X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FSystemRole.java;h=646752d412f988d7ba3ddb60e05edcff7e0f5b67;hb=e023e9027edc0d734d11cb759259eaebb6d68bc9;hp=9c686a6c6016b2b0328b0b34156fc1063e4f66ee;hpb=eb4324be6ac9cdff15828a21ee7d3f6ca2f19fb9;p=lgpl%2Fargeo-commons.git
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
index 9c686a6c6..646752d41 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
@@ -5,22 +5,44 @@ import java.util.Set;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
+import org.argeo.api.cms.CmsConstants;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
+/** A programmatic role. */
public interface SystemRole {
QName getName();
+ /** Whether this role is implied for this authenticated user. */
default boolean implied(Subject subject, String context) {
+ return implied(getName(), subject, context);
+ }
+
+ /** Whether this role is implied for this distinguished name. */
+ default boolean implied(String dn, String context) {
+ String roleContext = RoleNameUtils.getContext(dn);
+ QName roleName = RoleNameUtils.getLastRdnAsName(dn);
+ return roleContext.equalsIgnoreCase(context) && getName().equals(roleName);
+ }
+
+ /**
+ * Whether this role is implied for this authenticated subject. If context is
+ * null
, it is not considered; this should be used to build user
+ * interfaces, but not to authorise.
+ */
+ static boolean implied(QName name, Subject subject, String context) {
Set roles = subject.getPrincipals(ImpliedByPrincipal.class);
for (ImpliedByPrincipal role : roles) {
if (role.isSystemRole()) {
- if (role.getRoleName().equals(getName())) {
- if (role.getContext().equalsIgnoreCase(context))
+ if (role.getRoleName().equals(name)) {
+ // !! if context is not specified, it is considered irrelevant
+ if (context == null)
+ return true;
+ if (role.getContext().equalsIgnoreCase(context)
+ || role.getContext().equals(CmsConstants.NODE_BASEDN))
return true;
}
}
}
return false;
}
-
}