Allow regular user to be data admin

git-svn-id: https://svn.argeo.org/commons/trunk@9287 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/org.argeo.ext.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/org.argeo.ext.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
index fde490d2edb9273cdc62453225e40d2a849ebfdb..15199c0ce6df15eee4c9692d1d15ef9048bc3916 100644 (file)
--- a/org.argeo.ext.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
+++ b/org.argeo.ext.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
@@ -64,6 +64,18 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
                                throw new IllegalStateException("Inconsistent " + subject);
                        else
                                return NodeConstants.ROLE_ANONYMOUS;
+               } else if (isRegularUser) {// must be before DataAdmin
+                       if (isAnonymous || isJackrabbitSystem)
+                               throw new IllegalStateException("Inconsistent " + subject);
+                       else {
+                               if (userPrincipal.size() > 1) {
+                                       StringBuilder buf = new StringBuilder();
+                                       for (X500Principal principal : userPrincipal)
+                                               buf.append(' ').append('\"').append(principal).append('\"');
+                                       throw new RuntimeException("Multiple user principals:" + buf);
+                               }
+                               return userPrincipal.iterator().next().getName();
+                       }
                } else if (isDataAdmin) {
                        if (isAnonymous || isJackrabbitSystem || isRegularUser)
                                throw new IllegalStateException("Inconsistent " + subject);
@@ -76,18 +88,6 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
                                throw new IllegalStateException("Inconsistent " + subject);
                        else
                                return super.getUserID(subject, workspaceName);
-               } else if (isRegularUser) {
-                       if (isAnonymous || isDataAdmin || isJackrabbitSystem)
-                               throw new IllegalStateException("Inconsistent " + subject);
-                       else {
-                               if (userPrincipal.size() > 1) {
-                                       StringBuilder buf = new StringBuilder();
-                                       for (X500Principal principal : userPrincipal)
-                                               buf.append(' ').append('\"').append(principal).append('\"');
-                                       throw new RuntimeException("Multiple user principals:" + buf);
-                               }
-                               return userPrincipal.iterator().next().getName();
-                       }
                } else {
                        throw new IllegalStateException("Unrecognized subject type: " + subject);
                }