xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
- <!-- USERS & GROUPS CRUDS -->
+ <!-- USERS CRUDS -->
<bean id="newUser" class="org.argeo.security.ui.admin.internal.commands.NewUser"
scope="prototype">
<property name="userAdminWrapper" ref="userAdminWrapper" />
</bean>
-
- <bean id="newGroup" class="org.argeo.security.ui.admin.internal.commands.NewGroup"
+ <bean id="deleteUsers"
+ class="org.argeo.security.ui.admin.internal.commands.DeleteUsers"
scope="prototype">
<property name="userAdminWrapper" ref="userAdminWrapper" />
</bean>
- <bean id="deleteUsers" class="org.argeo.security.ui.admin.internal.commands.DeleteUsers"
+ <bean id="userBatchUpdate"
+ class="org.argeo.security.ui.admin.internal.commands.UserBatchUpdate"
scope="prototype">
<property name="userAdminWrapper" ref="userAdminWrapper" />
</bean>
- <bean id="deleteGroups" class="org.argeo.security.ui.admin.internal.commands.DeleteGroups"
+ <!-- GROUPS CRUDS -->
+ <bean id="newGroup" class="org.argeo.security.ui.admin.internal.commands.NewGroup"
+ scope="prototype">
+ <property name="userAdminWrapper" ref="userAdminWrapper" />
+ </bean>
+ <bean id="deleteGroups"
+ class="org.argeo.security.ui.admin.internal.commands.DeleteGroups"
scope="prototype">
<property name="userAdminWrapper" ref="userAdminWrapper" />
</bean>
-
- <!-- <bean id="userBatchUpdate" class="org.argeo.security.ui.admin.internal.commands.UserBatchUpdate"
- scope="prototype"> <property name="repository" ref="nodeRepository" /> <property
- name="userAdminService" ref="userAdminService" /> </bean> -->
<!-- TRANSACTIONS -->
<bean id="userTransactionHandler"
defaultHandler="org.argeo.eclipse.spring.SpringCommandHandler"
name="Delete User">
</command>
+ <command
+ defaultHandler="org.argeo.eclipse.spring.SpringCommandHandler"
+ id="org.argeo.security.ui.admin.userBatchUpdate"
+ name="User batch update">
+ </command>
<!-- Group CRUD -->
<command
id="org.argeo.security.ui.admin.newGroup"
id="org.argeo.security.ui.admin.forceRefresh"
name="Force Refresh">
</command>
- <!--
- <command
- defaultHandler="org.argeo.eclipse.spring.SpringCommandHandler"
- id="org.argeo.security.ui.admin.userBatchUpdate"
- name="User batch update">
- </command> -->
</extension>
<!-- MENU CONTRIBUTIONS -->
<menuContribution
locationURI="toolbar:org.argeo.security.ui.rap.userToolbar?after=org.eclipse.ui.file.saveAll">
<!-- Transaction management -->
-<!-- <command
- commandId="org.argeo.security.ui.admin.userTransactionHandler"
- icon="icons/begin.gif"
- label="Begin Transaction"
- style="push"
- tooltip="Begin a user transaction">
- <parameter name="param.commandId" value="transaction.begin" />
- </command>-->
-
<command
commandId="org.argeo.security.ui.admin.userTransactionHandler"
icon="icons/commit.gif"
label="Add User"
tooltip="Create a new user">
</command>
- <!--<command
+ <command
commandId="org.argeo.security.ui.admin.userBatchUpdate"
icon="icons/batch.gif"
label="Update users"
tooltip="Perform maintenance activities on a list of chosen users">
- </command>-->
+ </command>
</menuContribution>
<!-- GroupsView specific toolbar menu -->
import java.security.AccessController;
import java.util.List;
+import java.util.Set;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.transaction.UserTransaction;
import org.argeo.ArgeoException;
+import org.argeo.cms.auth.AuthConstants;
+import org.argeo.cms.auth.CurrentUser;
import org.argeo.osgi.useradmin.LdifName;
import org.argeo.security.ui.admin.internal.providers.UserTransactionProvider;
import org.eclipse.ui.IWorkbenchWindow;
return getUsername(getUser(userAdmin, dn));
}
+ /** Returns true if the current user is in the specified role */
+ public static boolean isUserInRole(String role) {
+ Set<String> roles = CurrentUser.roles();
+ return roles.contains(role);
+ }
+
public final static boolean isCurrentUser(User user) {
String userName = getProperty(user, LdifName.dn.name());
try {
/** Simply retrieves a display name of the relevant domain */
public final static String getDomainName(User user) {
String dn = (String) user.getProperties().get(LdifName.dn.name());
- if (dn.endsWith(UserAdminConstants.SYSTEM_ROLE_BASE_DN))
+ if (dn.endsWith(AuthConstants.ROLES_BASEDN))
return "System roles";
try {
LdapName name;
+++ /dev/null
-package org.argeo.security.ui.admin.internal;
-
-/** Temporary centralization of the user admin constants */
-public interface UserAdminConstants {
-
- // TO BE CLEANED
- public final static String SYSTEM_ROLE_BASE_DN = "ou=roles,ou=node";
-
-}
\ No newline at end of file
import javax.transaction.UserTransaction;
import org.argeo.ArgeoException;
+import org.argeo.cms.auth.AuthConstants;
import org.argeo.osgi.useradmin.UserAdminConf;
import org.osgi.framework.ServiceReference;
import org.osgi.service.useradmin.UserAdmin;
}
/** Must be called from the UI Thread. */
- public void beginTransactionIfNeeded() {
+ public UserTransaction beginTransactionIfNeeded() {
try {
if (userTransaction.getStatus() == Status.STATUS_NO_TRANSACTION) {
userTransaction.begin();
UiAdminUtils.notifyTransactionStateChange(userTransaction);
}
+ return userTransaction;
