X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifUserAdmin.java;h=c5ca49300425ad2910d361b2253c9e5728d7de35;hb=d8b62960ec3c9d991840348c63dc0c8ce980233e;hp=b1e9ceb49808a26f88ede1b0c56c004575fb731b;hpb=40c3800ea57d5de136137e3fb0ff07cf54f2df48;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
index b1e9ceb49..c5ca49300 100644
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
@@ -1,6 +1,10 @@
 package org.argeo.osgi.useradmin;
 
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
 import java.io.InputStream;
+import java.io.OutputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.ArrayList;
@@ -14,8 +18,11 @@ import java.util.TreeMap;
 import javax.naming.InvalidNameException;
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
 import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
 
+import org.apache.commons.io.IOUtils;
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
@@ -30,6 +37,9 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 
 	private Map<String, Map<String, LdifUser>> userIndexes = new LinkedHashMap<String, Map<String, LdifUser>>();
 
+	// private Map<LdapName, List<LdifGroup>> directMemberOf = new
+	// TreeMap<LdapName, List<LdifGroup>>();
+
 	public LdifUserAdmin(String uri) {
 		this(uri, true);
 	}
@@ -46,6 +56,15 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 			throw new UnsupportedOperationException(getUri().getScheme()
 					+ "not supported read-write.");
 
+	}
+
+	public LdifUserAdmin(InputStream in) {
+		load(in);
+		setReadOnly(true);
+		setUri(null);
+	}
+
+	public void init() {
 		try {
 			load(getUri().toURL().openStream());
 		} catch (Exception e) {
@@ -53,10 +72,27 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 		}
 	}
 
-	public LdifUserAdmin(InputStream in) {
-		load(in);
-		setReadOnly(true);
-		setUri(null);
+	public void save() {
+		if (getUri() == null || isReadOnly())
+			throw new ArgeoUserAdminException("Cannot save LDIF user admin");
+		try (FileOutputStream out = new FileOutputStream(new File(getUri()))) {
+			save(out);
+		} catch (IOException e) {
+			throw new ArgeoUserAdminException("Cannot save user admin to "
+					+ getUri(), e);
+		}
+	}
+
+	public void save(OutputStream out) throws IOException {
+		try {
+			LdifWriter ldifWriter = new LdifWriter(out);
+			for (LdapName name : groups.keySet())
+				ldifWriter.writeEntry(name, groups.get(name).getAttributes());
+			for (LdapName name : users.keySet())
+				ldifWriter.writeEntry(name, users.get(name).getAttributes());
+		} finally {
+			IOUtils.closeQuietly(out);
+		}
 	}
 
 	protected void load(InputStream in) {
@@ -73,15 +109,15 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 						users.put(key, new LdifUser(key, attributes));
 						break objectClasses;
 					} else if (objectClass.equals("groupOfNames")) {
-						groups.put(key, new LdifGroup(key, attributes));
+						groups.put(key, new LdifGroup(this, key, attributes));
 						break objectClasses;
 					}
 				}
 			}
 
 			// optimise
-			for (LdifGroup group : groups.values())
-				group.loadMembers(this);
+//			for (LdifGroup group : groups.values())
+//				loadMembers(group);
 
 			// indexes
 			for (String attr : getIndexedUserProperties())
@@ -135,17 +171,67 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 
 	@Override
 	public Authorization getAuthorization(User user) {
-		return new LdifAuthorization((LdifUser) user);
+		return new LdifAuthorization((LdifUser) user,
+				getAllRoles((LdifUser) user));
 	}
 
