X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=66d46d4e94c2acfe3cdb1807bea2ac0b00e018fd;hb=9ec85110269f8be5c83ea26e283359bb451a67b7;hp=2b2ca0c513ba6028e76679f505b63637ccdc76d8;hpb=a5459b7f0a4ce0463b950efd5c776368fe169256;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
index 2b2ca0c51..66d46d4e9 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@ -2,10 +2,8 @@ package org.argeo.osgi.useradmin;
 
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Dictionary;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Hashtable;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -15,6 +13,7 @@ import javax.naming.ldap.LdapName;
 
 import org.osgi.framework.InvalidSyntaxException;
 import org.osgi.service.useradmin.Authorization;
+import org.osgi.service.useradmin.Group;
 import org.osgi.service.useradmin.Role;
 import org.osgi.service.useradmin.User;
 import org.osgi.service.useradmin.UserAdmin;
@@ -25,14 +24,20 @@ import org.osgi.service.useradmin.UserAdmin;
  */
 public class AggregatingUserAdmin implements UserAdmin {
 	private final LdapName systemRolesBaseDn;
+	private final LdapName tokensBaseDn;
 
 	// DAOs
 	private AbstractUserDirectory systemRoles = null;
+	private AbstractUserDirectory tokens = null;
 	private Map<LdapName, AbstractUserDirectory> businessRoles = new HashMap<LdapName, AbstractUserDirectory>();
 
-	public AggregatingUserAdmin(String systemRolesBaseDn) {
+	public AggregatingUserAdmin(String systemRolesBaseDn, String tokensBaseDn) {
 		try {
 			this.systemRolesBaseDn = new LdapName(systemRolesBaseDn);
+			if (tokensBaseDn != null)
+				this.tokensBaseDn = new LdapName(tokensBaseDn);
+			else
+				this.tokensBaseDn = null;
 		} catch (InvalidNameException e) {
 			throw new UserDirectoryException("Cannot initialize " + AggregatingUserAdmin.class, e);
 		}
@@ -84,17 +89,48 @@ public class AggregatingUserAdmin implements UserAdmin {
 		}
 		UserAdmin userAdmin = findUserAdmin(user.getName());
 		Authorization rawAuthorization = userAdmin.getAuthorization(user);
+		String usernameToUse;
+		String displayNameToUse;
+		if (user instanceof Group) {
+			String ownerDn = TokenUtils.userDn((Group) user);
+			if (ownerDn != null) {// tokens
+				UserAdmin ownerUserAdmin = findUserAdmin(ownerDn);
+				User ownerUser = (User) ownerUserAdmin.getRole(ownerDn);
+				usernameToUse = ownerDn;
+				displayNameToUse = LdifAuthorization.extractDisplayName(ownerUser);
+			} else {
+				usernameToUse = rawAuthorization.getName();
+				displayNameToUse = rawAuthorization.toString();
+			}
+		} else {// regular users
+			usernameToUse = rawAuthorization.getName();
+			displayNameToUse = rawAuthorization.toString();
+		}
 		// gather system roles
 		Set<String> sysRoles = new HashSet<String>();
 		for (String role : rawAuthorization.getRoles()) {
 			Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
-			sysRoles.addAll(Arrays.asList(auth.getRoles()));
+			systemRoles: for (String systemRole : auth.getRoles()) {
+				if (role.equals(systemRole))
+					continue systemRoles;
+				sysRoles.add(systemRole);
+			}
+//			sysRoles.addAll(Arrays.asList(auth.getRoles()));
 		}
-		Authorization authorization = new AggregatingAuthorization(rawAuthorization.getName(),
-				rawAuthorization.toString(), sysRoles, rawAuthorization.getRoles());
+		addAbstractSystemRoles(rawAuthorization, sysRoles);
+		Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
+				rawAuthorization.getRoles());
 		return authorization;
 	}
 
