X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.api.cms%2Fsrc%2Forg%2Fargeo%2Fapi%2Fcms%2Fauth%2FSystemRole.java;fp=org.argeo.api.cms%2Fsrc%2Forg%2Fargeo%2Fapi%2Fcms%2Fauth%2FSystemRole.java;h=9880851789f419c6c22b90ff9356faeccce927ec;hb=40f2d6712d120dd62a42b7db3a6f074ce49c83d4;hp=0000000000000000000000000000000000000000;hpb=c7b612ca9bd7df43b0bec37c8abcae846587c978;p=lgpl%2Fargeo-commons.git
diff --git a/org.argeo.api.cms/src/org/argeo/api/cms/auth/SystemRole.java b/org.argeo.api.cms/src/org/argeo/api/cms/auth/SystemRole.java
new file mode 100644
index 000000000..988085178
--- /dev/null
+++ b/org.argeo.api.cms/src/org/argeo/api/cms/auth/SystemRole.java
@@ -0,0 +1,47 @@
+package org.argeo.api.cms.auth;
+
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.xml.namespace.QName;
+
+import org.argeo.api.cms.CmsConstants;
+
+/** A programmatic role. */
+public interface SystemRole {
+ QName qName();
+
+ /** Whether this role is implied for this authenticated user. */
+ default boolean implied(Subject subject, String context) {
+ return implied(qName(), subject, context);
+ }
+
+ /** Whether this role is implied for this distinguished name. */
+ default boolean implied(String dn, String context) {
+ String roleContext = RoleNameUtils.getContext(dn);
+ QName roleName = RoleNameUtils.getLastRdnAsName(dn);
+ return roleContext.equalsIgnoreCase(context) && qName().equals(roleName);
+ }
+
+ /**
+ * Whether this role is implied for this authenticated subject. If context is
+ * null
, it is not considered; this should be used to build user
+ * interfaces, but not to authorise.
+ */
+ static boolean implied(QName name, Subject subject, String context) {
+ Set roles = subject.getPrincipals(ImpliedByPrincipal.class);
+ for (ImpliedByPrincipal role : roles) {
+ if (role.isSystemRole()) {
+ if (role.getRoleName().equals(name)) {
+ // !! if context is not specified, it is considered irrelevant
+ if (context == null)
+ return true;
+ if (role.getContext().equalsIgnoreCase(context)
+ || role.getContext().equals(CmsConstants.NODE_BASEDN))
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+}