X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCurrentUser.java;h=41a6a880d438297a0a3260d0d26a0da045240dd8;hb=e018ad9078249a806f2e2ef86a6adcbd8cca3188;hp=eaaf41ab72a458ee7acacb0778315922c9c52ba5;hpb=e7c40442d7e33e619f427e0d71084196e2efeb6a;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
index eaaf41ab7..41a6a880d 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
@@ -1,11 +1,11 @@
 package org.argeo.cms.auth;
 
-import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Locale;
 import java.util.Set;
 import java.util.UUID;
@@ -13,10 +13,15 @@ import java.util.UUID;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 
-import org.argeo.api.NodeConstants;
+import org.argeo.api.acr.NamespaceUtils;
+import org.argeo.api.cms.CmsConstants;
+import org.argeo.api.cms.CmsSession;
+import org.argeo.api.cms.CmsSessionId;
+import org.argeo.cms.SystemRole;
 import org.argeo.cms.internal.auth.CmsSessionImpl;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
-import org.argeo.cms.internal.kernel.Activator;
+import org.argeo.cms.internal.runtime.CmsContextImpl;
+import org.argeo.cms.util.CurrentSubject;
 import org.osgi.service.useradmin.Authorization;
 
 /**
@@ -66,6 +71,16 @@ public final class CurrentUser {
 		return roles.contains(role);
 	}
 
+	/** Implies this {@link SystemRole} in this context. */
+	public final static boolean implies(SystemRole role, String context) {
+		return role.implied(currentSubject(), context);
+	}
+
+	/** Implies this role name, also independently of the context. */
+	public final static boolean implies(String role, String context) {
+		return SystemRole.implied(NamespaceUtils.parsePrefixedName(role), currentSubject(), context);
+	}
+
 	/** Executes as the current user */
 	public final static <T> T doAs(PrivilegedAction<T> action) {
 		return Subject.doAs(currentSubject(), action);
@@ -84,7 +99,7 @@ public final class CurrentUser {
 		if (subject == null)
 			throw new IllegalArgumentException("Subject cannot be null");
 		if (subject.getPrincipals(X500Principal.class).size() != 1)
-			return NodeConstants.ROLE_ANONYMOUS;
+			return CmsConstants.ROLE_ANONYMOUS;
 		Principal principal = subject.getPrincipals(X500Principal.class).iterator().next();
 		return principal.getName();
 	}
@@ -105,7 +120,7 @@ public final class CurrentUser {
 	public final static Locale locale(Subject subject) {
 		Set<Locale> locales = subject.getPublicCredentials(Locale.class);
 		if (locales.isEmpty()) {
-			Locale defaultLocale = Activator.getNodeState().getDefaultLocale();
+			Locale defaultLocale = CmsContextImpl.getCmsContext().getDefaultLocale();
 			return defaultLocale;
 		} else
 			return locales.iterator().next();
@@ -116,27 +131,32 @@ public final class CurrentUser {
 		if (subject == null)
 			return true;
 		String username = getUsername(subject);
-		return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
+		return username == null || username.equalsIgnoreCase(CmsConstants.ROLE_ANONYMOUS);
 	}
 
-	public CmsSession getCmsSession() {
+	public static CmsSession getCmsSession() {
 		Subject subject = currentSubject();
-		CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next();
-		return CmsSessionImpl.getByUuid(cmsSessionId.getUuid());
+		Iterator<CmsSessionId> it = subject.getPrivateCredentials(CmsSessionId.class).iterator();
+		if (!it.hasNext())
+			throw new IllegalStateException("No CMS session id available for " + subject);
+		CmsSessionId cmsSessionId = it.next();
+		if (it.hasNext())
+			throw new IllegalStateException("More than one CMS session id available for " + subject);
+		return CmsContextImpl.getCmsContext().getCmsSessionByUuid(cmsSessionId.getUuid());
+	}
+
+	public static boolean isAvailable() {
+		return CurrentSubject.current() != null;
 	}
 
 	/*
 	 * HELPERS
 	 */
 	private static Subject currentSubject() {
-		Subject subject = getAccessControllerSubject();
-		if (subject != null)
-			return subject;
-		throw new IllegalStateException("Cannot find related subject");
-	}
-
-	private static Subject getAccessControllerSubject() {
-		return Subject.getSubject(AccessController.getContext());
+		Subject subject = CurrentSubject.current();
+		if (subject == null)
+			throw new IllegalStateException("Cannot find related subject");
+		return subject;
 	}
 
 	private static Authorization getAuthorization(Subject subject) {
@@ -149,8 +169,8 @@ public final class CurrentUser {
 			nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
 		else
 			return false;
-		CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString());
-		
+		CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByUuid(nodeSessionId);
+
 		// FIXME logout all views
 		// TODO check why it is sometimes null
 		if (cmsSession != null)
@@ -160,6 +180,7 @@ public final class CurrentUser {
 		return true;
 	}
 
+	/** singleton */
 	private CurrentUser() {
 	}
 }