X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=66d46d4e94c2acfe3cdb1807bea2ac0b00e018fd;hb=9ec85110269f8be5c83ea26e283359bb451a67b7;hp=85a44708204312646d30b7db4f235599231957a3;hpb=926f90e3c10006130db5dc382ec698e666b80e5f;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
index 85a447082..66d46d4e9 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@ -110,7 +110,12 @@ public class AggregatingUserAdmin implements UserAdmin {
 		Set<String> sysRoles = new HashSet<String>();
 		for (String role : rawAuthorization.getRoles()) {
 			Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
-			sysRoles.addAll(Arrays.asList(auth.getRoles()));
+			systemRoles: for (String systemRole : auth.getRoles()) {
+				if (role.equals(systemRole))
+					continue systemRoles;
+				sysRoles.add(systemRole);
+			}
+//			sysRoles.addAll(Arrays.asList(auth.getRoles()));
 		}
 		addAbstractSystemRoles(rawAuthorization, sysRoles);
 		Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
@@ -164,23 +169,23 @@ public class AggregatingUserAdmin implements UserAdmin {
 			return systemRoles;
 		if (tokensBaseDn != null && name.startsWith(tokensBaseDn))
 			return tokens;
-		List<UserAdmin> res = new ArrayList<UserAdmin>(1);
-		for (LdapName baseDn : businessRoles.keySet()) {
-			AbstractUserDirectory ud = businessRoles.get(baseDn);
+		List<AbstractUserDirectory> res = new ArrayList<>(1);
+		userDirectories: for (LdapName baseDn : businessRoles.keySet()) {
+			AbstractUserDirectory userDirectory = businessRoles.get(baseDn);
 			if (name.startsWith(baseDn)) {
-				if (!ud.isDisabled())
-					res.add(ud);
-			}
-//			Object principal = ud.getProperties().get(Context.SECURITY_PRINCIPAL);
-//			if (principal != null) {
-//				try {
-//					LdapName principalLdapName = new LdapName(principal.toString());
-//					if (principalLdapName.equals(name))
-//						res.add(ud);
-//				} catch (InvalidNameException e) {
-//					// silent
+				if (userDirectory.isDisabled())
+					continue userDirectories;
+//				if (res.isEmpty()) {
+				res.add(userDirectory);
+//				} else {
+//					for (AbstractUserDirectory ud : res) {
+//						LdapName bd = ud.getBaseDn();
+//						if (userDirectory.getBaseDn().startsWith(bd)) {
+//							// child user directory
+//						}
+//					}
 //				}
-//			}
+			}
 		}
 		if (res.size() == 0)
 			throw new UserDirectoryException("Cannot find user admin for " + name);