} catch (Exception e) {
throw new ArgeoException("Unable to begin transaction", e);
}
if (onlyWritable && "true".equals(readOnly))
continue;
- if (baseDn.equalsIgnoreCase(UserAdminConstants.SYSTEM_ROLE_BASE_DN))
+ if (baseDn.equalsIgnoreCase(AuthConstants.ROLES_BASEDN))
continue;
dns.add(baseDn);
}
public Object execute(ExecutionEvent event) throws ExecutionException {
NewGroupWizard newGroupWizard = new NewGroupWizard();
+ newGroupWizard.setWindowTitle("Group creation");
WizardDialog dialog = new WizardDialog(
HandlerUtil.getActiveShell(event), newGroupWizard);
- dialog.setTitle("Create a new group");
dialog.open();
return null;
}
public void addPages() {
mainGroupInfo = new MainGroupInfoWizardPage();
addPage(mainGroupInfo);
-
- setWindowTitle("Create a new group");
- // mainGroupInfo.setMessage(message, WizardPage.WARNING);
}
@SuppressWarnings({ "rawtypes", "unchecked" })
public MainGroupInfoWizardPage() {
super("Main");
setTitle("General information");
- setMessage("Please provide a common name and a free description");
+ setMessage("Please choose a domain, provide a common name "
+ + "and a free description");
}
@Override
Composite bodyCmp = new Composite(parent, SWT.NONE);
bodyCmp.setLayout(new GridLayout(2, false));
dNameTxt = EclipseUiUtils.createGridLT(bodyCmp,
- "Distinguished name", this);
+ "Distinguished name"); // Read-only -> no listener
dNameTxt.setEnabled(false);
- baseDnCmb = createGridLC(bodyCmp, "Base DN", this);
+ baseDnCmb = createGridLC(bodyCmp, "Base DN");
+ // Initialise before adding the listener top avoid NPE
initialiseDnCmb(baseDnCmb);
+ baseDnCmb.addModifyListener(this);
baseDnCmb.addModifyListener(new ModifyListener() {
private static final long serialVersionUID = -1435351236582736843L;
public void setVisible(boolean visible) {
super.setVisible(visible);
if (visible)
- commonNameTxt.setFocus();
+ if (baseDnCmb.getSelectionIndex() == -1)
+ baseDnCmb.setFocus();
+ else
+ commonNameTxt.setFocus();
}
}
throw new ArgeoException(
"No writable base dn found. Cannot create user");
combo.setItems(dns.toArray(new String[0]));
- // combo.select(0);
+ if (dns.size() == 1)
+ combo.select(0);
}
}
- private Combo createGridLC(Composite parent, String label,
- ModifyListener modifyListener) {
+ private Combo createGridLC(Composite parent, String label) {
Label lbl = new Label(parent, SWT.LEAD);
lbl.setText(label);
lbl.setLayoutData(new GridData(SWT.RIGHT, SWT.CENTER, false, false));
Combo combo = new Combo(parent, SWT.LEAD | SWT.BORDER | SWT.READ_ONLY);
combo.setLayoutData(new GridData(SWT.FILL, SWT.CENTER, true, false));
- if (modifyListener != null)
- combo.addModifyListener(modifyListener);
return combo;
}
public Object execute(ExecutionEvent event) throws ExecutionException {
NewUserWizard newUserWizard = new NewUserWizard();
+ newUserWizard.setWindowTitle("User creation");
WizardDialog dialog = new WizardDialog(
HandlerUtil.getActiveShell(event), newUserWizard);
dialog.open();
private Combo baseDnCmb;
public NewUserWizard() {
+
}
@Override
public void addPages() {
mainUserInfo = new MainUserInfoWizardPage();
addPage(mainUserInfo);
- String message = "Dummy wizard to ease user creation tests:\n Mail and last name are automatically "
+ String message = "Default wizard that also eases user creation tests:\n "
+ + "Mail and last name are automatically "
+ "generated form the uid. Password are defauted to 'demo'.";
mainUserInfo.setMessage(message, WizardPage.WARNING);
}
"Distinguished name", this);
dNameTxt.setEnabled(false);
- baseDnCmb = createGridLC(composite, "Base DN", this);
+ baseDnCmb = createGridLC(composite, "Base DN");
initialiseDnCmb(baseDnCmb);
+ baseDnCmb.addModifyListener(this);
baseDnCmb.addModifyListener(new ModifyListener() {
private static final long serialVersionUID = -1435351236582736843L;
public void setVisible(boolean visible) {
super.setVisible(visible);
if (visible)
- usernameTxt.setFocus();
+ if (baseDnCmb.getSelectionIndex() == -1)
+ baseDnCmb.setFocus();
+ else
+ usernameTxt.setFocus();
}
public String getUsername() {
throw new ArgeoException(
"No writable base dn found. Cannot create user");
combo.setItems(dns.toArray(new String[0]));
- // combo.select(0);
+ if (dns.size() == 1)
+ combo.select(0);
}
private String getMail(String username) {
+ username + " with base dn " + baseDn, e);
}
}
-
}
- private Combo createGridLC(Composite parent, String label,
- ModifyListener modifyListener) {
+ private Combo createGridLC(Composite parent, String label) {
Label lbl = new Label(parent, SWT.LEAD);
lbl.setText(label);
lbl.setLayoutData(new GridData(SWT.RIGHT, SWT.CENTER, false, false));
Combo combo = new Combo(parent, SWT.LEAD | SWT.BORDER | SWT.READ_ONLY);
combo.setLayoutData(new GridData(SWT.FILL, SWT.CENTER, true, false));
- if (modifyListener != null)
- combo.addModifyListener(modifyListener);
return combo;
}
*/
package org.argeo.security.ui.admin.internal.commands;
+import org.argeo.security.ui.admin.internal.UserAdminWrapper;
+import org.argeo.security.ui.admin.internal.parts.UserBatchUpdateWizard;
import org.eclipse.core.commands.AbstractHandler;
import org.eclipse.core.commands.ExecutionEvent;
