X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=01254b985a64302b84dd22db5e789040143b6461;hb=f9ee9620626e471a99f25e84175e27380d902957;hp=2b2ca0c513ba6028e76679f505b63637ccdc76d8;hpb=a5459b7f0a4ce0463b950efd5c776368fe169256;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java index 2b2ca0c51..01254b985 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java @@ -13,8 +13,10 @@ import java.util.Set; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; +import org.argeo.naming.LdapAttrs; import org.osgi.framework.InvalidSyntaxException; import org.osgi.service.useradmin.Authorization; +import org.osgi.service.useradmin.Group; import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.User; import org.osgi.service.useradmin.UserAdmin; @@ -84,17 +86,43 @@ public class AggregatingUserAdmin implements UserAdmin { } UserAdmin userAdmin = findUserAdmin(user.getName()); Authorization rawAuthorization = userAdmin.getAuthorization(user); + String usernameToUse; + String displayNameToUse; + if (user instanceof Group) {// tokens + String ownerDn = (String) user.getProperties().get(LdapAttrs.owner.name()); + if (ownerDn != null) { + UserAdmin ownerUserAdmin = findUserAdmin(ownerDn); + User ownerUser = (User) ownerUserAdmin.getRole(ownerDn); + usernameToUse = ownerDn; + displayNameToUse = LdifAuthorization.extractDisplayName(ownerUser); + } else { + throw new UserDirectoryException( + "Cannot get authorization for group " + user.getName() + " without owner"); + } + } else {// regular users + usernameToUse = rawAuthorization.getName(); + displayNameToUse = rawAuthorization.toString(); + } // gather system roles Set sysRoles = new HashSet(); for (String role : rawAuthorization.getRoles()) { Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role)); sysRoles.addAll(Arrays.asList(auth.getRoles())); } - Authorization authorization = new AggregatingAuthorization(rawAuthorization.getName(), - rawAuthorization.toString(), sysRoles, rawAuthorization.getRoles()); + addAbstractSystemRoles(rawAuthorization, sysRoles); + Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles, + rawAuthorization.getRoles()); return authorization; } + /** + * Enrich with application-specific roles which are strictly programmatic, such + * as anonymous/user semantics. + */ + protected void addAbstractSystemRoles(Authorization rawAuthorization, Set sysRoles) { + + } + // // USER ADMIN AGGREGATOR // @@ -130,8 +158,11 @@ public class AggregatingUserAdmin implements UserAdmin { return systemRoles; List res = new ArrayList(1); for (LdapName baseDn : businessRoles.keySet()) { - if (name.startsWith(baseDn)) - res.add(businessRoles.get(baseDn)); + if (name.startsWith(baseDn)) { + AbstractUserDirectory ud = businessRoles.get(baseDn); + if (!ud.isDisabled()) + res.add(ud); + } } if (res.size() == 0) throw new UserDirectoryException("Cannot find user admin for " + name); @@ -181,8 +212,8 @@ public class AggregatingUserAdmin implements UserAdmin { } /** - * Called before each user directory is destroyed, so that additional - * actions can be performed. + * Called before each user directory is destroyed, so that additional actions + * can be performed. */ protected void preDestroy(AbstractUserDirectory userDirectory) { }