X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fauth%2FCmsUserManagerImpl.java;h=b5ee9b306d1b65f9ec5738f8f2467a5ba33380eb;hb=feddb4be70a8304dd4a533efee6e14c22691b500;hp=a1bc1efc85b67e6ec422d54c8e7bee1699919ac4;hpb=c424738be0c47c808f8cc64c2a51a67eb8e3d584;p=lgpl%2Fargeo-commons.git
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
index a1bc1efc8..b5ee9b306 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
@@ -1,8 +1,8 @@
package org.argeo.cms.internal.auth;
-import static org.argeo.util.naming.LdapAttrs.cn;
-import static org.argeo.util.naming.LdapAttrs.description;
-import static org.argeo.util.naming.LdapAttrs.owner;
+import static org.argeo.api.acr.ldap.LdapAttrs.cn;
+import static org.argeo.api.acr.ldap.LdapAttrs.description;
+import static org.argeo.api.acr.ldap.LdapAttrs.owner;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
@@ -14,6 +14,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.NavigableMap;
+import java.util.Objects;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
@@ -24,22 +25,24 @@ import javax.naming.ldap.LdapName;
import javax.security.auth.Subject;
import org.argeo.api.acr.NamespaceUtils;
+import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.NamingUtils;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
+import org.argeo.api.cms.directory.CmsGroup;
+import org.argeo.api.cms.directory.CmsUser;
+import org.argeo.api.cms.directory.HierarchyUnit;
+import org.argeo.api.cms.directory.UserDirectory;
+import org.argeo.api.cms.transaction.WorkTransaction;
import org.argeo.cms.CmsUserManager;
import org.argeo.cms.auth.CurrentUser;
import org.argeo.cms.auth.SystemRole;
import org.argeo.cms.auth.UserAdminUtils;
-import org.argeo.osgi.useradmin.AggregatingUserAdmin;
-import org.argeo.osgi.useradmin.TokenUtils;
-import org.argeo.osgi.useradmin.UserDirectory;
-import org.argeo.util.directory.DirectoryConf;
-import org.argeo.util.directory.HierarchyUnit;
-import org.argeo.util.directory.ldap.LdapEntry;
-import org.argeo.util.directory.ldap.SharedSecret;
-import org.argeo.util.naming.LdapAttrs;
-import org.argeo.util.naming.NamingUtils;
-import org.argeo.util.transaction.WorkTransaction;
+import org.argeo.cms.directory.ldap.LdapEntry;
+import org.argeo.cms.directory.ldap.SharedSecret;
+import org.argeo.cms.osgi.useradmin.AggregatingUserAdmin;
+import org.argeo.cms.osgi.useradmin.TokenUtils;
+import org.argeo.cms.runtime.DirectoryConf;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.useradmin.Authorization;
import org.osgi.service.useradmin.Group;
@@ -94,9 +97,9 @@ public class CmsUserManagerImpl implements CmsUserManager {
// ALL USER: WARNING access to this will be later reduced
- /** Retrieve a user given his dn */
- public User getUser(String dn) {
- return (User) getUserAdmin().getRole(dn);
+ /** Retrieve a user given his dn, or null if it doesn't exist. */
+ public CmsUser getUser(String dn) {
+ return (CmsUser) getUserAdmin().getRole(dn);
}
/** Can be a group or a user */
@@ -131,31 +134,47 @@ public class CmsUserManagerImpl implements CmsUserManager {
return false;
}
- public Set listUsersInGroup(String groupDn, String filter) {
+ public Set listUsersInGroup(String groupDn, String filter) {
Group group = (Group) userAdmin.getRole(groupDn);
if (group == null)
throw new IllegalArgumentException("Group " + groupDn + " not found");
- Set users = new HashSet();
+ Set users = new HashSet<>();
addUsers(users, group, filter);
return users;
}
+// @Override
+// public Set listAccounts(HierarchyUnit hierarchyUnit, boolean deep) {
+// if(!hierarchyUnit.isFunctional())
+// throw new IllegalArgumentException("Hierarchy unit "+hierarchyUnit.getBase()+" is not functional");
+// UserDirectory directory = (UserDirectory)hierarchyUnit.getDirectory();
+// Set res = new HashSet<>();
+// for(HierarchyUnit technicalHu:hierarchyUnit.getDirectHierarchyUnits(false)) {
+// if(technicalHu.isFunctional())
+// continue;
+// for(Role role:directory.getHierarchyUnitRoles(technicalHu, null, false)) {
+// if(role)
+// }
+// }
+// return res;
+// }
+
/** Recursively add users to list */
- private void addUsers(Set users, Group group, String filter) {
+ private void addUsers(Set users, Group group, String filter) {
Role[] roles = group.getMembers();
for (Role role : roles) {
if (role.getType() == Role.GROUP) {
- addUsers(users, (Group) role, filter);
+ addUsers(users, (CmsGroup) role, filter);
} else if (role.getType() == Role.USER) {
if (match(role, filter))
- users.add((User) role);
+ users.add((CmsUser) role);
} else {
// ignore
}
}
}
- public List listGroups(String filter, boolean includeUsers, boolean includeSystemRoles) {
+ public List listGroups(String filter, boolean includeUsers, boolean includeSystemRoles) {
