From 39caafccf25ad63f4cab3ca57a460dd1efc988eb Mon Sep 17 00:00:00 2001
From: Richard Millet <remillet@berkeley.edu>
Date: Thu, 12 Apr 2012 13:02:54 -0700
Subject: [PATCH] CSPACE-4964: Fixing bug related to slashes in the Permission
 IDs

---
 .../OSGI-INF/default-life-cycle-contrib.xml        | 14 +++++++-------
 .../authorization_mgt/AuthorizationCommon.java     |  3 +--
 .../common/security/SecurityInterceptor.java       |  2 +-
 .../3rdparty/nuxeo-platform-cs-dimension/pom.xml   |  1 -
 4 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/3rdparty/nuxeo/nuxeo-platform-collectionspace/src/main/resources/OSGI-INF/default-life-cycle-contrib.xml b/3rdparty/nuxeo/nuxeo-platform-collectionspace/src/main/resources/OSGI-INF/default-life-cycle-contrib.xml
index 182befb2e..3d605cde6 100644
--- a/3rdparty/nuxeo/nuxeo-platform-collectionspace/src/main/resources/OSGI-INF/default-life-cycle-contrib.xml
+++ b/3rdparty/nuxeo/nuxeo-platform-collectionspace/src/main/resources/OSGI-INF/default-life-cycle-contrib.xml
@@ -12,17 +12,17 @@
 
     <documentation>CollectionSpace core default life cycle definition.</documentation>
 
-    <lifecycle name="cs_default" defaultInitial="active">
+    <lifecycle name="cs_default" defaultInitial="project">
       <transitions>
         <transition name="delete" destinationState="deleted">
           <description>Move document to trash (temporary delete)</description>
         </transition>
-        <transition name="undelete" destinationState="active">
+        <transition name="undelete" destinationState="project">
           <description>Recover the document from trash</description>
         </transition>
       </transitions>
       <states>
-        <state name="active" description="Default state" initial="true">
+        <state name="project" description="Default state" initial="true">
           <transitions>
             <transition>delete</transition>
           </transitions>
@@ -40,23 +40,23 @@
   
     <documentation>CollectionSpace "locking" life cycle definition.</documentation>
 
-    <lifecycle name="cs_locking" defaultInitial="active">
+    <lifecycle name="cs_locking" defaultInitial="project">
       <transitions>
         <transition name="lock" destinationState="locked">
           <description>Lock document</description>
         </transition>
-        <transition name="unlock" destinationState="active">
+        <transition name="unlock" destinationState="project">
           <description>Unlock the document</description>
         </transition>
         <transition name="delete" destinationState="deleted">
           <description>Move document to trash (temporary delete)</description>
         </transition>
-        <transition name="undelete" destinationState="active">
+        <transition name="undelete" destinationState="project">
           <description>Recover the document from trash</description>
         </transition>
       </transitions>	  
       <states>
-        <state name="active" description="Default state" initial="true">
+        <state name="project" description="Default state" initial="true">
           <transitions>
             <transition>delete</transition>
             <transition>lock</transition>
diff --git a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java
index 36d8d555c..16f3153ab 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/authorization_mgt/AuthorizationCommon.java
@@ -248,9 +248,8 @@ public class AuthorizationCommon {
     		String resourceName,
     		String description,
     		ActionGroup actionGroup) {
-//        String id = UUID.randomUUID().toString(); //FIXME: Could this be something like a refname instead of a UUID?
         String id = tenantId
-        		+ "-" + resourceName
+        		+ "-" + resourceName.replace('/', '_') // Remove the slashes so the ID can be used in a URI/URL
         		+ "-" + actionGroup.name;
         Permission perm = new Permission();
         perm.setCsid(id);
diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
index c6a3ef5e7..2bd6a0d59 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
@@ -136,7 +136,7 @@ public class SecurityInterceptor implements PreProcessInterceptor, PostProcessIn
 				// They passed the first round of security checks, so now let's check to see if they're trying
 				// to perform a workflow state change and make sure they are allowed to to this.
 				//
-				if (uriPath.contains(WorkflowClient.SERVICE_PATH_COMPONENT) == true) {
+				if (uriPath.contains(WorkflowClient.SERVICE_PATH) == true) {
 					String workflowSubResName = SecurityUtils.getResourceName(request.getUri());
 					res = new URIResourceImpl(AuthN.get().getCurrentTenantId(), workflowSubResName, httpMethod);
 					if (authZ.isAccessAllowed(res) == false) {
diff --git a/services/dimension/3rdparty/nuxeo-platform-cs-dimension/pom.xml b/services/dimension/3rdparty/nuxeo-platform-cs-dimension/pom.xml
index 19925571f..57df41cf1 100644
--- a/services/dimension/3rdparty/nuxeo-platform-cs-dimension/pom.xml
+++ b/services/dimension/3rdparty/nuxeo-platform-cs-dimension/pom.xml
@@ -8,7 +8,6 @@
     </parent>
     
     <modelVersion>4.0.0</modelVersion>
-    <groupId>org.collectionspace.services</groupId>
     <artifactId>org.collectionspace.services.dimension.3rdparty.nuxeo</artifactId>
     <name>services.dimension.3rdparty.nuxeo</name>
     <packaging>jar</packaging>
-- 
2.47.3