Improve role management

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / SystemRole.java

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
index 3a28b7c8878a4fce9e04fd9108d2de76050fba2a..646752d412f988d7ba3ddb60e05edcff7e0f5b67 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
@@ -8,14 +8,32 @@ import javax.xml.namespace.QName;
 import org.argeo.api.cms.CmsConstants;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
 
+/** A programmatic role. */
 public interface SystemRole {
        QName getName();
 
+       /** Whether this role is implied for this authenticated user. */
        default boolean implied(Subject subject, String context) {
+               return implied(getName(), subject, context);
+       }
+
+       /** Whether this role is implied for this distinguished name. */
+       default boolean implied(String dn, String context) {
+               String roleContext = RoleNameUtils.getContext(dn);
+               QName roleName = RoleNameUtils.getLastRdnAsName(dn);
+               return roleContext.equalsIgnoreCase(context) && getName().equals(roleName);
+       }
+
+       /**
+        * Whether this role is implied for this authenticated subject. If context is
+        * <code>null</code>, it is not considered; this should be used to build user
+        * interfaces, but not to authorise.
+        */
+       static boolean implied(QName name, Subject subject, String context) {
                Set<ImpliedByPrincipal> roles = subject.getPrincipals(ImpliedByPrincipal.class);
                for (ImpliedByPrincipal role : roles) {
                        if (role.isSystemRole()) {
-                               if (role.getRoleName().equals(getName())) {
+                               if (role.getRoleName().equals(name)) {
                                        // !! if context is not specified, it is considered irrelevant
                                        if (context == null)
                                                return true;
@@ -27,5 +45,4 @@ public interface SystemRole {
                }
                return false;
        }
-
 }