Make CMS running without data area, and remove unnecessary dependencies.

[lgpl/argeo-commons.git] / org.argeo.util / src / org / argeo / osgi / useradmin / AggregatingUserAdmin.java
diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java

index 3857b08d0607027cf55e0a4b72528de70135b7e7..ef253800ca304d9b3af6302b1e4df365a65c7af6 100644 (file)
--- a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@ -6,6 +6,7 @@ import java.util.ArrayList;
  import java.util.Arrays;
  import java.util.HashMap;
  import java.util.HashSet;
+import java.util.Hashtable;
  import java.util.List;
  import java.util.Map;
  import java.util.Set;
@@ -14,6 +15,7 @@ import java.util.TreeSet;
  import javax.naming.InvalidNameException;
  import javax.naming.ldap.LdapName;
  
+import org.argeo.util.directory.DirectoryConf;
  import org.osgi.framework.InvalidSyntaxException;
  import org.osgi.service.useradmin.Authorization;
  import org.osgi.service.useradmin.Group;
@@ -93,6 +95,7 @@ public class AggregatingUserAdmin implements UserAdmin {
                 }
                 DirectoryUserAdmin userReferentialOfThisUser = findUserAdmin(user.getName());
                 Authorization rawAuthorization = userReferentialOfThisUser.getAuthorization(user);
+               User retrievedUser = (User) userReferentialOfThisUser.getRole(user.getName());
                 String usernameToUse;
                 String displayNameToUse;
                 if (user instanceof Group) {
@@ -113,6 +116,17 @@ public class AggregatingUserAdmin implements UserAdmin {
                 }
  
                 // gather roles from other referentials
+               List<String> allRoles = new ArrayList<>(Arrays.asList(rawAuthorization.getRoles()));
+               for (LdapName otherBaseDn : businessRoles.keySet()) {
+                       if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn()))
+                               continue;
+                       DirectoryUserAdmin otherUserAdmin = businessRoles.get(otherBaseDn);
+                       Authorization auth = otherUserAdmin.getAuthorization(retrievedUser);
+                       allRoles.addAll(Arrays.asList(auth.getRoles()));
+
+               }
+
+               // integrate system roles
                 final DirectoryUserAdmin userAdminToUse;// possibly scoped when authenticating
                 if (user instanceof DirectoryUser) {
                         userAdminToUse = userReferentialOfThisUser;
@@ -136,7 +150,7 @@ public class AggregatingUserAdmin implements UserAdmin {
                         }
                         addAbstractSystemRoles(rawAuthorization, sysRoles);
                         Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
-                                       rawAuthorization.getRoles());
+                                       allRoles.toArray(new String[allRoles.size()]));
                         return authorization;
                 } finally {
                         if (userAdminToUse != null && userAdminToUse.isScoped()) {
@@ -238,7 +252,16 @@ public class AggregatingUserAdmin implements UserAdmin {
  //             return res;
  //     }
  
-       public void destroy() {
+       public void start() {
+               if (systemRoles == null) {
+                       // TODO do we really need separate system roles?
+                       Hashtable<String, Object> properties = new Hashtable<>();
+                       properties.put(DirectoryConf.baseDn.name(), "ou=roles,ou=system");
+                       systemRoles = new DirectoryUserAdmin(properties);
+               }
+       }
+
+       public void stop() {
                 for (LdapName name : businessRoles.keySet()) {
                         DirectoryUserAdmin userDirectory = businessRoles.get(name);
                         destroy(userDirectory);
@@ -254,6 +277,14 @@ public class AggregatingUserAdmin implements UserAdmin {
                 userDirectory.destroy();
         }
  
+//     protected void removeUserDirectory(UserDirectory userDirectory) {
+//             LdapName baseDn = toLdapName(userDirectory.getContext());
+//             businessRoles.remove(baseDn);
+//             if (userDirectory instanceof DirectoryUserAdmin)
+//                     destroy((DirectoryUserAdmin) userDirectory);
+//     }
+
+       @Deprecated
         protected void removeUserDirectory(String basePath) {
                 if (isSystemRolesBaseDn(basePath))
                         throw new IllegalArgumentException("System roles cannot be removed ");
@@ -274,6 +305,8 @@ public class AggregatingUserAdmin implements UserAdmin {
         public Set<UserDirectory> getUserDirectories() {
                 TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getContext().compareTo(o2.getContext()));
                 res.addAll(businessRoles.values());
+               res.add(systemRoles);
                 return res;
         }
+
  }