X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=e13f56289ce8b44b2f9629d2e297aadccbf03c03;hb=eb4324be6ac9cdff15828a21ee7d3f6ca2f19fb9;hp=27662938faf84682c56bfec8f50f0f6c416694e0;hpb=99bca5f6b71c24837c23cf2a9bb944e09dca3dea;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index 27662938f..e13f56289 100644
--- a/org.argeo.util/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -33,6 +33,7 @@ import javax.naming.ldap.Rdn;
 
 import org.argeo.osgi.transaction.WorkControl;
 import org.argeo.util.naming.LdapAttrs;
+import org.argeo.util.naming.LdapObjs;
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
@@ -47,8 +48,10 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 	static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
 
 	private final Hashtable<String, Object> properties;
-	private final LdapName baseDn, userBaseDn, groupBaseDn;
-	private final String userObjectClass, userBase, groupObjectClass, groupBase;
+	private final LdapName baseDn;
+	// private final LdapName userBaseDn, groupBaseDn;
+	private final Rdn userBaseRdn, groupBaseRdn, systemRoleBaseRdn;
+	private final String userObjectClass, groupObjectClass;
 
 	private final boolean readOnly;
 	private final boolean disabled;
@@ -94,13 +97,17 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 		forcedPassword = UserAdminConf.forcedPassword.getValue(properties);
 
 		userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
-		userBase = UserAdminConf.userBase.getValue(properties);
+		String userBase = UserAdminConf.userBase.getValue(properties);
 		groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
-		groupBase = UserAdminConf.groupBase.getValue(properties);
+		String groupBase = UserAdminConf.groupBase.getValue(properties);
+		String systemRoleBase = UserAdminConf.systemRoleBase.getValue(properties);
 		try {
 			baseDn = new LdapName(UserAdminConf.baseDn.getValue(properties));
-			userBaseDn = new LdapName(userBase + "," + baseDn);
-			groupBaseDn = new LdapName(groupBase + "," + baseDn);
+			userBaseRdn = new Rdn(userBase);
+//			userBaseDn = new LdapName(userBase + "," + baseDn);
+			groupBaseRdn = new Rdn(groupBase);
+//			groupBaseDn = new LdapName(groupBase + "," + baseDn);
+			systemRoleBaseRdn = new Rdn(systemRoleBase);
 		} catch (InvalidNameException e) {
 			throw new IllegalArgumentException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties),
 					e);
@@ -146,7 +153,7 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 	 */
 
 	@Override
-	public String getGlobalId() {
+	public String getContext() {
 		return getBaseDn().toString();
 	}
 
@@ -185,20 +192,21 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 		try {
 			LdapName name = (LdapName) getBaseDn().clone();
 			String[] segments = path.split("/");
-			String parentSegment = null;
+			Rdn parentRdn = null;
 			for (String segment : segments) {
-				String attr = "ou";
-				if (parentSegment != null) {
-					if (getUserBase().equals(parentSegment))
-						attr = "uid";
-					else if (getGroupBase().equals(parentSegment))
-						attr = "cn";
+				// TODO make attr names configurable ?
+				String attr = LdapAttrs.ou.name();
+				if (parentRdn != null) {
+					if (getUserBaseRdn().equals(parentRdn))
+						attr = LdapAttrs.uid.name();
+					else if (getGroupBaseRdn().equals(parentRdn))
+						attr = LdapAttrs.cn.name();
+					else if (getSystemRoleBaseRdn().equals(parentRdn))
+						attr = LdapAttrs.cn.name();
 				}
 				Rdn rdn = new Rdn(attr, segment);
 				name.add(rdn);
-
-				// TODO make it more robust using RDNs
-				parentSegment = rdn.toString();
+				parentRdn = rdn;
 			}
 			return name;
 		} catch (InvalidNameException e) {
@@ -429,7 +437,7 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 	}
 