import org.eclipse.core.commands.ExecutionException;
+import org.eclipse.jface.wizard.WizardDialog;
+import org.eclipse.ui.handlers.HandlerUtil;
-/** Launch a wizard to update various properties about users in JCR. */
+/** Launch a wizard to perform batch process on users */
public class UserBatchUpdate extends AbstractHandler {
- // private Repository repository;
- // private UserAdminService userAdminService;
+
+ /* DEPENDENCY INJECTION */
+ private UserAdminWrapper uaWrapper;
public Object execute(ExecutionEvent event) throws ExecutionException {
- // Session session = null;
- // try {
- // session = repository.login();
- // UserBatchUpdateWizard userBatchUpdateWizard = new
- // UserBatchUpdateWizard(
- // session, userAdminService);
- // WizardDialog dialog = new WizardDialog(
- // HandlerUtil.getActiveShell(event), userBatchUpdateWizard);
- // dialog.open();
- // } catch (Exception e) {
- // throw new ExecutionException("Cannot open wizard", e);
- // } finally {
- // JcrUtils.logoutQuietly(session);
- // }
+ UserBatchUpdateWizard wizard = new UserBatchUpdateWizard(uaWrapper);
+ wizard.setWindowTitle("User batch processing");
+ WizardDialog dialog = new WizardDialog(
+ HandlerUtil.getActiveShell(event), wizard);
+ dialog.open();
return null;
}
-// public void setRepository(Repository repository) {
-// this.repository = repository;
-// }
- //
- // public void setUserAdminService(UserAdminService userAdminService) {
- // this.userAdminService = userAdminService;
- // }
-
- // public void setJcrSecurityModel(JcrSecurityModel jcrSecurityModel) {
- // this.jcrSecurityModel = jcrSecurityModel;
- // }
-
-}
+ public void setUserAdminWrapper(UserAdminWrapper userAdminWrapper) {
+ this.uaWrapper = userAdminWrapper;
+ }
+}
\ No newline at end of file
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.ArgeoException;
+import org.argeo.cms.auth.AuthConstants;
import org.argeo.eclipse.ui.ColumnDefinition;
import org.argeo.eclipse.ui.EclipseUiUtils;
import org.argeo.eclipse.ui.parts.LdifUsersTable;
import org.argeo.osgi.useradmin.LdifName;
import org.argeo.security.ui.admin.SecurityAdminPlugin;
import org.argeo.security.ui.admin.internal.UiAdminUtils;
-import org.argeo.security.ui.admin.internal.UserAdminConstants;
import org.argeo.security.ui.admin.internal.UserAdminWrapper;
import org.argeo.security.ui.admin.internal.providers.CommonNameLP;
import org.argeo.security.ui.admin.internal.providers.DomainNameLP;
@Override
public void createPartControl(Composite parent) {
parent.setLayout(EclipseUiUtils.noSpaceGridLayout());
+
+ boolean isAdmin = UiAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN);
+
// Define the displayed columns
columnDefs.add(new ColumnDefinition(new RoleIconLP(), "", 26));
columnDefs.add(new ColumnDefinition(new CommonNameLP(), "Common Name",
150));
- columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain", 120));
- columnDefs.add(new ColumnDefinition(new UserNameLP(),
- "Distinguished Name", 300));
+ columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain", 200));
+ // Only show technical DN to admin
+ if (isAdmin)
+ columnDefs.add(new ColumnDefinition(new UserNameLP(),
+ "Distinguished Name", 300));
// Create and configure the table
groupTableViewerCmp = new MyUserTableViewer(parent, SWT.MULTI
| SWT.H_SCROLL | SWT.V_SCROLL);
groupTableViewerCmp.setColumnDefinitions(columnDefs);
- groupTableViewerCmp.populateWithStaticFilters(false, false);
+ if (isAdmin)
+ groupTableViewerCmp.populateWithStaticFilters(false, false);
+ else
+ groupTableViewerCmp.populate(true, false);
+
groupTableViewerCmp.setLayoutData(EclipseUiUtils.fillAll());
// Links
private class MyUserTableViewer extends LdifUsersTable {
private static final long serialVersionUID = 8467999509931900367L;
- private Button showSystemRoleBtn;
+ private boolean showSystemRoles = false;
private final String[] knownProps = { LdifName.uid.name(),
LdifName.cn.name(), LdifName.dn.name() };
protected void populateStaticFilters(Composite staticFilterCmp) {
staticFilterCmp.setLayout(new GridLayout());
- showSystemRoleBtn = new Button(staticFilterCmp, SWT.CHECK);
+ final Button showSystemRoleBtn = new Button(staticFilterCmp,
+ SWT.CHECK);
showSystemRoleBtn.setText("Show system roles");
showSystemRoleBtn.addSelectionListener(new SelectionAdapter() {
private static final long serialVersionUID = -7033424592697691676L;
@Override
public void widgetSelected(SelectionEvent e) {
+ showSystemRoles = showSystemRoleBtn.getSelection();
refresh();
}
builder.append("(&(").append(LdifName.objectClass.name())
.append("=").append(LdifName.groupOfNames.name())
.append(")");
- if (!showSystemRoleBtn.getSelection())
+ if (!showSystemRoles)
builder.append("(!(").append(LdifName.dn.name())
.append("=*")
- .append(UserAdminConstants.SYSTEM_ROLE_BASE_DN)
+ .append(AuthConstants.ROLES_BASEDN)
.append("))");
builder.append("(|");
builder.append(tmpBuilder.toString());
builder.append("))");
} else {
- if (!showSystemRoleBtn.getSelection())
+ if (!showSystemRoles)
builder.append("(&(")
.append(LdifName.objectClass.name())
.append("=")
.append(LdifName.groupOfNames.name())
