is created.
+      <br />The webscript returns Status_Created if a new group is created, otherwise it returns Status_OK.
+      If Status_Created returns the new sub group, otherwise returns the group.  
+   ]]>
+   </description>
+   <url>/api/keensoft/groups/{shortName}/children/{fullAuthorityName}</url>
+   <format default="json">argument</format>
+   <authentication>user</authentication>
+   <transaction>required</transaction>
+   <lifecycle>draft_public_api</lifecycle>
+</webscript>

site-groups-repo/src/main/amp/config/alfresco/templates/webscripts/org/alfresco/repository/groups/keensoft/children.post.js

@@ -0,0 +1,59 @@
+function main() {
+    runAsAdminUtil.runAsAdmin(modifyChildrenGroups);
+}
+
+var modifyChildrenGroups = function modifyChildrenGroups()
+{
+   // Check that post is submitted as application/json
+   if (headers["Content-Type"].indexOf("application/json") != 0)
+   {
+      status.setCode(status.STATUS_BAD_REQUEST, "Request must be submitted as application/json");
+      return;
+   }
+
+   var urlElements = url.extension.split("/");
+   var shortName = urlElements[0];
+   var fullAuthorityName = urlElements[2];
+
+   var group = groups.getGroup(shortName);
+   var GROUP_PREFIX = "GROUP_";
+
+   if (group == null)
+   {
+      // Parent Group cannot be found
+      status.setCode(status.STATUS_NOT_FOUND, "The group :" + shortName + ", does not exist.");
+      return;
+   }
+
+   if (fullAuthorityName.match("^" + GROUP_PREFIX + "*"))
+   {
+      var subGroupName = fullAuthorityName.substr(GROUP_PREFIX.length);
+      var child = groups.getGroup(subGroupName);
+
+      // This is a group authority
+      if(child == null)
+      {
+         // child does not exist
+         child = group.createGroup(subGroupName, subGroupName);
+         status.code = status.STATUS_CREATED;
+         model.group = child;
+         return;
+      }
+   }
+
+   // Link an existing group or user
+   try
+   {
+       group.addAuthority(fullAuthorityName);
+   }
+   catch(e)
+   {
+       status.code = status.STATUS_INTERNAL_SERVER_ERROR;
+       return;
+   }
+
+   status.code = status.STATUS_OK;
+   model.group 
+}
+
+main();

site-groups-repo/src/main/amp/config/alfresco/templates/webscripts/org/alfresco/repository/groups/keensoft/children.post.json.ftl

@@ -0,0 +1,10 @@
+<#-- post children - add group or user to a group -->
+
+<#import "../authority.lib.ftl" as authorityLib/>
+{
+	<#if group??>
+	"data": <@authorityLib.authorityJSON authority=group />
+	<#else>
+	"data":  { }
+	</#if>	
+}