Introduce CurrentSubject

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / CurrentUser.java

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
index 85a4824646bec37124c8cefc79627240165a435a..13b54a549a83eac180c3116f017eb204bc0856dc 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
@@ -1,11 +1,11 @@
 package org.argeo.cms.auth;
 
-import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Locale;
 import java.util.Set;
 import java.util.UUID;
@@ -19,6 +19,7 @@ import org.argeo.api.cms.CmsSessionId;
 import org.argeo.cms.internal.auth.CmsSessionImpl;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
 import org.argeo.cms.internal.runtime.CmsContextImpl;
+import org.argeo.util.CurrentSubject;
 import org.osgi.service.useradmin.Authorization;
 
 /**
@@ -68,6 +69,11 @@ public final class CurrentUser {
                return roles.contains(role);
        }
 
+       /** Implies this {@link SystemRole} in this context. */
+       public final static boolean implies(SystemRole role, String context) {
+               return role.implied(currentSubject(), context);
+       }
+
        /** Executes as the current user */
        public final static <T> T doAs(PrivilegedAction<T> action) {
                return Subject.doAs(currentSubject(), action);
@@ -121,24 +127,22 @@ public final class CurrentUser {
                return username == null || username.equalsIgnoreCase(CmsConstants.ROLE_ANONYMOUS);
        }
 
-       public CmsSession getCmsSession() {
+       public static CmsSession getCmsSession() {
                Subject subject = currentSubject();
-               CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next();
-               return CmsSessionImpl.getByUuid(cmsSessionId.getUuid());
+               Iterator<CmsSessionId> it = subject.getPrivateCredentials(CmsSessionId.class).iterator();
+               if (!it.hasNext())
+                       throw new IllegalStateException("No CMS session id available for " + subject);
+               CmsSessionId cmsSessionId = it.next();
+               if (it.hasNext())
+                       throw new IllegalStateException("More than one CMS session id available for " + subject);
+               return CmsContextImpl.getCmsContext().getCmsSessionByUuid(cmsSessionId.getUuid());
        }
 
        /*
         * HELPERS
         */
        private static Subject currentSubject() {
-               Subject subject = getAccessControllerSubject();
-               if (subject != null)
-                       return subject;
-               throw new IllegalStateException("Cannot find related subject");
-       }
-
-       private static Subject getAccessControllerSubject() {
-               return Subject.getSubject(AccessController.getContext());
+               return CurrentSubject.current();
        }
 
        private static Authorization getAuthorization(Subject subject) {
@@ -151,7 +155,7 @@ public final class CurrentUser {
                        nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
                else
                        return false;
-               CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString());
+               CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByUuid(nodeSessionId);
 
                // FIXME logout all views
                // TODO check why it is sometimes null
@@ -162,6 +166,7 @@ public final class CurrentUser {
                return true;
        }
 
+       /** singleton */
        private CurrentUser() {
        }
 }