.append(")(!(").append(LdifName.dn.name())
.append("=*")
- .append(UserAdminConstants.SYSTEM_ROLE_BASE_DN)
+ .append(AuthConstants.ROLES_BASEDN)
.append(")))");
else
builder.append("(").append(LdifName.objectClass.name())
--- /dev/null
+package org.argeo.security.ui.admin.internal.parts;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.transaction.SystemException;
+import javax.transaction.UserTransaction;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.ArgeoException;
+import org.argeo.cms.auth.AuthConstants;
+import org.argeo.eclipse.ui.ColumnDefinition;
+import org.argeo.eclipse.ui.EclipseUiUtils;
+import org.argeo.eclipse.ui.parts.LdifUsersTable;
+import org.argeo.jcr.ArgeoNames;
+import org.argeo.osgi.useradmin.LdifName;
+import org.argeo.security.ui.admin.internal.UiAdminUtils;
+import org.argeo.security.ui.admin.internal.UserAdminWrapper;
+import org.argeo.security.ui.admin.internal.providers.CommonNameLP;
+import org.argeo.security.ui.admin.internal.providers.DomainNameLP;
+import org.argeo.security.ui.admin.internal.providers.MailLP;
+import org.argeo.security.ui.admin.internal.providers.UserNameLP;
+import org.eclipse.jface.dialogs.IPageChangeProvider;
+import org.eclipse.jface.dialogs.IPageChangedListener;
+import org.eclipse.jface.dialogs.MessageDialog;
+import org.eclipse.jface.dialogs.PageChangedEvent;
+import org.eclipse.jface.wizard.IWizardContainer;
+import org.eclipse.jface.wizard.Wizard;
+import org.eclipse.jface.wizard.WizardPage;
+import org.eclipse.swt.SWT;
+import org.eclipse.swt.events.ModifyEvent;
+import org.eclipse.swt.events.ModifyListener;
+import org.eclipse.swt.events.SelectionAdapter;
+import org.eclipse.swt.events.SelectionEvent;
+import org.eclipse.swt.layout.GridData;
+import org.eclipse.swt.layout.GridLayout;
+import org.eclipse.swt.widgets.Button;
+import org.eclipse.swt.widgets.Combo;
+import org.eclipse.swt.widgets.Composite;
+import org.eclipse.swt.widgets.Text;
+import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.service.useradmin.Role;
+import org.osgi.service.useradmin.User;
+
+/** Wizard to update users */
+public class UserBatchUpdateWizard extends Wizard {
+
+ private final static Log log = LogFactory
+ .getLog(UserBatchUpdateWizard.class);
+ private UserAdminWrapper userAdminWrapper;
+
+ // pages
+ private ChooseCommandWizardPage chooseCommandPage;
+ private ChooseUsersWizardPage userListPage;
+ private ValidateAndLaunchWizardPage validatePage;
+
+ // Various implemented commands keys
+ private final static String CMD_UPDATE_PASSWORD = "resetPassword";
+ private final static String CMD_GROUP_MEMBERSHIP = "groupMembership";
+
+ private final Map<String, String> commands = new HashMap<String, String>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put("Reset password(s)", CMD_UPDATE_PASSWORD);
+ // TODO implement role / group management
+ // put("Add/Remove from group", CMD_GROUP_MEMBERSHIP);
+ }
+ };
+
+ public UserBatchUpdateWizard(UserAdminWrapper userAdminWrapper) {
+ this.userAdminWrapper = userAdminWrapper;
+ }
+
+ @Override
+ public void addPages() {
+ chooseCommandPage = new ChooseCommandWizardPage();
+ addPage(chooseCommandPage);
+ userListPage = new ChooseUsersWizardPage();
+ addPage(userListPage);
+ validatePage = new ValidateAndLaunchWizardPage();
+ addPage(validatePage);
+ }
+
+ @Override
+ public boolean performFinish() {
+ if (!canFinish())
+ return false;
+ UserTransaction ut = userAdminWrapper.getUserTransaction();
+ try {
+ if (ut.getStatus() != javax.transaction.Status.STATUS_NO_TRANSACTION
+ && !MessageDialog.openConfirm(getShell(),
+ "Existing Transaction",
+ "A user transaction is already existing, "
+ + "are you sure you want to proceed ?"))
+ return false;
+ } catch (SystemException e) {
+ throw new ArgeoException("Cannot get user transaction state "
+ + "before user batch update", e);
+ }
+
+ // We cannot use jobs, user modifications are still meant to be done in
+ // the UIThread
+ // UpdateJob job = null;
+ // if (job != null)
+ // job.schedule();
+
+ if (CMD_UPDATE_PASSWORD.equals(chooseCommandPage.getCommand())) {
+ char[] newValue = chooseCommandPage.getPwdValue();
+ if (newValue == null)
+ throw new ArgeoException(
+ "Password cannot be null or an empty string");
+ ResetPassword job = new ResetPassword(userAdminWrapper,
+ userListPage.getSelectedUsers(), newValue);
+ job.doUpdate();
+ }
+ return true;
+ }
+
+ public boolean canFinish() {
+ if (this.getContainer().getCurrentPage() == validatePage)
+ return true;
+ return false;
+ }
+
+ private class ResetPassword {
+ private char[] newPwd;
+ private UserAdminWrapper userAdminWrapper;
+ private List<User> usersToUpdate;
+
+ public ResetPassword(UserAdminWrapper userAdminWrapper,
+ List<User> usersToUpdate, char[] newPwd) {
+ this.newPwd = newPwd;
+ this.usersToUpdate = usersToUpdate;
+ this.userAdminWrapper = userAdminWrapper;
+ }
+
+ @SuppressWarnings("unchecked")
+ protected void doUpdate() {
+ UserTransaction userTransaction = userAdminWrapper
+ .beginTransactionIfNeeded();
+ try {
+ for (User user : usersToUpdate) {
+ // the char array is emptied after being used.
