X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSystemRole.java;h=646752d412f988d7ba3ddb60e05edcff7e0f5b67;hb=e023e9027edc0d734d11cb759259eaebb6d68bc9;hp=3a28b7c8878a4fce9e04fd9108d2de76050fba2a;hpb=92044e2022c2e55999617080fc3c69aaeeeeb0f8;p=lgpl%2Fargeo-commons.git
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
index 3a28b7c88..646752d41 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
@@ -8,14 +8,32 @@ import javax.xml.namespace.QName;
import org.argeo.api.cms.CmsConstants;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
+/** A programmatic role. */
public interface SystemRole {
QName getName();
+ /** Whether this role is implied for this authenticated user. */
default boolean implied(Subject subject, String context) {
+ return implied(getName(), subject, context);
+ }
+
+ /** Whether this role is implied for this distinguished name. */
+ default boolean implied(String dn, String context) {
+ String roleContext = RoleNameUtils.getContext(dn);
+ QName roleName = RoleNameUtils.getLastRdnAsName(dn);
+ return roleContext.equalsIgnoreCase(context) && getName().equals(roleName);
+ }
+
+ /**
+ * Whether this role is implied for this authenticated subject. If context is
+ * null, it is not considered; this should be used to build user
+ * interfaces, but not to authorise.
+ */
+ static boolean implied(QName name, Subject subject, String context) {
Set roles = subject.getPrincipals(ImpliedByPrincipal.class);
for (ImpliedByPrincipal role : roles) {
if (role.isSystemRole()) {
- if (role.getRoleName().equals(getName())) {
+ if (role.getRoleName().equals(name)) {
// !! if context is not specified, it is considered irrelevant
if (context == null)
return true;
@@ -27,5 +45,4 @@ public interface SystemRole {
}
return false;
}
-
}