package org.argeo.cms.internal.runtime;
-import static org.argeo.api.acr.ldap.LdapAttrs.cn;
-import static org.argeo.api.acr.ldap.LdapAttrs.description;
-import static org.argeo.api.acr.ldap.LdapAttrs.owner;
+import static org.argeo.api.acr.ldap.LdapAttr.cn;
+import static org.argeo.api.acr.ldap.LdapAttr.description;
+import static org.argeo.api.acr.ldap.LdapAttr.owner;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import javax.xml.namespace.QName;
import org.argeo.api.acr.NamespaceUtils;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.api.acr.ldap.NamingUtils;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
import org.argeo.api.cms.directory.CmsGroup;
+import org.argeo.api.cms.directory.CmsRole;
import org.argeo.api.cms.directory.CmsUser;
import org.argeo.api.cms.directory.CmsUserManager;
import org.argeo.api.cms.directory.HierarchyUnit;
import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.api.cms.transaction.WorkTransaction;
-import org.argeo.cms.auth.CurrentUser;
+import org.argeo.cms.CurrentUser;
import org.argeo.cms.auth.UserAdminUtils;
import org.argeo.cms.directory.ldap.LdapEntry;
import org.argeo.cms.directory.ldap.SharedSecret;
// private Map<String, String> serviceProperties;
private WorkTransaction userTransaction;
- private final String[] knownProps = { LdapAttrs.cn.name(), LdapAttrs.sn.name(), LdapAttrs.givenName.name(),
- LdapAttrs.uid.name() };
+ private final String[] knownProps = { LdapAttr.cn.name(), LdapAttr.sn.name(), LdapAttr.givenName.name(),
+ LdapAttr.uid.name() };
// private Map<UserDirectory, Hashtable<String, Object>> userDirectories = Collections
// .synchronizedMap(new LinkedHashMap<>());
}
- @Override
- public String getMyMail() {
- return getUserMail(CurrentUser.getUsername());
- }
+// @Override
+// public String getMyMail() {
+// return getUserMail(CurrentUser.getUsername());
+// }
@Override
- public Role[] getRoles(String filter) {
+ public CmsRole[] getRoles(String filter) {
try {
- return userAdmin.getRoles(filter);
+ Role[] roles = userAdmin.getRoles(filter);
+ CmsRole[] res = new CmsRole[roles.length];
+ for (int i = 0; i < roles.length; i++)
+ res[i] = (CmsRole) roles[i];
+ return res;
} catch (InvalidSyntaxException e) {
throw new IllegalArgumentException("Invalid filter " + filter, e);
}
/** Lists all roles of the given user */
@Override
public String[] getUserRoles(String dn) {
- Authorization currAuth = getUserAdmin().getAuthorization(getUser(dn));
+ Authorization currAuth = getUserAdmin().getAuthorization((User) getUser(dn));
return currAuth.getRoles();
}
return users;
}
-// @Override
-// public Set<User> listAccounts(HierarchyUnit hierarchyUnit, boolean deep) {
-// if(!hierarchyUnit.isFunctional())
-// throw new IllegalArgumentException("Hierarchy unit "+hierarchyUnit.getBase()+" is not functional");
-// UserDirectory directory = (UserDirectory)hierarchyUnit.getDirectory();
-// Set<User> res = new HashSet<>();
-// for(HierarchyUnit technicalHu:hierarchyUnit.getDirectHierarchyUnits(false)) {
-// if(technicalHu.isFunctional())
-// continue;
-// for(Role role:directory.getHierarchyUnitRoles(technicalHu, null, false)) {
-// if(role)
-// }
-// }
-// return res;
-// }
-
/** Recursively add users to list */
private void addUsers(Set<CmsUser> users, Group group, String filter) {
- Role[] roles = group.getMembers();
+ Role[] roles = ((Group) group).getMembers();
for (Role role : roles) {
if (role.getType() == Role.GROUP) {
- addUsers(users, (CmsGroup) role, filter);
+ addUsers(users, (Group) role, filter);
} else if (role.getType() == Role.USER) {
if (match(role, filter))
users.add((CmsUser) role);
@Override
public CmsUser getUserFromLocalId(String localId) {
- CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttrs.uid.name(), localId);
+ CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttr.uid.name(), localId);
if (user == null)
- user = (CmsUser) getUserAdmin().getUser(LdapAttrs.cn.name(), localId);
+ user = (CmsUser) getUserAdmin().getUser(LdapAttr.cn.name(), localId);
return user;
}
public CmsUser createUser(String username, Map<String, Object> properties, Map<String, Object> credentials) {
try {
userTransaction.begin();
- CmsUser user = (CmsUser) userAdmin.createRole(username, Role.USER);
+ User user = (User) userAdmin.createRole(username, Role.USER);
if (properties != null) {
for (String key : properties.keySet())
user.getProperties().put(key, properties.get(key));