+ user.getCredentials().put(null, newPwd.clone());
+ }
+ userTransaction.commit();
+ UiAdminUtils.notifyTransactionStateChange(userTransaction);
+ } catch (Exception e) {
+ throw new ArgeoException(
+ "Cannot perform batch update on users", e);
+ } finally {
+ UserTransaction ut = userAdminWrapper.getUserTransaction();
+ try {
+ if (ut.getStatus() != javax.transaction.Status.STATUS_NO_TRANSACTION)
+ ut.rollback();
+ } catch (IllegalStateException | SecurityException
+ | SystemException e) {
+ log.error("Unable to rollback session in 'finally', "
+ + "the system might be in a dirty state");
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+
+ // @SuppressWarnings("unused")
+ // private class AddToGroup extends UpdateJob {
+ // private String groupID;
+ // private Session session;
+ //
+ // public AddToGroup(Session session, List<Node> nodesToUpdate,
+ // String groupID) {
+ // super(session, nodesToUpdate);
+ // this.session = session;
+ // this.groupID = groupID;
+ // }
+ //
+ // protected void doUpdate(Node node) {
+ // log.info("Add/Remove to group actions are not yet implemented");
+ // // TODO implement this
+ // // try {
+ // // throw new ArgeoException("Not yet implemented");
+ // // } catch (RepositoryException re) {
+ // // throw new ArgeoException(
+ // // "Unable to update boolean value for node " + node, re);
+ // // }
+ // }
+ // }
+
+ // /**
+ // * Base privileged job that will be run asynchronously to perform the
+ // batch
+ // * update
+ // */
+ // private abstract class UpdateJob extends PrivilegedJob {
+ //
+ // private final UserAdminWrapper userAdminWrapper;
+ // private final List<User> usersToUpdate;
+ //
+ // protected abstract void doUpdate(User user);
+ //
+ // public UpdateJob(UserAdminWrapper userAdminWrapper,
+ // List<User> usersToUpdate) {
+ // super("Perform update");
+ // this.usersToUpdate = usersToUpdate;
+ // this.userAdminWrapper = userAdminWrapper;
+ // }
+ //
+ // @Override
+ // protected IStatus doRun(IProgressMonitor progressMonitor) {
+ // try {
+ // ArgeoMonitor monitor = new EclipseArgeoMonitor(progressMonitor);
+ // int total = usersToUpdate.size();
+ // monitor.beginTask("Performing change", total);
+ // userAdminWrapper.beginTransactionIfNeeded();
+ // for (User user : usersToUpdate) {
+ // doUpdate(user);
+ // monitor.worked(1);
+ // }
+ // userAdminWrapper.getUserTransaction().commit();
+ // } catch (Exception e) {
+ // throw new ArgeoException(
+ // "Cannot perform batch update on users", e);
+ // } finally {
+ // UserTransaction ut = userAdminWrapper.getUserTransaction();
+ // try {
+ // if (ut.getStatus() != javax.transaction.Status.STATUS_NO_TRANSACTION)
+ // ut.rollback();
+ // } catch (IllegalStateException | SecurityException
+ // | SystemException e) {
+ // log.error("Unable to rollback session in 'finally', "
+ // + "the system might be in a dirty state");
+ // e.printStackTrace();
+ // }
+ // }
+ // return Status.OK_STATUS;
+ // }
+ // }
+
+ // PAGES
+ /** Displays a combo box that enables user to choose which action to perform */
+ private class ChooseCommandWizardPage extends WizardPage {
+ private static final long serialVersionUID = -8069434295293996633L;
+ private Combo chooseCommandCmb;
+ private Button trueChk;
+ private Text valueTxt;
+ private Text pwdTxt;
+ private Text pwd2Txt;
+
+ public ChooseCommandWizardPage() {
+ super("Choose a command to run.");
+ setTitle("Choose a command to run.");
+ }
+
+ @Override
+ public void createControl(Composite parent) {
+ GridLayout gl = new GridLayout();
+ Composite container = new Composite(parent, SWT.NO_FOCUS);
+ container.setLayout(gl);
+
+ chooseCommandCmb = new Combo(container, SWT.READ_ONLY);
+ chooseCommandCmb.setLayoutData(EclipseUiUtils.fillWidth());
+ String[] values = commands.keySet().toArray(new String[0]);
+ chooseCommandCmb.setItems(values);
+
+ final Composite bottomPart = new Composite(container, SWT.NO_FOCUS);
+ bottomPart.setLayoutData(EclipseUiUtils.fillAll());
+ bottomPart.setLayout(EclipseUiUtils.noSpaceGridLayout());
+
+ chooseCommandCmb.addSelectionListener(new SelectionAdapter() {
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void widgetSelected(SelectionEvent e) {
+ if (getCommand().equals(CMD_UPDATE_PASSWORD))
+ populatePasswordCmp(bottomPart);
+ else if (getCommand().equals(CMD_GROUP_MEMBERSHIP))
+ populateGroupCmp(bottomPart);
+ else
+ populateBooleanFlagCmp(bottomPart);
+ checkPageComplete();
+ bottomPart.layout(true, true);
+ }
+ });
+ setControl(container);
+ }
+
+ private void populateBooleanFlagCmp(Composite parent) {
+ EclipseUiUtils.clear(parent);
+ trueChk = new Button(parent, SWT.CHECK);
+ trueChk.setText("Do it. (It will to the contrary if unchecked)");
+ trueChk.setSelection(true);
+ trueChk.setLayoutData(new GridData(SWT.LEFT, SWT.TOP, false, false));
+ }
+
+ private void populatePasswordCmp(Composite parent) {
+ EclipseUiUtils.clear(parent);
+ Composite body = new Composite(parent, SWT.NO_FOCUS);
+
+ ModifyListener ml = new ModifyListener() {
+ private static final long serialVersionUID = -1558726363536729634L;
+
+ @Override
+ public void modifyText(ModifyEvent event) {
+ checkPageComplete();
+ }
+ };
+
+ body.setLayout(new GridLayout(2, false));
+ body.setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, true));
+ pwdTxt = EclipseUiUtils.createGridLP(body, "New password", ml);
+ pwd2Txt = EclipseUiUtils.createGridLP(body, "Repeat password", ml);
+ }
+
+ private void checkPageComplete() {
+ String errorMsg = null;
+ if (chooseCommandCmb.getSelectionIndex() < 0)
+ errorMsg = "Please select an action";
+ else if (CMD_UPDATE_PASSWORD.equals(getCommand())) {
+ if (EclipseUiUtils.isEmpty(pwdTxt.getText())
+ || pwdTxt.getText().length() < 4)
+ errorMsg = "Please enter a password that is at least 4 character long";
+ else if (!pwdTxt.getText().equals(pwd2Txt.getText()))
+ errorMsg = "Passwords are different";
+ }
+ if (EclipseUiUtils.notEmpty(errorMsg)) {
+ setMessage(errorMsg, WizardPage.ERROR);
+ setPageComplete(false);
+ } else {
+ setMessage("Page complete, you can proceed to user choice",
+ WizardPage.INFORMATION);
+ setPageComplete(true);
+ }
+
+ getContainer().updateButtons();
+ }
+
+ private void populateGroupCmp(Composite parent) {
+ EclipseUiUtils.clear(parent);
+ trueChk = new Button(parent, SWT.CHECK);
+ trueChk.setText("Add to group. (It will remove user(s) from the "
+ + "corresponding group if unchecked)");
+ trueChk.setSelection(true);
+ trueChk.setLayoutData(new GridData(SWT.LEFT, SWT.TOP, false, false));
+ }
+
+ protected String getCommand() {
+ return commands.get(chooseCommandCmb.getItem(chooseCommandCmb
+ .getSelectionIndex()));
+ }
+
+ protected String getCommandLbl() {
+ return chooseCommandCmb.getItem(chooseCommandCmb
+ .getSelectionIndex());
+ }
+
+ @SuppressWarnings("unused")
+ protected boolean getBoleanValue() {
+ // FIXME this is not consistent and will lead to errors.
