X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fuseradmin%2Fjackrabbit%2FJackrabbitUserAdminService.java;fp=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fuseradmin%2Fjackrabbit%2FJackrabbitUserAdminService.java;h=6b73a3e19af4e182fda24d06aeac4d9b56927a81;hb=c110010dddf647925707a8dcd19c86e1f5254878;hp=d35f996f49e7e78b074119748fa5ed70d2545f8e;hpb=d12f4cda6ff7b1de242a19362c3680f30ccc5168;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
index d35f996f4..6b73a3e19 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
@@ -28,6 +28,7 @@ import org.argeo.cms.internal.auth.JcrSecurityModel;
 import org.argeo.jcr.JcrUtils;
 import org.argeo.jcr.UserJcrUtils;
 import org.argeo.security.NodeAuthenticationToken;
+import org.argeo.security.SecurityUtils;
 import org.argeo.security.UserAdminService;
 import org.argeo.security.jcr.JcrUserDetails;
 import org.argeo.security.jcr.NewUserDetails;
@@ -63,7 +64,6 @@ public class JackrabbitUserAdminService implements UserAdminService,
 				.getAuthentication();
 		authentication.getName();
 		adminSession = (JackrabbitSession) repository.login();
-		securityModel.init(adminSession);
 		Authorizable adminGroup = getUserManager().getAuthorizable(
 				KernelHeader.ROLE_ADMIN);
 		if (adminGroup == null) {
@@ -79,6 +79,7 @@ public class JackrabbitUserAdminService implements UserAdminService,
 			securityModel.sync(adminSession, KernelHeader.USERNAME_ADMIN, null);
 			adminSession.save();
 		}
+		securityModel.init(adminSession);
 	}
 
 	public void destroy() throws RepositoryException {
@@ -282,7 +283,10 @@ public class JackrabbitUserAdminService implements UserAdminService,
 				Group group = (Group) groups.next();
 				String groupName = group.getPrincipal().getName();
 				String role = groupNameToRole(groupName);
-				if (role != null && !role.equals(KernelHeader.ROLE_GROUP_ADMIN))
+				if (role != null
+						&& !role.equals(KernelHeader.ROLE_GROUP_ADMIN)
+						&& !(role.equals(KernelHeader.ROLE_ADMIN) && !SecurityUtils
+								.hasCurrentThreadAuthority(KernelHeader.ROLE_ADMIN)))
 					res.add(role);
 			}
 			return res;