import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.security.Privilege;
-import javax.jcr.version.VersionManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.jackrabbit.core.security.user.UserAccessControlProvider;
import org.argeo.ArgeoException;
+import org.argeo.cms.internal.auth.JcrSecurityModel;
import org.argeo.jcr.ArgeoJcrConstants;
import org.argeo.jcr.ArgeoNames;
import org.argeo.jcr.ArgeoTypes;
import org.argeo.jcr.JcrUtils;
import org.argeo.jcr.UserJcrUtils;
-import org.argeo.security.jcr.JcrSecurityModel;
/**
* Manages data expected by the Argeo security model, such as user home and
/** The home base path. */
private String homeBasePath = "/home";
+ private String peopleBasePath = ArgeoJcrConstants.PEOPLE_BASE_PATH;
+
+ @Override
+ public void init(Session adminSession) throws RepositoryException {
+ JcrUtils.mkdirs(adminSession, homeBasePath);
+ JcrUtils.mkdirs(adminSession, peopleBasePath);
+ adminSession.save();
+
+ JcrUtils.addPrivilege(adminSession, homeBasePath,
+ UserAccessControlProvider.USER_ADMIN_GROUP_NAME,
+ Privilege.JCR_READ);
+ JcrUtils.addPrivilege(adminSession, peopleBasePath,
+ UserAccessControlProvider.USER_ADMIN_GROUP_NAME,
+ Privilege.JCR_ALL);
+ }
public synchronized Node sync(Session session, String username,
List<String> roles) {
}
Node userProfile = UserJcrUtils.getUserProfile(session, username);
+ // new user
if (userProfile == null) {
- String personPath = generateUserPath(
- ArgeoJcrConstants.PEOPLE_BASE_PATH, username);
+ String personPath = generateUserPath(peopleBasePath, username);
Node personBase = JcrUtils.mkdirs(session, personPath);
userProfile = personBase.addNode(ArgeoNames.ARGEO_PROFILE);
userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
username);
JcrUtils.addPrivilege(session, userProfile.getPath(), username,
Privilege.JCR_READ);
-
- VersionManager versionManager = session.getWorkspace()
- .getVersionManager();
- if (versionManager.isCheckedOut(userProfile.getPath()))
- versionManager.checkin(userProfile.getPath());
-
}
// Remote roles