+ if (ArgeoNames.ARGEO_ENABLED.equals(getCommand()))
+ return trueChk.getSelection();
+ else
+ return !trueChk.getSelection();
+ }
+
+ @SuppressWarnings("unused")
+ protected String getStringValue() {
+ String value = null;
+ if (valueTxt != null) {
+ value = valueTxt.getText();
+ if ("".equals(value.trim()))
+ value = null;
+ }
+ return value;
+ }
+
+ protected char[] getPwdValue() {
+ // We do not directly reset the password text fields: There is no
+ // need to over secure this process: setting a pwd to multi users
+ // at the same time is anyhow a bad practice and should be used only
+ // in test environment or for temporary access
+ if (pwdTxt == null || pwdTxt.isDisposed())
+ return null;
+ else
+ return pwdTxt.getText().toCharArray();
+ }
+ }
+
+ /**
+ * Displays a list of users with a check box to be able to choose some of
+ * them
+ */
+ private class ChooseUsersWizardPage extends WizardPage implements
+ IPageChangedListener {
+ private static final long serialVersionUID = 7651807402211214274L;
+ private ChooseUserTableViewer userTableCmp;
+
+ public ChooseUsersWizardPage() {
+ super("Choose Users");
+ setTitle("Select users who will be impacted");
+ }
+
+ @Override
+ public void createControl(Composite parent) {
+ Composite pageCmp = new Composite(parent, SWT.NONE);
+ pageCmp.setLayout(EclipseUiUtils.noSpaceGridLayout());
+
+ // Define the displayed columns
+ List<ColumnDefinition> columnDefs = new ArrayList<ColumnDefinition>();
+ columnDefs.add(new ColumnDefinition(new CommonNameLP(),
+ "Common Name", 150));
+ columnDefs.add(new ColumnDefinition(new MailLP(), "E-mail", 150));
+ columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain",
+ 200));
+
+ // Only show technical DN to admin
+ if (UiAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN))
+ columnDefs.add(new ColumnDefinition(new UserNameLP(),
+ "Distinguished Name", 300));
+
+ userTableCmp = new ChooseUserTableViewer(pageCmp, SWT.MULTI
+ | SWT.H_SCROLL | SWT.V_SCROLL);
+ userTableCmp.setLayoutData(EclipseUiUtils.fillAll());
+ userTableCmp.setColumnDefinitions(columnDefs);
+ userTableCmp.populate(true, true);
+ userTableCmp.refresh();
+
+ setControl(pageCmp);
+
+ // Add listener to update message when shown
+ final IWizardContainer wContainer = this.getContainer();
+ if (wContainer instanceof IPageChangeProvider) {
+ ((IPageChangeProvider) wContainer).addPageChangedListener(this);
+ }
+
+ }
+
+ @Override
+ public void pageChanged(PageChangedEvent event) {
+ if (event.getSelectedPage() == this) {
+ String msg = "Chosen batch action: "
+ + chooseCommandPage.getCommandLbl();
+ ((WizardPage) event.getSelectedPage()).setMessage(msg);
+ }
+ }
+
+ protected List<User> getSelectedUsers() {
+ return userTableCmp.getSelectedUsers();
+ }
+
+ private class ChooseUserTableViewer extends LdifUsersTable {
+ private static final long serialVersionUID = 5080437561015853124L;
+ private final String[] knownProps = { LdifName.uid.name(),
+ LdifName.dn.name(), LdifName.cn.name(),
+ LdifName.givenname.name(), LdifName.sn.name(),
+ LdifName.mail.name() };
+
+ public ChooseUserTableViewer(Composite parent, int style) {
+ super(parent, style);
+ }
+
+ @Override
+ protected List<User> listFilteredElements(String filter) {
+ Role[] roles;
+
+ try {
+ StringBuilder builder = new StringBuilder();
+
+ StringBuilder tmpBuilder = new StringBuilder();
+ if (UiAdminUtils.notNull(filter))
+ for (String prop : knownProps) {
+ tmpBuilder.append("(");
+ tmpBuilder.append(prop);
+ tmpBuilder.append("=*");
+ tmpBuilder.append(filter);
+ tmpBuilder.append("*)");
+ }
+ if (tmpBuilder.length() > 1) {
+ builder.append("(&(")
+ .append(LdifName.objectClass.name())
+ .append("=")
+ .append(LdifName.inetOrgPerson.name())
+ .append(")(|");
+ builder.append(tmpBuilder.toString());
+ builder.append("))");
+ } else
+ builder.append("(").append(LdifName.objectClass.name())
+ .append("=")
+ .append(LdifName.inetOrgPerson.name())
+ .append(")");
+ roles = userAdminWrapper.getUserAdmin().getRoles(
+ builder.toString());
+ } catch (InvalidSyntaxException e) {
+ throw new ArgeoException(
+ "Unable to get roles with filter: " + filter, e);
+ }
+ List<User> users = new ArrayList<User>();
+ for (Role role : roles)
+ // Prevent current logged in user to perform batch on
+ // himself
+ if (!UiAdminUtils.isCurrentUser((User) role))
+ users.add((User) role);
+ return users;
+ }
+ }
+ }
+
+ /** Summary of input data before launching the process */
+ private class ValidateAndLaunchWizardPage extends WizardPage implements
