X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=ef253800ca304d9b3af6302b1e4df365a65c7af6;hb=f3ea14abccc33b1c3326417a87c91145be776c72;hp=79d2bd3cbc2f21142f1801a1df5c5fbc307c2095;hpb=336930c69f0cd3e1242e518479624c6366541275;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java index 79d2bd3cb..ef253800c 100644 --- a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java +++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java @@ -6,6 +6,7 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; +import java.util.Hashtable; import java.util.List; import java.util.Map; import java.util.Set; @@ -14,6 +15,7 @@ import java.util.TreeSet; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; +import org.argeo.util.directory.DirectoryConf; import org.osgi.framework.InvalidSyntaxException; import org.osgi.service.useradmin.Authorization; import org.osgi.service.useradmin.Group; @@ -93,6 +95,7 @@ public class AggregatingUserAdmin implements UserAdmin { } DirectoryUserAdmin userReferentialOfThisUser = findUserAdmin(user.getName()); Authorization rawAuthorization = userReferentialOfThisUser.getAuthorization(user); + User retrievedUser = (User) userReferentialOfThisUser.getRole(user.getName()); String usernameToUse; String displayNameToUse; if (user instanceof Group) { @@ -113,6 +116,17 @@ public class AggregatingUserAdmin implements UserAdmin { } // gather roles from other referentials + List allRoles = new ArrayList<>(Arrays.asList(rawAuthorization.getRoles())); + for (LdapName otherBaseDn : businessRoles.keySet()) { + if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn())) + continue; + DirectoryUserAdmin otherUserAdmin = businessRoles.get(otherBaseDn); + Authorization auth = otherUserAdmin.getAuthorization(retrievedUser); + allRoles.addAll(Arrays.asList(auth.getRoles())); + + } + + // integrate system roles final DirectoryUserAdmin userAdminToUse;// possibly scoped when authenticating if (user instanceof DirectoryUser) { userAdminToUse = userReferentialOfThisUser; @@ -136,7 +150,7 @@ public class AggregatingUserAdmin implements UserAdmin { } addAbstractSystemRoles(rawAuthorization, sysRoles); Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles, - rawAuthorization.getRoles()); + allRoles.toArray(new String[allRoles.size()])); return authorization; } finally { if (userAdminToUse != null && userAdminToUse.isScoped()) { @@ -239,7 +253,12 @@ public class AggregatingUserAdmin implements UserAdmin { // } public void start() { - + if (systemRoles == null) { + // TODO do we really need separate system roles? + Hashtable properties = new Hashtable<>(); + properties.put(DirectoryConf.baseDn.name(), "ou=roles,ou=system"); + systemRoles = new DirectoryUserAdmin(properties); + } } public void stop() {