X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCurrentUser.java;h=41a6a880d438297a0a3260d0d26a0da045240dd8;hb=e018ad9078249a806f2e2ef86a6adcbd8cca3188;hp=43bddaf8d002a727a9000e93cd056010b8994349;hpb=2cdcc7410782f46eac9a4a505de12e33f67acf15;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
index 43bddaf8d..41a6a880d 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
@@ -1,26 +1,11 @@
-/*
- * Copyright (C) 2007-2012 Argeo GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 package org.argeo.cms.auth;
 
-import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Locale;
 import java.util.Set;
 import java.util.UUID;
@@ -28,11 +13,15 @@ import java.util.UUID;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 
-import org.argeo.cms.CmsException;
+import org.argeo.api.acr.NamespaceUtils;
+import org.argeo.api.cms.CmsConstants;
+import org.argeo.api.cms.CmsSession;
+import org.argeo.api.cms.CmsSessionId;
+import org.argeo.cms.SystemRole;
 import org.argeo.cms.internal.auth.CmsSessionImpl;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
-import org.argeo.cms.internal.kernel.Activator;
-import org.argeo.node.NodeConstants;
+import org.argeo.cms.internal.runtime.CmsContextImpl;
+import org.argeo.cms.util.CurrentSubject;
 import org.osgi.service.useradmin.Authorization;
 
 /**
@@ -40,9 +29,6 @@ import org.osgi.service.useradmin.Authorization;
  * context.
  */
 public final class CurrentUser {
-	// private final static Log log = LogFactory.getLog(CurrentUser.class);
-	// private final static BundleContext bc =
-	// FrameworkUtil.getBundle(CurrentUser.class).getBundleContext();
 	/*
 	 * CURRENT USER API
 	 */
@@ -85,6 +71,16 @@ public final class CurrentUser {
 		return roles.contains(role);
 	}
 
+	/** Implies this {@link SystemRole} in this context. */
+	public final static boolean implies(SystemRole role, String context) {
+		return role.implied(currentSubject(), context);
+	}
+
+	/** Implies this role name, also independently of the context. */
+	public final static boolean implies(String role, String context) {
+		return SystemRole.implied(NamespaceUtils.parsePrefixedName(role), currentSubject(), context);
+	}
+
 	/** Executes as the current user */
 	public final static <T> T doAs(PrivilegedAction<T> action) {
 		return Subject.doAs(currentSubject(), action);
@@ -101,9 +97,9 @@ public final class CurrentUser {
 
 	public final static String getUsername(Subject subject) {
 		if (subject == null)
-			throw new CmsException("Subject cannot be null");
+			throw new IllegalArgumentException("Subject cannot be null");
 		if (subject.getPrincipals(X500Principal.class).size() != 1)
-			return NodeConstants.ROLE_ANONYMOUS;
+			return CmsConstants.ROLE_ANONYMOUS;
 		Principal principal = subject.getPrincipals(X500Principal.class).iterator().next();
 		return principal.getName();
 	}
@@ -124,7 +120,7 @@ public final class CurrentUser {
 	public final static Locale locale(Subject subject) {
 		Set<Locale> locales = subject.getPublicCredentials(Locale.class);
 		if (locales.isEmpty()) {
-			Locale defaultLocale = Activator.getNodeState().getDefaultLocale();
+			Locale defaultLocale = CmsContextImpl.getCmsContext().getDefaultLocale();
 			return defaultLocale;
 		} else
 			return locales.iterator().next();
@@ -135,45 +131,34 @@ public final class CurrentUser {
 		if (subject == null)
 			return true;
 		String username = getUsername(subject);
-		return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
+		return username == null || username.equalsIgnoreCase(CmsConstants.ROLE_ANONYMOUS);
 	}
 
-	public CmsSession getCmsSession() {
+	public static CmsSession getCmsSession() {
 		Subject subject = currentSubject();
-		CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next();
-		return CmsSessionImpl.getByUuid(cmsSessionId.getUuid());
+		Iterator<CmsSessionId> it = subject.getPrivateCredentials(CmsSessionId.class).iterator();
+		if (!it.hasNext())
+			throw new IllegalStateException("No CMS session id available for " + subject);
+		CmsSessionId cmsSessionId = it.next();
+		if (it.hasNext())
+			throw new IllegalStateException("More than one CMS session id available for " + subject);
+		return CmsContextImpl.getCmsContext().getCmsSessionByUuid(cmsSessionId.getUuid());
+	}
+
+	public static boolean isAvailable() {
+		return CurrentSubject.current() != null;
 	}
 
 	/*
 	 * HELPERS
 	 */
 	private static Subject currentSubject() {
-		// CmsAuthenticated cmsView = getNodeAuthenticated();
-		// if (cmsView != null)
-		// return cmsView.getSubject();
-		Subject subject = getAccessControllerSubject();
-		if (subject != null)
-			return subject;
-		throw new CmsException("Cannot find related subject");
-	}
-
-	private static Subject getAccessControllerSubject() {
-		return Subject.getSubject(AccessController.getContext());
+		Subject subject = CurrentSubject.current();
+		if (subject == null)
+			throw new IllegalStateException("Cannot find related subject");
+		return subject;
 	}
 
-	// public static boolean isAuthenticated() {
-	// return getAccessControllerSubject() != null;
-	// }
-
-	/**
-	 * The node authenticated component (typically a CMS view) related to this
-	 * display, or null if none is available from this call. <b>Not API: Only for
-	 * low-level access.</b>
-	 */
-	// private static CmsAuthenticated getNodeAuthenticated() {
-	// return UiContext.getData(CmsAuthenticated.KEY);
-	// }
-
 	private static Authorization getAuthorization(Subject subject) {
 		return subject.getPrivateCredentials(Authorization.class).iterator().next();
 	}
@@ -184,13 +169,18 @@ public final class CurrentUser {
 			nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
 		else
 			return false;
-		CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString());
-		cmsSession.close();
+		CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByUuid(nodeSessionId);
+
+		// FIXME logout all views
+		// TODO check why it is sometimes null
+		if (cmsSession != null)
+			cmsSession.close();
 		// if (log.isDebugEnabled())
 		// log.debug("Logged out CMS session " + cmsSession.getUuid());
 		return true;
 	}
 
+	/** singleton */
 	private CurrentUser() {
 	}
 }