+ IPageChangedListener {
+ private static final long serialVersionUID = 7098918351451743853L;
+ private ChosenUsersTableViewer userTableCmp;
+
+ public ValidateAndLaunchWizardPage() {
+ super("Validate and launch");
+ setTitle("Validate and launch");
+ }
+
+ @Override
+ public void createControl(Composite parent) {
+ Composite pageCmp = new Composite(parent, SWT.NO_FOCUS);
+ pageCmp.setLayout(EclipseUiUtils.noSpaceGridLayout());
+
+ List<ColumnDefinition> columnDefs = new ArrayList<ColumnDefinition>();
+ columnDefs.add(new ColumnDefinition(new CommonNameLP(),
+ "Common Name", 150));
+ columnDefs.add(new ColumnDefinition(new MailLP(), "E-mail", 150));
+ columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain",
+ 200));
+ // Only show technical DN to admin
+ if (UiAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN))
+ columnDefs.add(new ColumnDefinition(new UserNameLP(),
+ "Distinguished Name", 300));
+ userTableCmp = new ChosenUsersTableViewer(pageCmp, SWT.MULTI
+ | SWT.H_SCROLL | SWT.V_SCROLL);
+ userTableCmp.setLayoutData(EclipseUiUtils.fillAll());
+ userTableCmp.setColumnDefinitions(columnDefs);
+ userTableCmp.populate(false, false);
+ userTableCmp.refresh();
+ setControl(pageCmp);
+ // Add listener to update message when shown
+ final IWizardContainer wContainer = this.getContainer();
+ if (wContainer instanceof IPageChangeProvider) {
+ ((IPageChangeProvider) wContainer).addPageChangedListener(this);
+ }
+ }
+
+ @Override
+ public void pageChanged(PageChangedEvent event) {
+ if (event.getSelectedPage() == this) {
+ @SuppressWarnings({ "unchecked", "rawtypes" })
+ Object[] values = ((ArrayList) userListPage.getSelectedUsers())
+ .toArray(new Object[userListPage.getSelectedUsers()
+ .size()]);
+ userTableCmp.getTableViewer().setInput(values);
+ String msg = "Following batch action: ["
+ + chooseCommandPage.getCommandLbl()
+ + "] will be perfomed on the users listed below.\n";
+ // + "Are you sure you want to proceed?";
+ setMessage(msg);
+ }
+ }
+
+ private class ChosenUsersTableViewer extends LdifUsersTable {
+ private static final long serialVersionUID = 7814764735794270541L;
+
+ public ChosenUsersTableViewer(Composite parent, int style) {
+ super(parent, style);
+ }
+
+ @Override
+ protected List<User> listFilteredElements(String filter) {
+ return userListPage.getSelectedUsers();
+ }
+ }
+ }
+}
\ No newline at end of file
import org.argeo.osgi.useradmin.LdifName;
import org.argeo.security.ui.admin.SecurityAdminPlugin;
import org.argeo.security.ui.admin.internal.UiAdminUtils;
-import org.argeo.security.ui.admin.internal.UserAdminConstants;
import org.argeo.security.ui.admin.internal.UserAdminWrapper;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.swt.events.ModifyEvent;
import org.osgi.service.useradmin.UserAdminListener;
/** Editor for a user, might be a user or a group. */
-public class UserEditor extends FormEditor implements UserAdminConstants {
+public class UserEditor extends FormEditor {
private static final long serialVersionUID = 8357851520380820241L;
public final static String USER_EDITOR_ID = SecurityAdminPlugin.PLUGIN_ID
}
/**
- * returns the list of all authorisation for the given user or of the
+ * returns the list of all authorization for the given user or of the
* current displayed user if parameter is null
*/
protected List<User> getFlatGroups(User aUser) {
import java.util.List;
import org.argeo.ArgeoException;
+import org.argeo.cms.auth.AuthConstants;
import org.argeo.eclipse.ui.ColumnDefinition;
import org.argeo.eclipse.ui.EclipseUiUtils;
import org.argeo.eclipse.ui.parts.LdifUsersTable;
import org.eclipse.swt.events.DisposeListener;
import org.eclipse.swt.events.ModifyEvent;
import org.eclipse.swt.events.ModifyListener;
+import org.eclipse.swt.events.SelectionAdapter;
+import org.eclipse.swt.events.SelectionEvent;
import org.eclipse.swt.graphics.Cursor;
import org.eclipse.swt.layout.GridData;
import org.eclipse.swt.layout.GridLayout;
+import org.eclipse.swt.widgets.Button;
import org.eclipse.swt.widgets.Composite;
import org.eclipse.swt.widgets.Label;
import org.eclipse.swt.widgets.Text;
ScrolledForm form = mf.getForm();
Composite body = form.getBody();
GridLayout mainLayout = new GridLayout();
+ // mainLayout.marginRight = 10;
body.setLayout(mainLayout);
User user = editor.getDisplayedUser();
appendOverviewPart(body, user);
user.getProperties().put(LdifName.cn.name(),
commonName.getText());
user.getProperties().put(LdifName.mail.name(), email.getText());
- // Enable common name ?
