X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=179099bad124ebc7cd4c5c049f7723a50177650f;hb=285c23f26c4d634cd139d393ebcb708187d5e960;hp=3857b08d0607027cf55e0a4b72528de70135b7e7;hpb=dc27b57704278684e72efcaf72b01c5b91df39f8;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
index 3857b08d0..179099bad 100644
--- a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@ -6,6 +6,7 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Hashtable;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -14,6 +15,7 @@ import java.util.TreeSet;
 import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 
+import org.argeo.util.directory.DirectoryConf;
 import org.osgi.framework.InvalidSyntaxException;
 import org.osgi.service.useradmin.Authorization;
 import org.osgi.service.useradmin.Group;
@@ -93,6 +95,7 @@ public class AggregatingUserAdmin implements UserAdmin {
 		}
 		DirectoryUserAdmin userReferentialOfThisUser = findUserAdmin(user.getName());
 		Authorization rawAuthorization = userReferentialOfThisUser.getAuthorization(user);
+		User retrievedUser = (User) userReferentialOfThisUser.getRole(user.getName());
 		String usernameToUse;
 		String displayNameToUse;
 		if (user instanceof Group) {
@@ -113,6 +116,17 @@ public class AggregatingUserAdmin implements UserAdmin {
 		}
 
 		// gather roles from other referentials
+		List<String> allRoles = new ArrayList<>(Arrays.asList(rawAuthorization.getRoles()));
+		for (LdapName otherBaseDn : businessRoles.keySet()) {
+			if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn()))
+				continue;
+			DirectoryUserAdmin otherUserAdmin = businessRoles.get(otherBaseDn);
+			Authorization auth = otherUserAdmin.getAuthorization(retrievedUser);
+			allRoles.addAll(Arrays.asList(auth.getRoles()));
+
+		}
+
+		// integrate system roles
 		final DirectoryUserAdmin userAdminToUse;// possibly scoped when authenticating
 		if (user instanceof DirectoryUser) {
 			userAdminToUse = userReferentialOfThisUser;
@@ -136,7 +150,7 @@ public class AggregatingUserAdmin implements UserAdmin {
 			}
 			addAbstractSystemRoles(rawAuthorization, sysRoles);
 			Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
-					rawAuthorization.getRoles());
+					allRoles.toArray(new String[allRoles.size()]));
 			return authorization;
 		} finally {
 			if (userAdminToUse != null && userAdminToUse.isScoped()) {
@@ -160,7 +174,7 @@ public class AggregatingUserAdmin implements UserAdmin {
 		if (!(ud instanceof DirectoryUserAdmin))
 			throw new IllegalArgumentException("Only " + DirectoryUserAdmin.class.getName() + " is supported");
 		DirectoryUserAdmin userDirectory = (DirectoryUserAdmin) ud;
-		String basePath = userDirectory.getContext();
+		String basePath = userDirectory.getBase();
 		if (isSystemRolesBaseDn(basePath)) {
 			this.systemRoles = userDirectory;
 			systemRoles.setExternalRoles(this);
@@ -238,7 +252,16 @@ public class AggregatingUserAdmin implements UserAdmin {
 //		return res;
 //	}
 
-	public void destroy() {
+	public void start() {
+		if (systemRoles == null) {
+			// TODO do we really need separate system roles?
+			Hashtable<String, Object> properties = new Hashtable<>();
+			properties.put(DirectoryConf.baseDn.name(), "ou=roles,ou=system");
+			systemRoles = new DirectoryUserAdmin(properties);
+		}
+	}
+
+	public void stop() {
 		for (LdapName name : businessRoles.keySet()) {
 			DirectoryUserAdmin userDirectory = businessRoles.get(name);
 			destroy(userDirectory);
@@ -254,6 +277,14 @@ public class AggregatingUserAdmin implements UserAdmin {
 		userDirectory.destroy();
 	}
 
+//	protected void removeUserDirectory(UserDirectory userDirectory) {
+//		LdapName baseDn = toLdapName(userDirectory.getContext());
+//		businessRoles.remove(baseDn);
+//		if (userDirectory instanceof DirectoryUserAdmin)
+//			destroy((DirectoryUserAdmin) userDirectory);
+//	}
+
+	@Deprecated
 	protected void removeUserDirectory(String basePath) {
 		if (isSystemRolesBaseDn(basePath))
 			throw new IllegalArgumentException("System roles cannot be removed ");
@@ -272,8 +303,10 @@ public class AggregatingUserAdmin implements UserAdmin {
 	}
 
 	public Set<UserDirectory> getUserDirectories() {
-		TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getContext().compareTo(o2.getContext()));
+		TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getBase().compareTo(o2.getBase()));
 		res.addAll(businessRoles.values());
+		res.add(systemRoles);
 		return res;
 	}
+
 }