core/org.argeo.suite.core/src/org/argeo/suite/SuiteUtils.java

   1 package org.argeo.suite;
   2
   3 import java.util.HashSet;
   4 import java.util.Set;
   5
   6 import javax.jcr.Node;
   7 import javax.jcr.RepositoryException;
   8 import javax.jcr.Session;
   9 import javax.jcr.nodetype.NodeType;
  10 import javax.jcr.security.Privilege;
  11 import javax.naming.ldap.LdapName;
  12 import javax.security.auth.x500.X500Principal;
  13
  14 import org.argeo.api.NodeConstants;
  15 import org.argeo.cms.auth.CmsSession;
  16 import org.argeo.entity.EntityType;
  17 import org.argeo.jackrabbit.security.JackrabbitSecurityUtils;
  18 import org.argeo.jcr.JcrException;
  19 import org.argeo.jcr.JcrUtils;
  20 import org.argeo.naming.LdapAttrs;
  21
  22 /** Utilities around the Argeo Suite APIs. */
  23 public class SuiteUtils {
  24
  25         public static String getUserNodePath(LdapName userDn) {
  26                 String uid = userDn.getRdn(userDn.size() - 1).getValue().toString();
  27                 return EntityType.user.basePath() + '/' + uid;
  28         }
  29
  30         public static Node getOrCreateUserNode(Session adminSession, LdapName userDn) {
  31                 try {
  32                         Node usersBase = adminSession.getNode(EntityType.user.basePath());
  33                         String uid = userDn.getRdn(userDn.size() - 1).getValue().toString();
  34                         Node userNode;
  35                         if (!usersBase.hasNode(uid)) {
  36                                 userNode = usersBase.addNode(uid, NodeType.NT_UNSTRUCTURED);
  37                                 userNode.addMixin(EntityType.user.get());
  38                                 userNode.addMixin(NodeType.MIX_CREATED);
  39                                 userNode.setProperty(LdapAttrs.distinguishedName.property(), userDn.toString());
  40                                 userNode.setProperty(LdapAttrs.uid.property(), uid);
  41                                 adminSession.save();
  42                                 JackrabbitSecurityUtils.denyPrivilege(adminSession, userNode.getPath(), SuiteRole.coworker.dn(),
  43                                                 Privilege.JCR_READ);
  44                                 JcrUtils.addPrivilege(adminSession, userNode.getPath(), new X500Principal(userDn.toString()).getName(),
  45                                                 Privilege.JCR_READ);
  46                                 JcrUtils.addPrivilege(adminSession, userNode.getPath(), NodeConstants.ROLE_USER_ADMIN,
  47                                                 Privilege.JCR_ALL);
  48                         } else {
  49                                 userNode = usersBase.getNode(uid);
  50                         }
  51                         return userNode;
  52                 } catch (RepositoryException e) {
  53                         throw new JcrException("Cannot create user node for " + userDn, e);
  54                 }
  55         }
  56
  57         public static Node getCmsSessionNode(Session session, CmsSession cmsSession) {
  58                 try {
  59                         return session.getNode(getUserNodePath(cmsSession.getUserDn()) + '/' + cmsSession.getUuid().toString());
  60                 } catch (RepositoryException e) {
  61                         throw new JcrException("Cannot get session dir for " + cmsSession, e);
  62                 }
  63         }
  64
  65         public static Node getOrCreateCmsSessionNode(Session adminSession, CmsSession cmsSession) {
  66                 try {
  67                         LdapName userDn = cmsSession.getUserDn();
  68 //                      String uid = userDn.get(userDn.size() - 1);
  69                         Node userNode = getOrCreateUserNode(adminSession, userDn);
  70 //                      if (!usersBase.hasNode(uid)) {
  71 //                              userNode = usersBase.addNode(uid, NodeType.NT_UNSTRUCTURED);
  72 //                              userNode.addMixin(EntityType.user.get());
  73 //                              userNode.addMixin(NodeType.MIX_CREATED);
  74 //                              usersBase.setProperty(LdapAttrs.uid.property(), uid);
  75 //                              usersBase.setProperty(LdapAttrs.distinguishedName.property(), userDn.toString());
  76 //                              adminSession.save();
  77 //                      } else {
  78 //                              userNode = usersBase.getNode(uid);
  79 //                      }
  80                         String cmsSessionUuid = cmsSession.getUuid().toString();
  81                         Node cmsSessionNode;
  82                         if (!userNode.hasNode(cmsSessionUuid)) {
  83                                 cmsSessionNode = userNode.addNode(cmsSessionUuid, NodeType.NT_UNSTRUCTURED);
  84                                 cmsSessionNode.addMixin(NodeType.MIX_CREATED);
  85                                 adminSession.save();
  86                                 JcrUtils.addPrivilege(adminSession, cmsSessionNode.getPath(), cmsSession.getUserRole(),
  87                                                 Privilege.JCR_ALL);
  88                         } else {
  89                                 cmsSessionNode = userNode.getNode(cmsSessionUuid);
  90                         }
  91                         return cmsSessionNode;
  92                 } catch (RepositoryException e) {
  93                         throw new JcrException("Cannot create session dir for " + cmsSession, e);
  94                 }
  95         }
  96
  97         /** Singleton. */
  98         private SuiteUtils() {
  99
 100         }
 101
 102         public static Set<String> extractRoles(String[] semiColArr) {
 103                 Set<String> res = new HashSet<>();
 104                 // TODO factorize and make it more robust
 105                 final String rolesPrefix = "roles:=\"";
 106                 // first one is layer id
 107                 for (int i = 1; i < semiColArr.length; i++) {
 108                         if (semiColArr[i].startsWith(rolesPrefix)) {
 109                                 String rolesStr = semiColArr[i].substring(rolesPrefix.length());
 110                                 // remove last "
 111                                 rolesStr = rolesStr.substring(0, rolesStr.lastIndexOf('\"'));
 112                                 // TODO support AND (&) as well
 113                                 String[] roles = rolesStr.split("\\|");// OR (|)
 114                                 for (String role : roles) {
 115                                         res.add(role.trim());
 116                                 }
 117                         }
 118                 }
 119                 return res;
 120         }
 121
 122 }