Documentation

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / useradmin / SimpleJcrSecurityModel.java

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/SimpleJcrSecurityModel.java b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/SimpleJcrSecurityModel.java
index 029719c3a858f2236a79a4db819f4a106389da47..9d26f13352ffbccbfb5ed9a6f237f0be2a707b91 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/SimpleJcrSecurityModel.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/SimpleJcrSecurityModel.java
@@ -22,17 +22,17 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.Value;
 import javax.jcr.security.Privilege;
-import javax.jcr.version.VersionManager;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jackrabbit.core.security.user.UserAccessControlProvider;
 import org.argeo.ArgeoException;
+import org.argeo.cms.internal.auth.JcrSecurityModel;
 import org.argeo.jcr.ArgeoJcrConstants;
 import org.argeo.jcr.ArgeoNames;
 import org.argeo.jcr.ArgeoTypes;
 import org.argeo.jcr.JcrUtils;
 import org.argeo.jcr.UserJcrUtils;
-import org.argeo.security.jcr.JcrSecurityModel;
 
 /**
  * Manages data expected by the Argeo security model, such as user home and
@@ -46,6 +46,21 @@ public class SimpleJcrSecurityModel implements JcrSecurityModel {
 
        /** The home base path. */
        private String homeBasePath = "/home";
+       private String peopleBasePath = ArgeoJcrConstants.PEOPLE_BASE_PATH;
+
+       @Override
+       public void init(Session adminSession) throws RepositoryException {
+               JcrUtils.mkdirs(adminSession, homeBasePath);
+               JcrUtils.mkdirs(adminSession, peopleBasePath);
+               adminSession.save();
+
+               JcrUtils.addPrivilege(adminSession, homeBasePath,
+                               UserAccessControlProvider.USER_ADMIN_GROUP_NAME,
+                               Privilege.JCR_READ);
+               JcrUtils.addPrivilege(adminSession, peopleBasePath,
+                               UserAccessControlProvider.USER_ADMIN_GROUP_NAME,
+                               Privilege.JCR_ALL);
+       }
 
        public synchronized Node sync(Session session, String username,
                        List<String> roles) {
@@ -78,9 +93,9 @@ public class SimpleJcrSecurityModel implements JcrSecurityModel {
                        }
 
                        Node userProfile = UserJcrUtils.getUserProfile(session, username);
+                       // new user
                        if (userProfile == null) {
-                               String personPath = generateUserPath(
-                                               ArgeoJcrConstants.PEOPLE_BASE_PATH, username);
+                               String personPath = generateUserPath(peopleBasePath, username);
                                Node personBase = JcrUtils.mkdirs(session, personPath);
                                userProfile = personBase.addNode(ArgeoNames.ARGEO_PROFILE);
                                userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
@@ -98,12 +113,6 @@ public class SimpleJcrSecurityModel implements JcrSecurityModel {
                                                username);
                                JcrUtils.addPrivilege(session, userProfile.getPath(), username,
                                                Privilege.JCR_READ);
-
-                               VersionManager versionManager = session.getWorkspace()
-                                               .getVersionManager();
-                               if (versionManager.isCheckedOut(userProfile.getPath()))
-                                       versionManager.checkin(userProfile.getPath());
-
                        }
 
                        // Remote roles