 	protected DirectoryUser newRole(LdapName dn, int type, Attributes attrs) {
-		LdifUser newRole;
+		DirectoryUser newRole;
 		BasicAttribute objClass = new BasicAttribute(objectClass.name());
 		if (type == Role.USER) {
 			String userObjClass = newUserObjectClass(dn);
@@ -443,14 +451,14 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 			objClass.add(top.name());
 			objClass.add(extensibleObject.name());
 			attrs.put(objClass);
-			newRole = new LdifUser(this, dn, attrs);
+			newRole = newUser(dn, attrs);
 		} else if (type == Role.GROUP) {
 			String groupObjClass = getGroupObjectClass();
 			objClass.add(groupObjClass);
 			// objClass.add(LdifName.extensibleObject.name());
 			objClass.add(top.name());
 			attrs.put(objClass);
-			newRole = new LdifGroup(this, dn, attrs);
+			newRole = newGroup(dn, attrs);
 		} else
 			throw new IllegalArgumentException("Unsupported type " + type);
 		return newRole;
@@ -539,10 +547,45 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 //	}
 
 	@Override
-	public Iterable<HierarchyUnit> getRootHierarchyUnits() {
+	public Iterable<HierarchyUnit> getDirectHierarchyUnits(boolean functionalOnly) {
 		throw new UnsupportedOperationException();
 	}
 
+	/*
+	 * ROLES CREATION
+	 */
+	protected DirectoryUser newUser(LdapName name, Attributes attrs) {
+		// TODO support devices, applications, etc.
+		return new LdifUser.LdifPerson(this, name, attrs);
+	}
+
+	protected DirectoryGroup newGroup(LdapName name, Attributes attrs) {
+		if (LdapNameUtils.getParentRdn(name).equals(getSystemRoleBaseRdn()))
+			return new LdifGroup.LdifSystemPermissions(this, name, attrs);
+		
+		if (hasObjectClass(attrs, LdapObjs.organization))
+			return new LdifGroup.LdifOrganization(this, name, attrs);
+		else
+			return new LdifGroup.LdifFunctionalGroup(this, name, attrs);
+
+	}
+
+	private boolean hasObjectClass(Attributes attrs, LdapObjs objectClass) {
+		try {
+			Attribute attr = attrs.get(LdapAttrs.objectClass.name());
+			NamingEnumeration<?> en = attr.getAll();
+			while (en.hasMore()) {
+				String v = en.next().toString();
+				if (v.equalsIgnoreCase(objectClass.name()))
+					return true;
+
+			}
+			return false;
+		} catch (NamingException e) {
+			throw new IllegalStateException("Cannot search for objectClass " + objectClass.name(), e);
+		}
+	}
+
 	// GETTERS
 	protected String getMemberAttributeId() {
 		return memberAttributeId;
@@ -596,12 +639,14 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 	}
 
 	protected int roleType(LdapName dn) {
-		if (dn.startsWith(groupBaseDn))
+		Rdn technicalRdn = LdapNameUtils.getParentRdn(dn);
+		if (getGroupBaseRdn().equals(technicalRdn) || getSystemRoleBaseRdn().equals(technicalRdn))
 			return Role.GROUP;
-		else if (dn.startsWith(userBaseDn))
+		else if (userBaseRdn.equals(technicalRdn))
 			return Role.USER;
 		else
-			return Role.GROUP;
+			throw new IllegalArgumentException(
+					"Cannot dind role type, " + technicalRdn + " is not a technical RDN for " + dn);
 	}
 
 	/** dn can be null, in that case a default should be returned. */
@@ -609,8 +654,8 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 		return userObjectClass;
 	}
 
-	public String getUserBase() {
-		return userBase;
+	Rdn getUserBaseRdn() {
+		return userBaseRdn;
 	}
 
 	protected String newUserObjectClass(LdapName dn) {
@@ -621,8 +666,12 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 		return groupObjectClass;
 	}
 
-	public String getGroupBase() {
-		return groupBase;
+	Rdn getGroupBaseRdn() {
+		return groupBaseRdn;
+	}
+
+	Rdn getSystemRoleBaseRdn() {
+		return systemRoleBaseRdn;
 	}
 
 	LdapName getBaseDn() {