Role[] roles = null;
try {
roles = getUserAdmin().getRoles(filter);
@@ -163,12 +182,13 @@ public class CmsUserManagerImpl implements CmsUserManager {
throw new IllegalArgumentException("Unable to get roles with filter: " + filter, e);
}
- List users = new ArrayList();
+ List users = new ArrayList<>();
for (Role role : roles) {
if ((includeUsers && role.getType() == Role.USER || role.getType() == Role.GROUP) && !users.contains(role)
- && (includeSystemRoles || !role.getName().toLowerCase().endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))) {
+ && (includeSystemRoles
+ || !role.getName().toLowerCase().endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))) {
if (match(role, filter))
- users.add((User) role);
+ users.add((CmsUser) role);
}
}
return users;
@@ -197,10 +217,10 @@ public class CmsUserManagerImpl implements CmsUserManager {
}
@Override
- public User getUserFromLocalId(String localId) {
- User user = getUserAdmin().getUser(LdapAttrs.uid.name(), localId);
+ public CmsUser getUserFromLocalId(String localId) {
+ CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttrs.uid.name(), localId);
if (user == null)
- user = getUserAdmin().getUser(LdapAttrs.cn.name(), localId);
+ user = (CmsUser) getUserAdmin().getUser(LdapAttrs.cn.name(), localId);
return user;
}
@@ -213,10 +233,10 @@ public class CmsUserManagerImpl implements CmsUserManager {
* EDITION
*/
@Override
- public User createUser(String username, Map properties, Map credentials) {
+ public CmsUser createUser(String username, Map properties, Map credentials) {
try {
userTransaction.begin();
- User user = (User) userAdmin.createRole(username, Role.USER);
+ CmsUser user = (CmsUser) userAdmin.createRole(username, Role.USER);
if (properties != null) {
for (String key : properties.keySet())
user.getProperties().put(key, properties.get(key));
@@ -241,14 +261,14 @@ public class CmsUserManagerImpl implements CmsUserManager {
}
@Override
- public Group getOrCreateGroup(HierarchyUnit groups, String commonName) {
+ public CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName) {
try {
String dn = LdapAttrs.cn.name() + "=" + commonName + "," + groups.getBase();
- Group group = (Group) getUserAdmin().getRole(dn);
+ CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
if (group != null)
return group;
userTransaction.begin();
- group = (Group) userAdmin.createRole(dn, Role.GROUP);
+ group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
userTransaction.commit();
return group;
} catch (Exception e) {
@@ -265,15 +285,15 @@ public class CmsUserManagerImpl implements CmsUserManager {
}
@Override
- public Group getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole) {
+ public CmsGroup getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole) {
try {
String dn = LdapAttrs.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole.getName()) + ","
+ roles.getBase();
- Group group = (Group) getUserAdmin().getRole(dn);
+ CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
if (group != null)
return group;
userTransaction.begin();
- group = (Group) userAdmin.createRole(dn, Role.GROUP);
+ group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
userTransaction.commit();
return group;
} catch (Exception e) {
@@ -333,7 +353,48 @@ public class CmsUserManagerImpl implements CmsUserManager {
}
@Override
- public void addMember(Group group, Role role) {
+ public void addObjectClasses(HierarchyUnit hierarchyUnit, Set objectClasses,
+ Map additionalProperties) {
+ try {
+ userTransaction.begin();
+ LdapEntry.addObjectClasses(hierarchyUnit.getProperties(), objectClasses);
+ for (String key : additionalProperties.keySet()) {
+ hierarchyUnit.getProperties().put(key, additionalProperties.get(key));
+ }
+ userTransaction.commit();
+ } catch (Exception e1) {
+ try {
+ if (!userTransaction.isNoTransactionStatus())
+ userTransaction.rollback();
+ } catch (Exception e2) {
+ if (log.isTraceEnabled())
+ log.trace("Cannot rollback transaction", e2);
+ }
+ throw new RuntimeException("Cannot add object classes " + objectClasses + " to " + hierarchyUnit, e1);
+ }
+ }
+
+ @Override
+ public void edit(Runnable action) {
+ Objects.requireNonNull(action);
+ try {
+ userTransaction.begin();
+ action.run();
+ userTransaction.commit();
+ } catch (Exception e1) {
+ try {
+ if (!userTransaction.isNoTransactionStatus())
+ userTransaction.rollback();
+ } catch (Exception e2) {
+ if (log.isTraceEnabled())
+ log.trace("Cannot rollback transaction", e2);
+ }
+ throw new RuntimeException("Cannot edit", e1);
+ }
+ }
+
+ @Override
+ public void addMember(CmsGroup group, Role role) {
try {
userTransaction.begin();
group.addMember(role);