X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSystemRole.java;h=5d62d9803f08a3eb033cd929949c505bab92f679;hb=e57ee18ac7b8cfd2bdf4b2e56a65275ce24732b3;hp=9c686a6c6016b2b0328b0b34156fc1063e4f66ee;hpb=eb4324be6ac9cdff15828a21ee7d3f6ca2f19fb9;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
index 9c686a6c6..5d62d9803 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
@@ -5,22 +5,31 @@ import java.util.Set;
 import javax.security.auth.Subject;
 import javax.xml.namespace.QName;
 
+import org.argeo.api.cms.CmsConstants;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
 
 public interface SystemRole {
 	QName getName();
 
 	default boolean implied(Subject subject, String context) {
+		return implied(getName(), subject, context);
+	}
+
+	static boolean implied(QName name, Subject subject, String context) {
 		Set<ImpliedByPrincipal> roles = subject.getPrincipals(ImpliedByPrincipal.class);
 		for (ImpliedByPrincipal role : roles) {
 			if (role.isSystemRole()) {
-				if (role.getRoleName().equals(getName())) {
-					if (role.getContext().equalsIgnoreCase(context))
+				if (role.getRoleName().equals(name)) {
+					// !! if context is not specified, it is considered irrelevant
+					if (context == null)
+						return true;
+					if (role.getContext().equalsIgnoreCase(context)
+							|| role.getContext().equals(CmsConstants.NODE_BASEDN))
 						return true;
 				}
 			}
 		}
 		return false;
-	}
 
+	}
 }