• Permit writing note to node with read-permissions.

  • He we will discuss about how to make customization and improvement to the OpenKM source code.
He we will discuss about how to make customization and improvement to the OpenKM source code.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #45553  by tumi
 
I'm trying to permit users to write note to any node it's able to see. I found the code of creating note from com.openkm.dao.NodeNoteDAO.java. I commented out the SecurityHelper.checkWrite(parentNode); -> getting building error "error: exception AccessDeniedException is never thrown in body of corresponding try statement" -> removed the AccessDeniedException from create-function and commented out the catch -> I was able to build, but it didn't affect anything, still not able to write notes on documents that I only have read access (Text-area doesn't even appear).
Code: Select all
	/**
	 * Create
	 
	public void create(NodeNote nNote) throws PathNotFoundException, AccessDeniedException, DatabaseException {
		log.debug("create({})", nNote);
		Session session = null;
		Transaction tx = null;
	*/
	
	public void create(NodeNote nNote) throws PathNotFoundException, DatabaseException {
		log.debug("create({})", nNote);
		Session session = null;
		Transaction tx = null;
	

		try {
			session = HibernateUtil.getSessionFactory().openSession();
			tx = session.beginTransaction();

			// Security Check
			NodeBase parentNode = (NodeBase) session.load(NodeBase.class, nNote.getParent());
			SecurityHelper.checkRead(parentNode);
			/* SecurityHelper.checkWrite(parentNode); */

			session.save(nNote);
			HibernateUtil.commit(tx);
			log.debug("create: void");
		} catch (PathNotFoundException e) {
			HibernateUtil.rollback(tx);
			throw e;
		} 
		/* catch (AccessDeniedException e) {
			HibernateUtil.rollback(tx);
			throw e;
		} */
		catch (DatabaseException e) {
			HibernateUtil.rollback(tx);
			throw e;
		} catch (HibernateException e) {
			HibernateUtil.rollback(tx);
			throw new DatabaseException(e.getMessage(), e);
		} finally {
			HibernateUtil.close(session);
		}
	}
 #45581  by jllort
 
Because you have changed API logic but there's also a logic in the UI what also prevents it. Take a look at Notes.java and I suggest looking for references to methods setVisibleButtons and setVisibleAddNote.
 #45618  by tumi
 
I tested to hardcode Notes.java setVisibleButtons and setVisibleAddNote's all variables to true, but nothing changed. So I assume there's another file where this is prevented.

For example ToolBar.java calls Notes.setVisibleAddNote, and I have hardcoded it to true, wouldn't it force it to show anycase? I think that now, even the setVisibleAddNote isn't getting called and the write-permission-check is getting done before.
 #45679  by tumi
 
Hi thanks for help, I was able to show the 'add note' always. But now, when I'm deploying it on the actual server, it behaves like original version and shows the 'add note' only when I have write permissions to the file. Should the war-file be completely portable? I just copied it from my own pc to the server. I installed tomcat from here https://sourceforge.net/projects/openkm ... 7.0.61.zip . Can that affect?
 #45685  by jllort
 
The war file is completely portable. Ensure you clean ( refresh ) the browser cache, the OpenKM UI is based on GWT what is a lot of javascript files usually in the cache to decrease download time. Another point is to clean the $TOMCAT_HOME/work/Catalina/localhost folder.
 #48011  by AmandaC
 
tumi wrote: Wed Mar 28, 2018 8:12 am I'm trying to permit users to write note to any node it's able to see. I found the code of creating note from com.openkm.dao.NodeNoteDAO.java. I commented out the SecurityHelper.checkWrite(parentNode); -> getting building error "error: exception AccessDeniedException is never thrown in body of corresponding try statement" -> removed the AccessDeniedException from create-function and commented out the catch -> I was able to build, but it didn't affect anything, still not able to write notes on documents that I only have read access (Text-area doesn't even appear).
Code: Select all
	/**
	 * Create
	 
	public void create(NodeNote nNote) throws PathNotFoundException, AccessDeniedException, DatabaseException {
		log.debug("create({})", nNote);
		Session session = null;
		Transaction tx = null;
	*/
	
	public void create(NodeNote nNote) throws PathNotFoundException, DatabaseException {
		log.debug("create({})", nNote);
		Session session = null;
		Transaction tx = null;
	

		try {
			session = HibernateUtil.getSessionFactory().openSession();
			tx = session.beginTransaction();

			// Security Check
			NodeBase parentNode = (NodeBase) session.load(NodeBase.class, nNote.getParent());
			SecurityHelper.checkRead(parentNode);
			/* SecurityHelper.checkWrite(parentNode); */

			session.save(nNote);
			HibernateUtil.commit(tx);
			log.debug("create: void");
		} catch (PathNotFoundException e) {
			HibernateUtil.rollback(tx);
			throw e;
		} 
		/* catch (AccessDeniedException e) {
			HibernateUtil.rollback(tx);
			throw e;
		} */
		catch (DatabaseException e) {
			HibernateUtil.rollback(tx);
			throw e;
		} catch (HibernateException e) {
			HibernateUtil.rollback(tx);
			throw new DatabaseException(e.getMessage(), e);
		} finally {
			HibernateUtil.close(session);
		}
	}
I was facing the same issue here but thanks for the solution, fixed it immediately after i followed the instructions.

Thanks and Regards,
Amanda
 #48043  by jllort
 
Another option might be use system user into the OKMNote API either modifying methods in the low level. At the end you want all the users working without security ... that means working as super users when adding or modifying notes.

Take a look here:
https://docs.openkm.com/kcenter/view/ok ... ystemToken

The proposal is:
Code: Select all
@Override
	public Note add(String token, String nodeId, String text) throws LockException,
			PathNotFoundException, AccessDeniedException, RepositoryException, DatabaseException {
		// Token line to ensure will working as super user
		token = DbSessionManager.getInstance().getInstance();
		log.debug("add({}, {}, {})", new Object[]{token, nodeId, text});
		NoteModule nm = ModuleManager.getNoteModule();
		Note ret = nm.add(token, nodeId, text);
		log.debug("add: {}", ret);
		return ret;
	}
The problem with this solution is that in the notes will be shown system user either logged user. I think at the end you should remove all the SecurityHelper.checkWrite( method calls present in the NodeNoteDAO.

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.