X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.app.ui%2Fsrc%2Forg%2Fargeo%2Fapp%2Fui%2Fpeople%2FPeopleEntryArea.java;h=a0decc04affe791b268666ea4b40cc1aaa2556cc;hb=3a3eb17b114cb514ebffc55c04a42198688e6df2;hp=9ab179c6e700defb44836c7bbe4761fe4d826fbf;hpb=3505709f50eec3a940e82c6aac7bc2d4bd1dec65;p=gpl%2Fargeo-suite.git

diff --git a/org.argeo.app.ui/src/org/argeo/app/ui/people/PeopleEntryArea.java b/org.argeo.app.ui/src/org/argeo/app/ui/people/PeopleEntryArea.java
index 9ab179c..a0decc0 100644
--- a/org.argeo.app.ui/src/org/argeo/app/ui/people/PeopleEntryArea.java
+++ b/org.argeo.app.ui/src/org/argeo/app/ui/people/PeopleEntryArea.java
@@ -34,6 +34,7 @@ import org.argeo.cms.ux.widgets.DefaultTabularPart;
 import org.argeo.cms.ux.widgets.HierarchicalPart;
 import org.argeo.osgi.useradmin.UserDirectory;
 import org.argeo.util.directory.HierarchyUnit;
+import org.argeo.util.directory.ldap.IpaUtils;
 import org.argeo.util.naming.LdapAttrs;
 import org.argeo.util.naming.LdapObjs;
 import org.eclipse.jface.window.Window;
@@ -84,13 +85,18 @@ public class PeopleEntryArea implements SwtUiProvider, CmsUiProvider {
 				List<HierarchyUnit> visible = new ArrayList<>();
 				if (parent != null) {
 					for (HierarchyUnit hu : parent.getDirectHierarchyUnits(true)) {
-						if (CurrentUser.implies(CmsRole.userAdmin, hu.getContext())) {
+						if (CurrentUser.implies(CmsRole.userAdmin, hu.getContext()) //
+						) // IPA
+						{
 							visible.add(hu);
 						}
 					}
 				} else {
 					for (UserDirectory directory : cmsUserManager.getUserDirectories()) {
-						if (CurrentUser.implies(CmsRole.userAdmin, directory.getContext())) {
+						if (CurrentUser.implies(CmsRole.userAdmin, directory.getContext()) //
+								|| CurrentUser.implies(CmsRole.userAdmin,
+										IpaUtils.IPA_ACCOUNTS_RDN + "," + directory.getContext())) // IPA
+						{
 							visible.add(directory);
 						}
 
@@ -114,13 +120,24 @@ public class PeopleEntryArea implements SwtUiProvider, CmsUiProvider {
 			protected List<Content> asList(HierarchyUnit hu) {
 				List<Content> roles = new ArrayList<>();
 				UserDirectory ud = (UserDirectory) hu.getDirectory();
-				for (HierarchyUnit directChild : hu.getDirectHierarchyUnits(false)) {
-					if (!directChild.isFunctional()) {
-						for (Role r : ud.getHierarchyUnitRoles(directChild, null, false)) {
-							Content content = ContentUtils.roleToContent(cmsUserManager, contentSession, r);
-							// if (r instanceof Person || r instanceof Organization)
-							if (content.hasContentClass(LdapObjs.inetOrgPerson.qName(), LdapObjs.organization.qName()))
-								roles.add(content);
+				if (ud.getRealm().isPresent()) {
+					for (Role r : ud.getHierarchyUnitRoles(ud, null, true)) {
+						Content content = ContentUtils.roleToContent(cmsUserManager, contentSession, r);
+						// if (r instanceof Person || r instanceof Organization)
+						if (content.hasContentClass(LdapObjs.inetOrgPerson.qName(), LdapObjs.organization.qName()))
+							roles.add(content);
+					}
+
+				} else {
+					for (HierarchyUnit directChild : hu.getDirectHierarchyUnits(false)) {
+						if (!directChild.isFunctional()) {
+							for (Role r : ud.getHierarchyUnitRoles(directChild, null, false)) {
+								Content content = ContentUtils.roleToContent(cmsUserManager, contentSession, r);
+								// if (r instanceof Person || r instanceof Organization)
+								if (content.hasContentClass(LdapObjs.inetOrgPerson.qName(),
+										LdapObjs.organization.qName()))
+									roles.add(content);
+							}
 						}
 					}
 				}