X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FHomeRepository.java;h=1b50023e650359130c656f9c8cbacc888a59467f;hb=5e34b63ecd7534daedeabb1804d043fc3ac3d947;hp=14254c75b7533991f87e96ad371d534dc7876550;hpb=f63f7150c61e1a21d9130789df8b4169e32660b5;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java index 14254c75b..1b50023e6 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java @@ -1,6 +1,8 @@ package org.argeo.cms.internal.kernel; import java.security.PrivilegedAction; +import java.text.SimpleDateFormat; +import java.util.Date; import java.util.HashSet; import java.util.Set; @@ -8,6 +10,7 @@ import javax.jcr.Node; import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; +import javax.jcr.nodetype.NodeType; import javax.jcr.security.Privilege; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; @@ -26,42 +29,51 @@ import org.argeo.node.NodeUtils; * Make sure each user has a home directory available in the default workspace. */ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { + /** The home base path. */ private String homeBasePath = KernelConstants.DEFAULT_HOME_BASE_PATH; -// private String groupsBasePath = KernelConstants.DEFAULT_GROUPS_BASE_PATH; + private String usersBasePath = KernelConstants.DEFAULT_USERS_BASE_PATH; + private String groupsBasePath = KernelConstants.DEFAULT_GROUPS_BASE_PATH; private Set checkedUsers = new HashSet(); - public HomeRepository(Repository repository) { + private SimpleDateFormat usersDatePath = new SimpleDateFormat("YYYY/MM"); + + private final boolean remote; + + public HomeRepository(Repository repository, boolean remote) { super(repository); + this.remote = remote; putDescriptor(NodeConstants.CN, NodeConstants.HOME); - LoginContext lc; - try { - lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_DATA_ADMIN); - lc.login(); - } catch (javax.security.auth.login.LoginException e1) { - throw new CmsException("Cannot login as systrem", e1); - } - Subject.doAs(lc.getSubject(), new PrivilegedAction() { - - @Override - public Void run() { - try { - Session adminSession = getRepository().login(); - initJcr(adminSession); - } catch (RepositoryException e) { - throw new CmsException("Cannot init JCR home", e); - } - return null; + if (!remote) { + LoginContext lc; + try { + lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_DATA_ADMIN); + lc.login(); + } catch (javax.security.auth.login.LoginException e1) { + throw new CmsException("Cannot login as systrem", e1); } + Subject.doAs(lc.getSubject(), new PrivilegedAction() { + + @Override + public Void run() { + try { + Session adminSession = getRepository().login(); + initJcr(adminSession); + } catch (RepositoryException e) { + throw new CmsException("Cannot init JCR home", e); + } + return null; + } - }); + }); + } } @Override protected void processNewSession(Session session) { String username = session.getUserID(); - if (username == null) + if (username == null || username.toString().equals("")) return; if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS)) return; @@ -84,14 +96,14 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { private void initJcr(Session adminSession) { try { JcrUtils.mkdirs(adminSession, homeBasePath); -// JcrUtils.mkdirs(adminSession, groupsBasePath); + JcrUtils.mkdirs(adminSession, groupsBasePath); adminSession.save(); - JcrUtils.addPrivilege(adminSession, homeBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL); -// JcrUtils.addPrivilege(adminSession, groupsBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL); + JcrUtils.addPrivilege(adminSession, homeBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ); + JcrUtils.addPrivilege(adminSession, groupsBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ); adminSession.save(); } catch (RepositoryException e) { - throw new CmsException("Cannot initialize node user admin", e); + throw new CmsException("Cannot initialize home repository", e); } finally { JcrUtils.logoutQuietly(adminSession); } @@ -101,13 +113,14 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { try { Node userHome = NodeUtils.getUserHome(session, username); if (userHome == null) { - String homePath = generateUserPath(homeBasePath, username); + String homePath = generateUserPath(username); if (session.itemExists(homePath))// duplicate user id userHome = session.getNode(homePath).getParent().addNode(JcrUtils.lastPathElement(homePath)); else userHome = JcrUtils.mkdirs(session, homePath); // userHome = JcrUtils.mkfolders(session, homePath); userHome.addMixin(NodeTypes.NODE_USER_HOME); + userHome.addMixin(NodeType.MIX_CREATED); userHome.setProperty(NodeNames.LDAP_UID, username); session.save(); @@ -123,7 +136,7 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { } /** Generate path for a new user home */ - private String generateUserPath(String base, String username) { + private String generateUserPath(String username) { LdapName dn; try { dn = new LdapName(username); @@ -132,23 +145,47 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { } String userId = dn.getRdn(dn.size() - 1).getValue().toString(); int atIndex = userId.indexOf('@'); - if (atIndex > 0) { - String domain = userId.substring(0, atIndex); - String name = userId.substring(atIndex + 1); - return base + '/' + domain + '/' + name; - } else if (atIndex == 0 || atIndex == (userId.length() - 1)) { - throw new CmsException("Unsupported username " + userId); + if (atIndex < 0) { + return homeBasePath + '/' + userId; } else { - return base + '/' + userId; + return usersBasePath + '/' + usersDatePath.format(new Date()) + '/' + userId; } + // if (atIndex > 0) { + // String domain = userId.substring(0, atIndex); + // String name = userId.substring(atIndex + 1); + // return base + '/' + domain + '/' + name; + // } else if (atIndex == 0 || atIndex == (userId.length() - 1)) { + // throw new CmsException("Unsupported username " + userId); + // } else { + // return base + '/' + userId; + // } } - public String getHomeBasePath() { - return homeBasePath; - } + public void createWorkgroup(LdapName dn) { + Session adminSession = KernelUtils.openAdminSession(this); + String cn = dn.getRdn(dn.size() - 1).getValue().toString(); + Node newWorkgroup = NodeUtils.getGroupHome(adminSession, cn); + if (newWorkgroup != null) { + JcrUtils.logoutQuietly(adminSession); + throw new CmsException("Workgroup " + newWorkgroup + " already exists for " + dn); + } + try { + // TODO enhance transformation of cn to a valid node name + // String relPath = cn.replaceAll("[^a-zA-Z0-9]", "_"); + String relPath = JcrUtils.replaceInvalidChars(cn); + newWorkgroup = JcrUtils.mkdirs(adminSession.getNode(groupsBasePath), relPath, NodeType.NT_UNSTRUCTURED); + newWorkgroup.addMixin(NodeTypes.NODE_GROUP_HOME); + newWorkgroup.addMixin(NodeType.MIX_CREATED); + newWorkgroup.setProperty(NodeNames.LDAP_CN, cn); + adminSession.save(); + JcrUtils.addPrivilege(adminSession, newWorkgroup.getPath(), dn.toString(), Privilege.JCR_ALL); + adminSession.save(); + } catch (RepositoryException e) { + throw new CmsException("Cannot create workgroup", e); + } finally { + JcrUtils.logoutQuietly(adminSession); + } -// public String getGroupsBasePath() { -// return groupsBasePath; -// } + } }