Improve user directory

[lgpl/argeo-commons.git] / org.argeo.enterprise / src / org / argeo / osgi / useradmin / AbstractUserDirectory.java

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index 66b6e91e27eac392fc4af28fb7791a3efb454a40..d3c7d6246af6ef509a24c2ecc1d82940947d52d7 100644 (file)
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -34,7 +34,6 @@ import javax.transaction.TransactionManager;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.naming.LdapAttrs;
-import org.argeo.naming.LdapObjs;
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
@@ -173,7 +172,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
        private void collectRoles(DirectoryUser user, List<Role> allRoles) {
                Attributes attrs = user.getAttributes();
                // TODO centralize attribute name
-               Attribute memberOf = attrs.get("memberOf");
+               Attribute memberOf = attrs.get(LdapAttrs.memberOf.name());
                if (memberOf != null) {
                        try {
                                NamingEnumeration<?> values = memberOf.getAll();
@@ -297,6 +296,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
                        AbstractUserDirectory scopedUserAdmin = scope(user);
                        try {
                                DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
+                               if (directoryUser == null)
+                                       throw new UserDirectoryException("No scoped user found for " + user);
                                LdifAuthorization authorization = new LdifAuthorization(directoryUser,
                                                scopedUserAdmin.getAllRoles(directoryUser));
                                return authorization;
@@ -413,15 +414,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
                return uri;
        }
 
-       // protected List<String> getIndexedUserProperties() {
-       // return indexedUserProperties;
-       // }
-       //
-       // protected void setIndexedUserProperties(List<String>
-       // indexedUserProperties) {
-       // this.indexedUserProperties = indexedUserProperties;
-       // }
-
        private static boolean readOnlyDefault(URI uri) {
                if (uri == null)
                        return true;
@@ -433,8 +425,11 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
                                return !file.canWrite();
                        else
                                return !file.getParentFile().canWrite();
+               } else if (uri.getScheme().equals("ldap")) {
+                       if (uri.getAuthority() != null)// assume writable if authenticated
+                               return false;
                }
-               return true;
+               return true;// read only by default
        }
 
        public boolean isReadOnly() {