}
DirectoryUserAdmin userReferentialOfThisUser = findUserAdmin(user.getName());
Authorization rawAuthorization = userReferentialOfThisUser.getAuthorization(user);
+ User retrievedUser = (User) userReferentialOfThisUser.getRole(user.getName());
String usernameToUse;
String displayNameToUse;
if (user instanceof Group) {
}
// gather roles from other referentials
+ List<String> allRoles = new ArrayList<>(Arrays.asList(rawAuthorization.getRoles()));
+ for (LdapName otherBaseDn : businessRoles.keySet()) {
+ if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn()))
+ continue;
+ DirectoryUserAdmin otherUserAdmin = businessRoles.get(otherBaseDn);
+ Authorization auth = otherUserAdmin.getAuthorization(retrievedUser);
+ allRoles.addAll(Arrays.asList(auth.getRoles()));
+
+ }
+
+ // integrate system roles
final DirectoryUserAdmin userAdminToUse;// possibly scoped when authenticating
if (user instanceof DirectoryUser) {
userAdminToUse = userReferentialOfThisUser;
}
addAbstractSystemRoles(rawAuthorization, sysRoles);
Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
- rawAuthorization.getRoles());
+ allRoles.toArray(new String[allRoles.size()]));
return authorization;
} finally {
if (userAdminToUse != null && userAdminToUse.isScoped()) {
projects / lgpl / argeo-commons.git / blobdiff