X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=95b1f07adec9705e2802df0e2fea989ea9d2f003;hb=70481c7fe25b2f0393b5e7237d4ee9f4aca304c1;hp=66b6e91e27eac392fc4af28fb7791a3efb454a40;hpb=780f1fce719bb66b4e4899c2339cb49d62c07dc6;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index 66b6e91e2..95b1f07ad 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -34,7 +34,6 @@ import javax.transaction.TransactionManager;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.naming.LdapAttrs;
-import org.argeo.naming.LdapObjs;
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
@@ -55,6 +54,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	private final String userObjectClass, userBase, groupObjectClass, groupBase;
 
 	private final boolean readOnly;
+	private final boolean disabled;
 	private final URI uri;
 
 	private UserAdmin externalRoles;
@@ -109,6 +109,11 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly));
 		} else
 			readOnly = new Boolean(readOnlyStr);
+		String disabledStr = UserAdminConf.disabled.getValue(properties);
+		if (disabledStr != null)
+			disabled = new Boolean(disabledStr);
+		else
+			disabled = false;
 	}
 
 	/** Returns the groups this user is a direct member of. */
@@ -173,7 +178,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	private void collectRoles(DirectoryUser user, List<Role> allRoles) {
 		Attributes attrs = user.getAttributes();
 		// TODO centralize attribute name
-		Attribute memberOf = attrs.get("memberOf");
+		Attribute memberOf = attrs.get(LdapAttrs.memberOf.name());
 		if (memberOf != null) {
 			try {
 				NamingEnumeration<?> values = memberOf.getAll();
@@ -182,8 +187,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 					LdapName groupDn = new LdapName(value.toString());
 					DirectoryUser group = doGetRole(groupDn);
 					allRoles.add(group);
-					if (log.isDebugEnabled())
-						log.debug("Add memberOf " + groupDn);
+					if (log.isTraceEnabled())
+						log.trace("Add memberOf " + groupDn);
 				}
 			} catch (Exception e) {
 				throw new UserDirectoryException("Cannot get memberOf groups for " + user, e);
@@ -193,8 +198,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 				// TODO check for loops
 				DirectoryUser group = doGetRole(groupDn);
 				allRoles.add(group);
-				if (log.isDebugEnabled())
-					log.debug("Add direct group " + groupDn);
+				if (log.isTraceEnabled())
+					log.trace("Add direct group " + groupDn);
 				collectRoles(group, allRoles);
 			}
 		}
@@ -297,6 +302,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			AbstractUserDirectory scopedUserAdmin = scope(user);
 			try {
 				DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
+				if (directoryUser == null)
+					throw new UserDirectoryException("No scoped user found for " + user);
 				LdifAuthorization authorization = new LdifAuthorization(directoryUser,
 						scopedUserAdmin.getAllRoles(directoryUser));
 				return authorization;
@@ -413,34 +420,34 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return uri;
 	}
 
-	// protected List<String> getIndexedUserProperties() {
-	// return indexedUserProperties;
-	// }
-	//
-	// protected void setIndexedUserProperties(List<String>
-	// indexedUserProperties) {
-	// this.indexedUserProperties = indexedUserProperties;
-	// }
-
 	private static boolean readOnlyDefault(URI uri) {
 		if (uri == null)
 			return true;
 		if (uri.getScheme() == null)
 			return false;// assume relative file to be writable
-		if (uri.getScheme().equals("file")) {
+		if (uri.getScheme().equals(UserAdminConf.SCHEME_FILE)) {
 			File file = new File(uri);
 			if (file.exists())
 				return !file.canWrite();
 			else
 				return !file.getParentFile().canWrite();
+		} else if (uri.getScheme().equals(UserAdminConf.SCHEME_LDAP)) {
+			if (uri.getAuthority() != null)// assume writable if authenticated
+				return false;
+		} else if (uri.getScheme().equals(UserAdminConf.SCHEME_OS)) {
+			return true;
 		}
-		return true;
+		return true;// read only by default
 	}
 
 	public boolean isReadOnly() {
 		return readOnly;
 	}
 
+	public boolean isDisabled() {
+		return disabled;
+	}
+
 	protected UserAdmin getExternalRoles() {
 		return externalRoles;
 	}