X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifUserAdmin.java;h=dacae7964f1ee74a24415529655fbd7940133a44;hb=e86e3691db8b4a426a6d5fd3cf255dc82fe05fc1;hp=b1e9ceb49808a26f88ede1b0c56c004575fb731b;hpb=dd3d0d60b62c99810eca8619a376b66dbca5e44d;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
index b1e9ceb49..dacae7964 100644
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
@@ -14,7 +14,9 @@ import java.util.TreeMap;
 import javax.naming.InvalidNameException;
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
 import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
 
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
@@ -46,11 +48,6 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 			throw new UnsupportedOperationException(getUri().getScheme()
 					+ "not supported read-write.");
 
-		try {
-			load(getUri().toURL().openStream());
-		} catch (Exception e) {
-			throw new ArgeoUserAdminException("Cannot open URL " + getUri(), e);
-		}
 	}
 
 	public LdifUserAdmin(InputStream in) {
@@ -59,6 +56,14 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 		setUri(null);
 	}
 
+	public void init() {
+		try {
+			load(getUri().toURL().openStream());
+		} catch (Exception e) {
+			throw new ArgeoUserAdminException("Cannot open URL " + getUri(), e);
+		}
+	}
+
 	protected void load(InputStream in) {
 		try {
 			LdifParser ldifParser = new LdifParser();
@@ -81,7 +86,7 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 
 			// optimise
 			for (LdifGroup group : groups.values())
-				group.loadMembers(this);
+				loadMembers(group);
 
 			// indexes
 			for (String attr : getIndexedUserProperties())
@@ -140,12 +145,60 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 
 	@Override
 	public Role createRole(String name, int type) {
-		throw new UnsupportedOperationException();
+		try {
+			LdapName dn = new LdapName(name);
+			if (users.containsKey(dn) || groups.containsKey(dn))
+				throw new ArgeoUserAdminException("Already a role " + name);
+
+			BasicAttributes attrs = new BasicAttributes();
+			attrs.put("dn", dn.toString());
+			Rdn nameRdn = dn.getRdn(dn.size() - 1);
+			// TODO deal with multiple attr RDN
+			attrs.put(nameRdn.getType(), nameRdn.getValue());
+			LdifUser newRole;
+			if (type == Role.USER) {
+				newRole = new LdifUser(dn, attrs);
+				users.put(dn, newRole);
+			} else if (type == Role.GROUP) {
+				newRole = new LdifGroup(dn, attrs);
+				groups.put(dn, (LdifGroup) newRole);
+			} else
+				throw new ArgeoUserAdminException("Unsupported type " + type);
+			return newRole;
+		} catch (InvalidNameException e) {
+			throw new ArgeoUserAdminException("Cannot create role " + name, e);
+		}
 	}
 
 	@Override
 	public boolean removeRole(String name) {
-		throw new UnsupportedOperationException();
+		try {
+			LdapName dn = new LdapName(name);
+			LdifUser role = null;
+			if (users.containsKey(dn))
+				role = users.remove(dn);
+			else if (groups.containsKey(dn))
+				role = groups.remove(dn);
+			else
+				throw new ArgeoUserAdminException("There is no role " + name);
+			if (role == null)
+				return false;
+			for (LdifGroup group : role.directMemberOf) {
+				group.directMembers.remove(role);
+				group.getAttributes().get(group.getMemberAttrName())
+						.remove(dn.toString());
+			}
+			if (role instanceof LdifGroup) {
+				LdifGroup group = (LdifGroup) role;
+				for (Role user : group.directMembers) {
+					if (user instanceof LdifUser)
+						((LdifUser) user).directMemberOf.remove(group);
+				}
+			}
+			return true;
+		} catch (InvalidNameException e) {
+			throw new ArgeoUserAdminException("Cannot create role " + name, e);
+		}
 	}
 
 	@Override
@@ -199,4 +252,25 @@ public class LdifUserAdmin extends AbstractLdapUserAdmin {
 		// throw new UnsupportedOperationException();
 	}
 
+	protected void loadMembers(LdifGroup group) {
+		group.directMembers = new ArrayList<Role>();
+		for (LdapName ldapName : group.getMemberNames()) {
+			LdifUser role = null;
+			if (groups.containsKey(ldapName))
+				role = groups.get(ldapName);
+			else if (users.containsKey(ldapName))
+				role = users.get(ldapName);
+			else {
+				if (getExternalRoles() != null)
+					role = (LdifUser) getExternalRoles().getRole(
+							ldapName.toString());
+				if (role == null)
+					throw new ArgeoUserAdminException("No role found for "
+							+ ldapName);
+			}
+			role.directMemberOf.add(group);
+			group.directMembers.add(role);
+		}
+	}
+
 }