 	@Override
 	public Role createRole(String name, int type) {
-		throw new UnsupportedOperationException();
+		try {
+			LdapName dn = new LdapName(name);
+			if (users.containsKey(dn) || groups.containsKey(dn))
+				throw new ArgeoUserAdminException("Already a role " + name);
+
+			BasicAttributes attrs = new BasicAttributes();
+			attrs.put("dn", dn.toString());
+			Rdn nameRdn = dn.getRdn(dn.size() - 1);
+			// TODO deal with multiple attr RDN
+			attrs.put(nameRdn.getType(), nameRdn.getValue());
+			LdifUser newRole;
+			if (type == Role.USER) {
+				newRole = new LdifUser(dn, attrs);
+				users.put(dn, newRole);
+			} else if (type == Role.GROUP) {
+				newRole = new LdifGroup(this, dn, attrs);
+				groups.put(dn, (LdifGroup) newRole);
+			} else
+				throw new ArgeoUserAdminException("Unsupported type " + type);
+			return newRole;
+		} catch (InvalidNameException e) {
+			throw new ArgeoUserAdminException("Cannot create role " + name, e);
+		}
 	}
 
 	@Override
 	public boolean removeRole(String name) {
-		throw new UnsupportedOperationException();
+		try {
+			LdapName dn = new LdapName(name);
+			LdifUser role = null;
+			if (users.containsKey(dn))
+				role = users.remove(dn);
+			else if (groups.containsKey(dn))
+				role = groups.remove(dn);
+			else
+				throw new ArgeoUserAdminException("There is no role " + name);
+			if (role == null)
+				return false;
+			for (LdifGroup group : getDirectGroups(role)) {
+//				group.directMembers.remove(role);
+				group.getAttributes().get(group.getMemberAttrName())
+						.remove(dn.toString());
+			}
+			if (role instanceof LdifGroup) {
+				LdifGroup group = (LdifGroup) role;
+				// for (Role user : group.directMembers) {
+				// if (user instanceof LdifUser)
+				// directMemberOf.get(((LdifUser) user).getDn()).remove(
+				// group);
+				// }
+			}
+			return true;
+		} catch (InvalidNameException e) {
+			throw new ArgeoUserAdminException("Cannot create role " + name, e);
+		}
 	}
 
 	@Override
@@ -199,4 +285,54 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 		// throw new UnsupportedOperationException();
 	}
 
+//	protected void loadMembers(LdifGroup group) {
+//		group.directMembers = new ArrayList<Role>();
+//		for (LdapName ldapName : group.getMemberNames()) {
+//			LdifUser role = null;
+//			if (groups.containsKey(ldapName))
+//				role = groups.get(ldapName);
+//			else if (users.containsKey(ldapName))
+//				role = users.get(ldapName);
+//			else {
+//				if (getExternalRoles() != null)
+//					role = (LdifUser) getExternalRoles().getRole(
+//							ldapName.toString());
+//				if (role == null)
+//					throw new ArgeoUserAdminException("No role found for "
+//							+ ldapName);
+//			}
+//			// role.directMemberOf.add(group);
+//			// if (!directMemberOf.containsKey(role.getDn()))
+//			// directMemberOf.put(role.getDn(), new ArrayList<LdifGroup>());
+//			// directMemberOf.get(role.getDn()).add(group);
+//			group.directMembers.add(role);
+//		}
+//	}
+
+	@Override
+	protected List<LdifGroup> getDirectGroups(User user) {
+		LdapName dn;
+		if (user instanceof LdifUser)
+			dn = ((LdifUser) user).getDn();
+		else
+			try {
+				dn = new LdapName(user.getName());
+			} catch (InvalidNameException e) {
+				throw new ArgeoUserAdminException("Badly formatted user name "
+						+ user.getName(), e);
+			}
+
+		List<LdifGroup> directGroups = new ArrayList<LdifGroup>();
+		for (LdapName name : groups.keySet()) {
+			LdifGroup group = groups.get(name);
+			if (group.getMemberNames().contains(dn))
+				directGroups.add(group);
+		}
+		return directGroups;
+		// if (directMemberOf.containsKey(dn))
+		// return Collections.unmodifiableList(directMemberOf.get(dn));
+		// else
+		// return Collections.EMPTY_LIST;
+	}
+
 }