X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.app.core%2Fsrc%2Forg%2Fargeo%2Fapp%2Fcore%2FSuiteUtils.java;h=b766aca268f7941daf2b613a6d271fbd9d308266;hb=6f8eb0aefe75025ee896498615cb1275f53d7f5b;hp=2b211423a145200eef6b67ad3969cfa58bb6081a;hpb=99a029d144e7aab7f8b5a9ac3a2c4383cae4a6f5;p=gpl%2Fargeo-suite.git

diff --git a/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java b/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java
index 2b21142..b766aca 100644
--- a/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java
+++ b/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java
@@ -1,8 +1,7 @@
 package org.argeo.app.core;
 
-import static org.argeo.cms.acr.ContentUtils.SLASH;
-
 import java.util.HashSet;
+import java.util.Optional;
 import java.util.Set;
 
 import javax.jcr.Node;
@@ -10,44 +9,32 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.nodetype.NodeType;
 import javax.jcr.security.Privilege;
-import javax.naming.ldap.LdapName;
 import javax.security.auth.x500.X500Principal;
+import javax.xml.namespace.QName;
 
 import org.argeo.api.acr.Content;
-import org.argeo.api.acr.ContentSession;
+import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapObjs;
 import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsSession;
 import org.argeo.app.api.EntityType;
-import org.argeo.app.api.SuiteRole;
-import org.argeo.cms.CmsUserManager;
-import org.argeo.cms.acr.CmsContentRepository;
-import org.argeo.jackrabbit.security.JackrabbitSecurityUtils;
+import org.argeo.cms.auth.RoleNameUtils;
 import org.argeo.jcr.JcrException;
 import org.argeo.jcr.JcrUtils;
-import org.argeo.osgi.useradmin.UserDirectory;
-import org.argeo.util.naming.LdapAttrs;
-import org.osgi.service.useradmin.Role;
 
 /** Utilities around the Argeo Suite APIs. */
 public class SuiteUtils {
-	public static Content roleToContent(CmsUserManager userManager, ContentSession contentSession, Role role) {
-		UserDirectory userDirectory = userManager.getDirectory(role);
-		String path = CmsContentRepository.DIRECTORY_BASE + SLASH + userDirectory.getName() + SLASH
-				+ userDirectory.getRolePath(role);
-		Content content = contentSession.get(path);
-		return content;
-	}
-
 	@Deprecated
-	public static String getUserNodePath(LdapName userDn) {
-		String uid = userDn.getRdn(userDn.size() - 1).getValue().toString();
+	public static String getUserNodePath(String userDn) {
+		String uid = RoleNameUtils.getLastRdnValue(userDn);
 		return EntityType.user.basePath() + '/' + uid;
 	}
 
-	private static Node getOrCreateUserNode(Session adminSession, LdapName userDn) {
+	@Deprecated
+	private static Node getOrCreateUserNode(Session adminSession, String userDn) {
 		try {
 			Node usersBase = adminSession.getNode(EntityType.user.basePath());
-			String uid = userDn.getRdn(userDn.size() - 1).getValue().toString();
+			String uid = RoleNameUtils.getLastRdnValue(userDn);
 			Node userNode;
 			if (!usersBase.hasNode(uid)) {
 				userNode = usersBase.addNode(uid, NodeType.NT_UNSTRUCTURED);
@@ -56,8 +43,8 @@ public class SuiteUtils {
 				userNode.setProperty(LdapAttrs.distinguishedName.property(), userDn.toString());
 				userNode.setProperty(LdapAttrs.uid.property(), uid);
 				adminSession.save();
-				JackrabbitSecurityUtils.denyPrivilege(adminSession, userNode.getPath(), SuiteRole.coworker.dn(),
-						Privilege.JCR_READ);
+//				JackrabbitSecurityUtils.denyPrivilege(adminSession, userNode.getPath(), SuiteRole.coworker.dn(),
+//						Privilege.JCR_READ);
 				JcrUtils.addPrivilege(adminSession, userNode.getPath(), new X500Principal(userDn.toString()).getName(),
 						Privilege.JCR_READ);
 				JcrUtils.addPrivilege(adminSession, userNode.getPath(), CmsConstants.ROLE_USER_ADMIN,
@@ -83,7 +70,7 @@ public class SuiteUtils {
 	@Deprecated
 	public static Node getOrCreateCmsSessionNode(Session adminSession, CmsSession cmsSession) {
 		try {
-			LdapName userDn = cmsSession.getUserDn();
+			String userDn = cmsSession.getUserDn();
 //			String uid = userDn.get(userDn.size() - 1);
 			Node userNode = getOrCreateUserNode(adminSession, userDn);
 //			if (!usersBase.hasNode(uid)) {
@@ -113,11 +100,6 @@ public class SuiteUtils {
 		}
 	}
 
-	/** Singleton. */
-	private SuiteUtils() {
-
-	}
-
 	public static Set<String> extractRoles(String[] semiColArr) {
 		Set<String> res = new HashSet<>();
 		// TODO factorize and make it more robust
@@ -138,4 +120,33 @@ public class SuiteUtils {
 		return res;
 	}
 
+	synchronized static public long findNextId(Content hierarchyUnit, QName cclass) {
+		if (!hierarchyUnit.hasContentClass(LdapObjs.posixGroup.qName())) 
+			throw new IllegalArgumentException(hierarchyUnit + " is not a POSIX group");
+		
+		long min = hierarchyUnit.get(LdapAttrs.gidNumber.qName(), Long.class).orElseThrow();
+		long currentMax = 0l;
+		for (Content childHu : hierarchyUnit) {
+			if (!childHu.hasContentClass(LdapObjs.organizationalUnit.qName()))
+				continue;
+			// FIXME filter out functional hierarchy unit
+			for (Content role : childHu) {
+				if (role.hasContentClass(cclass)) {
+
+					if (LdapObjs.posixAccount.qName().equals(cclass)) {
+						Long id = role.get(LdapAttrs.uidNumber.qName(), Long.class).orElseThrow();
+						if (id > currentMax)
+							currentMax = id;
+					}
+				}
+			}
+		}
+		if (currentMax == 0l)
+			return min;
+		return currentMax + 1;
+	}
+
+	/** Singleton. */
+	private SuiteUtils() {
+	}
 }