X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=66d46d4e94c2acfe3cdb1807bea2ac0b00e018fd;hb=9ec85110269f8be5c83ea26e283359bb451a67b7;hp=b09c8df5eee20cb633d3fbe602352202a4ac7ecf;hpb=31d7eccd2b0effdadaaa5b6349e5b6b6ea753e3c;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
index b09c8df5e..66d46d4e9 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@ -2,10 +2,8 @@ package org.argeo.osgi.useradmin;
 
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Dictionary;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Hashtable;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -26,14 +24,20 @@ import org.osgi.service.useradmin.UserAdmin;
  */
 public class AggregatingUserAdmin implements UserAdmin {
 	private final LdapName systemRolesBaseDn;
+	private final LdapName tokensBaseDn;
 
 	// DAOs
 	private AbstractUserDirectory systemRoles = null;
+	private AbstractUserDirectory tokens = null;
 	private Map<LdapName, AbstractUserDirectory> businessRoles = new HashMap<LdapName, AbstractUserDirectory>();
 
-	public AggregatingUserAdmin(String systemRolesBaseDn) {
+	public AggregatingUserAdmin(String systemRolesBaseDn, String tokensBaseDn) {
 		try {
 			this.systemRolesBaseDn = new LdapName(systemRolesBaseDn);
+			if (tokensBaseDn != null)
+				this.tokensBaseDn = new LdapName(tokensBaseDn);
+			else
+				this.tokensBaseDn = null;
 		} catch (InvalidNameException e) {
 			throw new UserDirectoryException("Cannot initialize " + AggregatingUserAdmin.class, e);
 		}
@@ -106,7 +110,12 @@ public class AggregatingUserAdmin implements UserAdmin {
 		Set<String> sysRoles = new HashSet<String>();
 		for (String role : rawAuthorization.getRoles()) {
 			Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
-			sysRoles.addAll(Arrays.asList(auth.getRoles()));
+			systemRoles: for (String systemRole : auth.getRoles()) {
+				if (role.equals(systemRole))
+					continue systemRoles;
+				sysRoles.add(systemRole);
+			}
+//			sysRoles.addAll(Arrays.asList(auth.getRoles()));
 		}
 		addAbstractSystemRoles(rawAuthorization, sysRoles);
 		Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
@@ -130,6 +139,9 @@ public class AggregatingUserAdmin implements UserAdmin {
 		if (isSystemRolesBaseDn(baseDn)) {
 			this.systemRoles = userDirectory;
 			systemRoles.setExternalRoles(this);
+		} else if (isTokensBaseDn(baseDn)) {
+			this.tokens = userDirectory;
+			tokens.setExternalRoles(this);
 		} else {
 			if (businessRoles.containsKey(baseDn))
 				throw new UserDirectoryException("There is already a user admin for " + baseDn);
@@ -155,12 +167,24 @@ public class AggregatingUserAdmin implements UserAdmin {
 	private UserAdmin findUserAdmin(LdapName name) {
 		if (name.startsWith(systemRolesBaseDn))
 			return systemRoles;
-		List<UserAdmin> res = new ArrayList<UserAdmin>(1);
-		for (LdapName baseDn : businessRoles.keySet()) {
+		if (tokensBaseDn != null && name.startsWith(tokensBaseDn))
+			return tokens;
+		List<AbstractUserDirectory> res = new ArrayList<>(1);
+		userDirectories: for (LdapName baseDn : businessRoles.keySet()) {
+			AbstractUserDirectory userDirectory = businessRoles.get(baseDn);
 			if (name.startsWith(baseDn)) {
-				AbstractUserDirectory ud = businessRoles.get(baseDn);
-				if (!ud.isDisabled())
-					res.add(ud);
+				if (userDirectory.isDisabled())
+					continue userDirectories;
+//				if (res.isEmpty()) {
+				res.add(userDirectory);
+//				} else {
+//					for (AbstractUserDirectory ud : res) {
+//						LdapName bd = ud.getBaseDn();
+//						if (userDirectory.getBaseDn().startsWith(bd)) {
+//							// child user directory
+//						}
+//					}
+//				}
 			}
 		}
 		if (res.size() == 0)
@@ -174,17 +198,21 @@ public class AggregatingUserAdmin implements UserAdmin {
 		return baseDn.equals(systemRolesBaseDn);
 	}
 
-	protected Dictionary<String, Object> currentState() {
-		Dictionary<String, Object> res = new Hashtable<String, Object>();
-		// res.put(NodeConstants.CN, NodeConstants.DEFAULT);
-		for (LdapName name : businessRoles.keySet()) {
-			AbstractUserDirectory userDirectory = businessRoles.get(name);
-			String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString();
-			res.put(uri, "");
-		}
-		return res;
+	protected boolean isTokensBaseDn(LdapName baseDn) {
+		return tokensBaseDn != null && baseDn.equals(tokensBaseDn);
 	}
 
+//	protected Dictionary<String, Object> currentState() {
+//		Dictionary<String, Object> res = new Hashtable<String, Object>();
+//		// res.put(NodeConstants.CN, NodeConstants.DEFAULT);
+//		for (LdapName name : businessRoles.keySet()) {
+//			AbstractUserDirectory userDirectory = businessRoles.get(name);
+//			String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString();
+//			res.put(uri, "");
+//		}
+//		return res;
+//	}
+
 	public void destroy() {
 		for (LdapName name : businessRoles.keySet()) {
 			AbstractUserDirectory userDirectory = businessRoles.get(name);