user.getCredentials().put(key, credentials.get(key));
}
userTransaction.commit();
- return user;
+ return (CmsUser) user;
} catch (Exception e) {
try {
userTransaction.rollback();
}
}
+ @Override
+ public CmsGroup createGroup(String dn) {
+ try {
+ userTransaction.begin();
+ CmsGroup group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
+ userTransaction.commit();
+ return group;
+ } catch (Exception e) {
+ try {
+ userTransaction.rollback();
+ } catch (Exception e1) {
+ log.error("Could not roll back", e1);
+ }
+ if (e instanceof RuntimeException)
+ throw (RuntimeException) e;
+ else
+ throw new RuntimeException("Cannot create group " + dn, e);
+ }
+ }
+
@Override
public CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName) {
+ String dn = LdapAttr.cn.name() + "=" + commonName + "," + groups.getBase();
+ CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
+ if (group != null)
+ return group;
try {
- String dn = LdapAttrs.cn.name() + "=" + commonName + "," + groups.getBase();
- CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
- if (group != null)
- return group;
userTransaction.begin();
group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
userTransaction.commit();
@Override
public CmsGroup getOrCreateSystemRole(HierarchyUnit roles, QName systemRole) {
+ String dn = LdapAttr.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole) + "," + roles.getBase();
+ CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
+ if (group != null)
+ return group;
try {
- String dn = LdapAttrs.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole) + "," + roles.getBase();
- CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
- if (group != null)
- return group;
userTransaction.begin();
group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
userTransaction.commit();
}
@Override
- public void addObjectClasses(Role role, Set<String> objectClasses, Map<String, Object> additionalProperties) {
+ public void addObjectClasses(CmsRole role, Set<String> objectClasses, Map<String, Object> additionalProperties) {
try {
userTransaction.begin();
LdapEntry.addObjectClasses(role.getProperties(), objectClasses);
}
@Override
- public void addMember(CmsGroup group, Role role) {
+ public void addMember(CmsGroup group, CmsRole role) {
+ try {
+ userTransaction.begin();
+ ((Group) group).addMember((Role) role);
+ userTransaction.commit();
+ } catch (Exception e1) {
+ try {
+ if (!userTransaction.isNoTransactionStatus())
+ userTransaction.rollback();
+ } catch (Exception e2) {
+ if (log.isTraceEnabled())
+ log.trace("Cannot rollback transaction", e2);
+ }
+ throw new RuntimeException("Cannot add member " + role + " to group " + group, e1);
+ }
+ }
+
+ @Override
+ public void removeMember(CmsGroup group, CmsRole role) {
try {
userTransaction.begin();
- group.addMember(role);
+ ((Group) group).removeMember((Role) role);
userTransaction.commit();
} catch (Exception e1) {
try {
if (log.isTraceEnabled())
log.trace("Cannot rollback transaction", e2);
}
- throw new RuntimeException("Cannot add object classes " + role + " to group " + group, e1);
+ throw new RuntimeException("Cannot remove member " + role + " from group " + group, e1);
}
}
Dictionary<String, ?> props = DirectoryConf.uriAsProperties(dns.get(baseDn));
String dn = null;
if (Role.GROUP == type)
- dn = LdapAttrs.cn.name() + "=" + localId + "," + DirectoryConf.groupBase.getValue(props) + "," + baseDn;
+ dn = LdapAttr.cn.name() + "=" + localId + "," + DirectoryConf.groupBase.getValue(props) + "," + baseDn;
else if (Role.USER == type)
- dn = LdapAttrs.uid.name() + "=" + localId + "," + DirectoryConf.userBase.getValue(props) + "," + baseDn;
+ dn = LdapAttr.uid.name() + "=" + localId + "," + DirectoryConf.userBase.getValue(props) + "," + baseDn;
else
throw new IllegalStateException("Unknown role type. " + "Cannot deduce dn for " + localId);
return dn;
}
public String addSharedSecret(String email, int hours) {
- User user = (User) userAdmin.getUser(LdapAttrs.mail.name(), email);
+ User user = (User) userAdmin.getUser(LdapAttr.mail.name(), email);
try {
userTransaction.begin();
String uuid = UUID.randomUUID().toString();
}
@Override
- public UserDirectory getDirectory(Role user) {
+ public UserDirectory getDirectory(CmsRole user) {
String name = user.getName();
NavigableMap<String, UserDirectory> possible = new TreeMap<>();
for (UserDirectory userDirectory : userDirectories) {