X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FHomeRepository.java;h=574470398c451e5754233996caad58d28654fada;hb=eda7dc80fe41eff1e621f9c90b90d9e73b84a2c3;hp=68acd2d62baa9086ceb1c257567fb50699d2f1f5;hpb=0243aa5633af84d8608ba912483dbaaaefac42f1;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java index 68acd2d62..574470398 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java @@ -8,13 +8,13 @@ import javax.jcr.Node; import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; +import javax.jcr.nodetype.NodeType; import javax.jcr.security.Privilege; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; -import org.apache.jackrabbit.core.security.SecurityConstants; import org.argeo.cms.CmsException; import org.argeo.jcr.JcrRepositoryWrapper; import org.argeo.jcr.JcrUtils; @@ -28,8 +28,8 @@ import org.argeo.node.NodeUtils; */ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { /** The home base path. */ - private String homeBasePath = "/home"; -// private String peopleBasePath = NodeConstants.PEOPLE_BASE_PATH; + private String homeBasePath = KernelConstants.DEFAULT_HOME_BASE_PATH; + private String groupsBasePath = KernelConstants.DEFAULT_GROUPS_BASE_PATH; private Set checkedUsers = new HashSet(); @@ -48,7 +48,8 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { @Override public Void run() { try { - initJcr(getRepository().login()); + Session adminSession = getRepository().login(); + initJcr(adminSession); } catch (RepositoryException e) { throw new CmsException("Cannot init JCR home", e); } @@ -58,28 +59,6 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { }); } - // @Override - // public Session login() throws LoginException, RepositoryException { - // Session session = super.login(); - // String username = session.getUserID(); - // if (username == null) - // return session; - // if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS)) - // return session; - // - // if (checkedUsers.contains(username)) - // return session; - // Session adminSession = KernelUtils.openAdminSession(getRepository(), - // session.getWorkspace().getName()); - // try { - // syncJcr(adminSession, username); - // checkedUsers.add(username); - // } finally { - // JcrUtils.logoutQuietly(adminSession); - // } - // return session; - // } - @Override protected void processNewSession(Session session) { String username = session.getUserID(); @@ -87,15 +66,10 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { return; if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS)) return; -// if (session.getUserID().equals(AuthConstants.ROLE_KERNEL)) -// return; - if (session.getUserID().equals(SecurityConstants.ADMIN_ID)) - return; if (checkedUsers.contains(username)) return; - Session adminSession = KernelUtils.openAdminSession(getRepository(), - session.getWorkspace().getName()); + Session adminSession = KernelUtils.openAdminSession(getRepository(), session.getWorkspace().getName()); try { syncJcr(adminSession, username); checkedUsers.add(username); @@ -111,13 +85,11 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { private void initJcr(Session adminSession) { try { JcrUtils.mkdirs(adminSession, homeBasePath); -// JcrUtils.mkdirs(adminSession, peopleBasePath); + JcrUtils.mkdirs(adminSession, groupsBasePath); adminSession.save(); - JcrUtils.addPrivilege(adminSession, homeBasePath, - NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ); -// JcrUtils.addPrivilege(adminSession, peopleBasePath, -// NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL); + JcrUtils.addPrivilege(adminSession, homeBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ); + JcrUtils.addPrivilege(adminSession, groupsBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ); adminSession.save(); } catch (RepositoryException e) { throw new CmsException("Cannot initialize node user admin", e); @@ -132,8 +104,7 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { if (userHome == null) { String homePath = generateUserPath(homeBasePath, username); if (session.itemExists(homePath))// duplicate user id - userHome = session.getNode(homePath).getParent() - .addNode(JcrUtils.lastPathElement(homePath)); + userHome = session.getNode(homePath).getParent().addNode(JcrUtils.lastPathElement(homePath)); else userHome = JcrUtils.mkdirs(session, homePath); // userHome = JcrUtils.mkfolders(session, homePath); @@ -142,49 +113,13 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { session.save(); JcrUtils.clearAccessControList(session, homePath, username); - JcrUtils.addPrivilege(session, homePath, username, - Privilege.JCR_ALL); + JcrUtils.addPrivilege(session, homePath, username, Privilege.JCR_ALL); } - -// Node userProfile = NodeUtils.getUserProfile(session, username); -// // new user -// if (userProfile == null) { -// String personPath = generateUserPath(peopleBasePath, username); -// Node personBase; -// if (session.itemExists(personPath))// duplicate user id -// personBase = session.getNode(personPath).getParent() -// .addNode(JcrUtils.lastPathElement(personPath)); -// else -// personBase = JcrUtils.mkdirs(session, personPath); -// userProfile = personBase.addNode(ArgeoNames.ARGEO_PROFILE); -// userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE); -// userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username); -// // userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true); -// // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED, -// // true); -// // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED, -// // true); -// // userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED, -// // true); -// session.save(); -// -// JcrUtils.clearAccessControList(session, userProfile.getPath(), -// username); -// JcrUtils.addPrivilege(session, userProfile.getPath(), username, -// Privilege.JCR_READ); -// } - - // Remote roles - // if (roles != null) { - // writeRemoteRoles(userProfile, roles); - // } if (session.hasPendingChanges()) session.save(); -// return userProfile; } catch (RepositoryException e) { JcrUtils.discardQuietly(session); - throw new CmsException("Cannot sync node security model for " - + username, e); + throw new CmsException("Cannot sync node security model for " + username, e); } } @@ -201,15 +136,37 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { if (atIndex > 0) { String domain = userId.substring(0, atIndex); String name = userId.substring(atIndex + 1); - return base + '/' + JcrUtils.firstCharsToPath(domain, 2) + '/' - + domain + '/' + JcrUtils.firstCharsToPath(name, 2) + '/' - + name; + return base + '/' + domain + '/' + name; } else if (atIndex == 0 || atIndex == (userId.length() - 1)) { throw new CmsException("Unsupported username " + userId); } else { - return base + '/' + JcrUtils.firstCharsToPath(userId, 2) + '/' - + userId; + return base + '/' + userId; + } + } + + public void createWorkgroup(LdapName dn) { + Session adminSession = KernelUtils.openAdminSession(this); + String cn = dn.getRdn(dn.size() - 1).getValue().toString(); + Node newWorkgroup = NodeUtils.getGroupHome(adminSession, cn); + if (newWorkgroup != null) { + JcrUtils.logoutQuietly(adminSession); + throw new CmsException("Workgroup " + newWorkgroup + " already exists for " + dn); } + try { + // TODO enhance transformation of cn to a valid node name + String relPath = cn.replaceAll("[^a-zA-Z0-9]", "_"); + newWorkgroup = JcrUtils.mkdirs(adminSession.getNode(groupsBasePath), relPath, NodeType.NT_UNSTRUCTURED); + newWorkgroup.addMixin(NodeTypes.NODE_GROUP_HOME); + newWorkgroup.setProperty(NodeNames.LDAP_CN, cn); + adminSession.save(); + JcrUtils.addPrivilege(adminSession, newWorkgroup.getPath(), dn.toString(), Privilege.JCR_ALL); + adminSession.save(); + } catch (RepositoryException e) { + throw new CmsException("Cannot create workgroup", e); + } finally { + JcrUtils.logoutQuietly(adminSession); + } + } }