X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;ds=inline;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=884e4ce09ff0ccd1e550f01fe3c402dadae12608;hb=268e023a9de5db2549431a4415e584ac68a4f98b;hp=18cb5ece251b1e81fc4b990dc0b5bbbee67d81a8;hpb=48a1e034607afb28d84480463b57f74a80a29929;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index 18cb5ece2..884e4ce09 100644
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -36,11 +36,11 @@ import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
 import org.osgi.service.useradmin.Authorization;
-import org.osgi.service.useradmin.Group;
 import org.osgi.service.useradmin.Role;
 import org.osgi.service.useradmin.User;
 import org.osgi.service.useradmin.UserAdmin;
 
+/** Base class for a {@link UserDirectory}. */
 abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 	private final static Log log = LogFactory
 			.getLog(AbstractUserDirectory.class);
@@ -61,18 +61,15 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 	private List<String> credentialAttributeIds = Arrays
 			.asList(new String[] { LdifName.userpassword.name() });
 
-	// private TransactionSynchronizationRegistry syncRegistry;
-	// private Object editingTransactionKey = null;
-
 	private TransactionManager transactionManager;
 	private ThreadLocal<WorkingCopy> workingCopy = new ThreadLocal<AbstractUserDirectory.WorkingCopy>();
 	private Xid editingTransactionXid = null;
 
-	public AbstractUserDirectory(Dictionary<String, ?> properties) {
+	AbstractUserDirectory(Dictionary<String, ?> properties) {
 		// TODO make a copy?
 		this.properties = properties;
 
-		String uriStr = UserAdminProps.uri.getValue(properties);
+		String uriStr = UserAdminConf.uri.getValue(properties);
 		if (uriStr == null)
 			uri = null;
 		else
@@ -82,26 +79,21 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 				throw new UserDirectoryException("Badly formatted URI", e);
 			}
 
-		baseDn = UserAdminProps.baseDn.getValue(properties).toString();
-		String isReadOnly = UserAdminProps.readOnly.getValue(properties);
+		baseDn = UserAdminConf.baseDn.getValue(properties).toString();
+		String isReadOnly = UserAdminConf.readOnly.getValue(properties);
 		if (isReadOnly == null)
 			this.isReadOnly = readOnlyDefault(uri);
 		else
 			this.isReadOnly = new Boolean(isReadOnly);
 
-		this.userObjectClass = UserAdminProps.userObjectClass
+		this.userObjectClass = UserAdminConf.userObjectClass
 				.getValue(properties);
-		this.groupObjectClass = UserAdminProps.groupObjectClass
+		this.groupObjectClass = UserAdminConf.groupObjectClass
 				.getValue(properties);
 	}
 
-	// public AbstractUserDirectory(URI uri, boolean isReadOnly) {
-	// this.uri = uri;
-	// this.isReadOnly = isReadOnly;
-	// }
-
-	/** Returns the {@link Group}s this user is a direct member of. */
-	protected abstract List<? extends DirectoryGroup> getDirectGroups(User user);
+	/** Returns the groups this user is a direct member of. */
+	protected abstract List<LdapName> getDirectGroups(LdapName dn);
 
 	protected abstract Boolean daoHasRole(LdapName dn);
 
@@ -109,9 +101,6 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 
 	protected abstract List<DirectoryUser> doGetRoles(Filter f);
 
-	protected abstract void doGetUser(String key, String value,
-			List<DirectoryUser> collectedUsers);
-
 	public void init() {
 
 	}
@@ -124,10 +113,6 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 		if (editingTransactionXid == null)
 			return false;
 		return workingCopy.get() != null;
-		// Object currentTrKey = syncRegistry.getTransactionKey();
-		// if (currentTrKey == null)
-		// return false;
-		// return editingTransactionKey.equals(currentTrKey);
 	}
 
 	protected WorkingCopy getWorkingCopy() {
@@ -171,7 +156,7 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 		}
 	}
 
-	List<Role> getAllRoles(User user) {
+	List<Role> getAllRoles(DirectoryUser user) {
 		List<Role> allRoles = new ArrayList<Role>();
 		if (user != null) {
 			collectRoles(user, allRoles);
@@ -181,9 +166,10 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 		return allRoles;
 	}
 
-	private void collectRoles(User user, List<Role> allRoles) {
-		for (Group group : getDirectGroups(user)) {
+	private void collectRoles(DirectoryUser user, List<Role> allRoles) {
+		for (LdapName groupDn : getDirectGroups(user.getDn())) {
 			// TODO check for loops
+			DirectoryUser group = doGetRole(groupDn);
 			allRoles.add(group);
 			collectRoles(group, allRoles);
 		}
@@ -196,13 +182,16 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 	// USER ADMIN
 	@Override
 	public Role getRole(String name) {
-		LdapName key = toDn(name);
+		return doGetRole(toDn(name));
+	}
+
+	protected DirectoryUser doGetRole(LdapName dn) {
 		WorkingCopy wc = getWorkingCopy();
-		DirectoryUser user = daoGetRole(key);
+		DirectoryUser user = daoGetRole(dn);
 		if (wc != null) {
-			if (user == null && wc.getNewUsers().containsKey(key))
-				user = wc.getNewUsers().get(key);
-			else if (wc.getDeletedUsers().containsKey(key))
+			if (user == null && wc.getNewUsers().containsKey(dn))
+				user = wc.getNewUsers().get(dn);
+			else if (wc.getDeletedUsers().containsKey(dn))
 				user = null;
 		}
 		return user;
@@ -257,6 +246,19 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 		return null;
 	}
 
+	protected void doGetUser(String key, String value,
+			List<DirectoryUser> collectedUsers) {
+		try {
+			Filter f = FrameworkUtil.createFilter("(&(" + objectClass + "="
+					+ getUserObjectClass() + ")(" + key + "=" + value + "))");
+			List<DirectoryUser> users = doGetRoles(f);
+			collectedUsers.addAll(users);
+		} catch (InvalidSyntaxException e) {
+			throw new UserDirectoryException("Cannot get user with " + key
+					+ "=" + value, e);
+		}
+	}
+
 	@Override
 	public Authorization getAuthorization(User user) {
 		return new LdifAuthorization((DirectoryUser) user,
@@ -317,16 +319,20 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 		checkEdit();
 		WorkingCopy wc = getWorkingCopy();
 		LdapName dn = toDn(name);
-		if (!daoHasRole(dn) && !wc.getNewUsers().containsKey(dn))
-			return false;
-		DirectoryUser user = (DirectoryUser) getRole(name);
-		wc.getDeletedUsers().put(dn, user);
-		// FIXME clarify directgroups
-		for (DirectoryGroup group : getDirectGroups(user)) {
+		boolean actuallyDeleted;
+		if (daoHasRole(dn) || wc.getNewUsers().containsKey(dn)) {
+			DirectoryUser user = (DirectoryUser) getRole(name);
+			wc.getDeletedUsers().put(dn, user);
+			actuallyDeleted = true;
+		} else {// just removing from groups (e.g. system roles)
+			actuallyDeleted = false;
+		}
+		for (LdapName groupDn : getDirectGroups(dn)) {
+			DirectoryUser group = doGetRole(groupDn);
 			group.getAttributes().get(getMemberAttributeId())
 					.remove(dn.toString());
 		}
-		return true;
+		return actuallyDeleted;
 	}
 
 	// TRANSACTION