]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.util/src/org/argeo/osgi/useradmin/DirectoryUserAdmin.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Deal with case when groups are not visible by the user
[lgpl/argeo-commons.git] / org.argeo.util / src / org / argeo / osgi / useradmin / DirectoryUserAdmin.java
diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/DirectoryUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/DirectoryUserAdmin.java
index 9f6d62d7a64600e85224c717786c0379335868fe..6f3bd1a6865695cbdbc48729c10a7fda745fc156 100644 (file)
--- a/org.argeo.util/src/org/argeo/osgi/useradmin/DirectoryUserAdmin.java
+++ b/org.argeo.util/src/org/argeo/osgi/useradmin/DirectoryUserAdmin.java
@@ -26,11 +26,11 @@ import org.argeo.util.directory.DirectoryConf;
 import org.argeo.util.directory.DirectoryDigestUtils;
 import org.argeo.util.directory.HierarchyUnit;
 import org.argeo.util.directory.ldap.AbstractLdapDirectory;
+import org.argeo.util.directory.ldap.LdapDao;
 import org.argeo.util.directory.ldap.LdapEntry;
 import org.argeo.util.directory.ldap.LdapEntryWorkingCopy;
 import org.argeo.util.directory.ldap.LdapNameUtils;
 import org.argeo.util.directory.ldap.LdifDao;
-import org.argeo.util.naming.LdapObjs;
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
@@ -66,7 +66,13 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm
         */
 
        protected AbstractLdapDirectory scope(User user) {
-               throw new UnsupportedAddressTypeException();
+               if (getDirectoryDao() instanceof LdapDao) {
+                       return scopeLdap(user);
+               } else if (getDirectoryDao() instanceof LdifDao) {
+                       return scopeLdif(user);
+               } else {
+                       throw new IllegalStateException("Unsupported DAO " + getDirectoryDao().getClass());
+               }
        }
 
        protected DirectoryUserAdmin scopeLdap(User user) {
@@ -74,7 +80,7 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm
                String username = (String) credentials.get(SHARED_STATE_USERNAME);
                if (username == null)
                        username = user.getName();
-               Dictionary<String, Object> properties = cloneProperties();
+               Dictionary<String, Object> properties = cloneConfigProperties();
                properties.put(Context.SECURITY_PRINCIPAL, username.toString());
                Object pwdCred = credentials.get(SHARED_STATE_PASSWORD);
                byte[] pwd = (byte[]) pwdCred;
@@ -84,7 +90,9 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm
                } else {
                        properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
                }
-               return new DirectoryUserAdmin(null, properties, true);
+               DirectoryUserAdmin scopedDirectory = new DirectoryUserAdmin(null, properties, true);
+               scopedDirectory.init();
+               return scopedDirectory;
        }
 
        protected DirectoryUserAdmin scopeLdif(User user) {
@@ -102,13 +110,14 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm
                } else {
                        throw new IllegalStateException("Password is required");
                }
-               Dictionary<String, Object> properties = cloneProperties();
+               Dictionary<String, Object> properties = cloneConfigProperties();
                properties.put(DirectoryConf.readOnly.name(), "true");
                DirectoryUserAdmin scopedUserAdmin = new DirectoryUserAdmin(null, properties, true);
 //             scopedUserAdmin.groups = Collections.unmodifiableNavigableMap(groups);
 //             scopedUserAdmin.users = Collections.unmodifiableNavigableMap(users);
                // FIXME do it better
                ((LdifDao) getDirectoryDao()).scope((LdifDao) scopedUserAdmin.getDirectoryDao());
+               scopedUserAdmin.init();
                return scopedUserAdmin;
        }
 
@@ -126,7 +135,12 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm
 
        @Override
        public Role getRoleByPath(String path) {
-               return (Role) doGetRole(pathToName(path));
+               LdapEntry entry = doGetRole(pathToName(path));
+               if (!(entry instanceof Role)) {
+                       throw new IllegalStateException("Path must be a UserAdmin Role.");
+               } else {
+                       return (Role) entry;
+               }
        }
 
        protected List<Role> getAllRoles(DirectoryUser user) {
@@ -144,7 +158,8 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm
                LdapEntry entry = (LdapEntry) user;
                collectGroups(entry, allEntries);
                for (LdapEntry e : allEntries) {
-                       allRoles.add((Role) e);
+                       if (e instanceof Role)
+                               allRoles.add((Role) e);
                }
 //             Attributes attrs = user.getAttributes();
 //             // TODO centralize attribute name
@@ -283,7 +298,7 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm
                checkEdit();
                LdapEntryWorkingCopy wc = getWorkingCopy();
                LdapName dn = toLdapName(name);
-               if ((getDirectoryDao().daoHasEntry(dn) && !wc.getDeletedData().containsKey(dn))
+               if ((getDirectoryDao().entryExists(dn) && !wc.getDeletedData().containsKey(dn))
                                || wc.getNewData().containsKey(dn))
                        throw new IllegalArgumentException("Already a role " + name);
                BasicAttributes attrs = new BasicAttributes(true);
@@ -380,17 +395,11 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm
         */
        protected LdapEntry newUser(LdapName name, Attributes attrs) {
                // TODO support devices, applications, etc.
-               return new LdifUser.LdifPerson(this, name, attrs);
+               return new LdifUser(this, name, attrs);
        }
 
        protected LdapEntry newGroup(LdapName name, Attributes attrs) {
-               if (LdapNameUtils.getParentRdn(name).equals(getSystemRoleBaseRdn()))
-                       return new LdifGroup.LdifSystemPermissions(this, name, attrs);
-
-               if (hasObjectClass(attrs, LdapObjs.organization))
-                       return new LdifGroup.LdifOrganization(this, name, attrs);
-               else
-                       return new LdifGroup.LdifFunctionalGroup(this, name, attrs);
+               return new LdifGroup(this, name, attrs);
 
        }
 
Argeo Commons - Lightweight integration framework in pure Java/OSGi