- // editor.setProperty(UserAdminConstants.KEY_CN,
- // email.getText());
super.commit(onSave);
}
Composite body = (Composite) section.getClient();
body.setLayout(EclipseUiUtils.noSpaceGridLayout());
+ boolean isAdmin = UiAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN);
+
// Displayed columns
List<ColumnDefinition> columnDefs = new ArrayList<ColumnDefinition>();
columnDefs.add(new ColumnDefinition(new RoleIconLP(), "", 0, 24));
columnDefs.add(new ColumnDefinition(new CommonNameLP(), "Common Name",
150));
columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain Name",
- 120));
- columnDefs.add(new ColumnDefinition(new UserNameLP(),
- "Distinguished Name", 300));
+ 200));
+ // Only show technical DN to administrators
+ if (isAdmin)
+ columnDefs.add(new ColumnDefinition(new UserNameLP(),
+ "Distinguished Name", 120));
// Create and configure the table
final LdifUsersTable userViewerCmp = new MyUserTableViewer(body,
SWT.MULTI | SWT.H_SCROLL | SWT.V_SCROLL, user);
userViewerCmp.setColumnDefinitions(columnDefs);
- userViewerCmp.populate(true, false);
+ if (isAdmin)
+ userViewerCmp.populateWithStaticFilters(false, false);
+ else
+ userViewerCmp.populate(true, false);
GridData gd = EclipseUiUtils.fillAll();
gd.heightHint = 300;
userViewerCmp.setLayoutData(gd);
}
private class MyUserTableViewer extends LdifUsersTable {
- private static final long serialVersionUID = 8467999509931900367L;
+ private static final long serialVersionUID = 2653790051461237329L;
+
+ private Button showSystemRoleBtn;
private final User user;
private final UserFilter userFilter;
super(parent, style, true);
this.user = user;
userFilter = new UserFilter();
+ userFilter.setShowSystemRole(false);
+ }
+
+ protected void populateStaticFilters(Composite staticFilterCmp) {
+ staticFilterCmp.setLayout(new GridLayout());
+ showSystemRoleBtn = new Button(staticFilterCmp, SWT.CHECK);
+ showSystemRoleBtn.setText("Show system roles");
+ showSystemRoleBtn.addSelectionListener(new SelectionAdapter() {
+ private static final long serialVersionUID = -7033424592697691676L;
+
+ @Override
+ public void widgetSelected(SelectionEvent e) {
+ userFilter.setShowSystemRole(showSystemRoleBtn
+ .getSelection());
+ refresh();
+ }
+ });
}
@Override
import java.util.List;
import org.argeo.ArgeoException;
+import org.argeo.cms.auth.AuthConstants;
import org.argeo.eclipse.ui.ColumnDefinition;
import org.argeo.eclipse.ui.EclipseUiUtils;
import org.argeo.eclipse.ui.parts.LdifUsersTable;
// Define the displayed columns
columnDefs.add(new ColumnDefinition(new CommonNameLP(), "Common Name",
150));
- columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain", 120));
columnDefs.add(new ColumnDefinition(new MailLP(), "E-mail", 150));
- columnDefs.add(new ColumnDefinition(new UserNameLP(),
- "Distinguished Name", 300));
+ columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain", 200));
+ // Only show technical DN to admin
+ if (UiAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN))
+ columnDefs.add(new ColumnDefinition(new UserNameLP(),
+ "Distinguished Name", 300));
// Create and configure the table
userTableViewerCmp = new MyUserTableViewer(parent, SWT.MULTI
| SWT.H_SCROLL | SWT.V_SCROLL);
userTableViewerCmp.setLayoutData(EclipseUiUtils.fillAll());
-
userTableViewerCmp.setColumnDefinitions(columnDefs);
userTableViewerCmp.populate(true, false);
package org.argeo.security.ui.admin.internal.providers;
+import org.argeo.cms.auth.AuthConstants;
import org.argeo.osgi.useradmin.LdifName;
import org.argeo.security.ui.admin.SecurityAdminImages;
-import org.argeo.security.ui.admin.internal.UserAdminConstants;
import org.eclipse.swt.graphics.Image;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
public Image getImage(Object element) {
User user = (User) element;
String dn = (String) user.getProperties().get(LdifName.dn.name());
- if (dn.endsWith(UserAdminConstants.SYSTEM_ROLE_BASE_DN))
+ if (dn.endsWith(AuthConstants.ROLES_BASEDN))
return SecurityAdminImages.ICON_ROLE;
else if (user.getType() == Role.GROUP)
return SecurityAdminImages.ICON_GROUP;
import org.argeo.ArgeoException;
import org.argeo.osgi.useradmin.LdifName;
import org.argeo.security.ui.admin.internal.UiAdminUtils;
-import org.argeo.security.ui.admin.internal.UserAdminConstants;
import org.eclipse.jface.resource.JFaceResources;
import org.eclipse.jface.viewers.ColumnLabelProvider;
import org.eclipse.swt.SWT;
* Utility class that add font modifications to a column label provider
* depending on the given user properties
*/
-public abstract class UserAdminAbstractLP extends ColumnLabelProvider implements
- UserAdminConstants {
+public abstract class UserAdminAbstractLP extends ColumnLabelProvider {
private static final long serialVersionUID = 137336765024922368L;
// private Font italic;
package org.argeo.security.ui.admin.internal.providers;
+import static org.argeo.eclipse.ui.EclipseUiUtils.notEmpty;
+
+import org.argeo.cms.auth.AuthConstants;
import org.argeo.osgi.useradmin.LdifName;
import org.argeo.security.ui.admin.internal.UiAdminUtils;
import org.eclipse.jface.viewers.Viewer;
private static final long serialVersionUID = 5082509381672880568L;
private String searchString;
+ private boolean showSystemRole = true;
private final String[] knownProps = { LdifName.dn.name(),
LdifName.cn.name(), LdifName.givenname.name(), LdifName.sn.name(),
public void setSearchText(String s) {
// ensure that the value can be used for matching
- if (notNull(s))
+ if (notEmpty(s))
searchString = ".*" + s.toLowerCase() + ".*";
else
searchString = ".*";
}
+ public void setShowSystemRole(boolean showSystemRole) {
+ this.showSystemRole = showSystemRole;
+ }
+
@Override
public boolean select(Viewer viewer, Object parentElement, Object element) {
- if (searchString == null || searchString.length() == 0) {
- return true;
- }
User user = (User) element;
+ if (!showSystemRole
+ && user.getName().matches(
+ ".*(" + AuthConstants.ROLES_BASEDN + ")"))
+ // UiAdminUtils.getProperty(user, LdifName.dn.name())
+ // .toLowerCase().endsWith(AuthConstants.ROLES_BASEDN))
+ return false;
+
+ if (searchString == null || searchString.length() == 0)
+ return true;
+
if (user.getName().matches(searchString))
return true;
for (String key : knownProps) {
String currVal = UiAdminUtils.getProperty(user, key);
- if (notNull(currVal) && currVal.toLowerCase().matches(searchString))
+ if (notEmpty(currVal)
+ && currVal.toLowerCase().matches(searchString))
return true;
}
-
return false;
}
- private boolean notNull(String str) {
- return !(str == null || "".equals(str.trim()));
- }
-
}
\ No newline at end of file
projects / lgpl / argeo-commons.git / commitdiff