+	/**
+	 * Enrich with application-specific roles which are strictly programmatic, such
+	 * as anonymous/user semantics.
+	 */
+	protected void addAbstractSystemRoles(Authorization rawAuthorization, Set<String> sysRoles) {
+
+	}
+
 	//
 	// USER ADMIN AGGREGATOR
 	//
@@ -103,6 +139,9 @@ public class AggregatingUserAdmin implements UserAdmin {
 		if (isSystemRolesBaseDn(baseDn)) {
 			this.systemRoles = userDirectory;
 			systemRoles.setExternalRoles(this);
+		} else if (isTokensBaseDn(baseDn)) {
+			this.tokens = userDirectory;
+			tokens.setExternalRoles(this);
 		} else {
 			if (businessRoles.containsKey(baseDn))
 				throw new UserDirectoryException("There is already a user admin for " + baseDn);
@@ -128,10 +167,25 @@ public class AggregatingUserAdmin implements UserAdmin {
 	private UserAdmin findUserAdmin(LdapName name) {
 		if (name.startsWith(systemRolesBaseDn))
 			return systemRoles;
-		List<UserAdmin> res = new ArrayList<UserAdmin>(1);
-		for (LdapName baseDn : businessRoles.keySet()) {
-			if (name.startsWith(baseDn))
-				res.add(businessRoles.get(baseDn));
+		if (tokensBaseDn != null && name.startsWith(tokensBaseDn))
+			return tokens;
+		List<AbstractUserDirectory> res = new ArrayList<>(1);
+		userDirectories: for (LdapName baseDn : businessRoles.keySet()) {
+			AbstractUserDirectory userDirectory = businessRoles.get(baseDn);
+			if (name.startsWith(baseDn)) {
+				if (userDirectory.isDisabled())
+					continue userDirectories;
+//				if (res.isEmpty()) {
+				res.add(userDirectory);
+//				} else {
+//					for (AbstractUserDirectory ud : res) {
+//						LdapName bd = ud.getBaseDn();
+//						if (userDirectory.getBaseDn().startsWith(bd)) {
+//							// child user directory
+//						}
+//					}
+//				}
+			}
 		}
 		if (res.size() == 0)
 			throw new UserDirectoryException("Cannot find user admin for " + name);
@@ -144,17 +198,21 @@ public class AggregatingUserAdmin implements UserAdmin {
 		return baseDn.equals(systemRolesBaseDn);
 	}
 
-	protected Dictionary<String, Object> currentState() {
-		Dictionary<String, Object> res = new Hashtable<String, Object>();
-		// res.put(NodeConstants.CN, NodeConstants.DEFAULT);
-		for (LdapName name : businessRoles.keySet()) {
-			AbstractUserDirectory userDirectory = businessRoles.get(name);
-			String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString();
-			res.put(uri, "");
-		}
-		return res;
+	protected boolean isTokensBaseDn(LdapName baseDn) {
+		return tokensBaseDn != null && baseDn.equals(tokensBaseDn);
 	}
 
+//	protected Dictionary<String, Object> currentState() {
+//		Dictionary<String, Object> res = new Hashtable<String, Object>();
+//		// res.put(NodeConstants.CN, NodeConstants.DEFAULT);
+//		for (LdapName name : businessRoles.keySet()) {
+//			AbstractUserDirectory userDirectory = businessRoles.get(name);
+//			String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString();
+//			res.put(uri, "");
+//		}
+//		return res;
+//	}
+
 	public void destroy() {
 		for (LdapName name : businessRoles.keySet()) {
 			AbstractUserDirectory userDirectory = businessRoles.get(name);
@@ -181,8 +239,8 @@ public class AggregatingUserAdmin implements UserAdmin {
 	}
 
 	/**
-	 * Called before each user directory is destroyed, so that additional
-	 * actions can be performed.
+	 * Called before each user directory is destroyed, so that additional actions
+	 * can be performed.
 	 */
 	protected void preDestroy(AbstractUserDirectory userDirectory) {
 	}