X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=83b2f170951b0b15951c93ee3e8e97a5d0d8c155;hb=da78fca0c8b99cabab454d704136e0313342292c;hp=179099bad124ebc7cd4c5c049f7723a50177650f;hpb=92e952dc93d7be465e8b7c03b78a857d33ab5ae0;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java index 179099bad..83b2f1709 100644 --- a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java +++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java @@ -9,6 +9,7 @@ import java.util.HashSet; import java.util.Hashtable; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Set; import java.util.TreeSet; @@ -88,6 +89,7 @@ public class AggregatingUserAdmin implements UserAdmin { return res.size() == 1 ? res.get(0) : null; } + /** Builds an authorisation by scanning all referentials. */ @Override public Authorization getAuthorization(User user) { if (user == null) {// anonymous @@ -120,21 +122,17 @@ public class AggregatingUserAdmin implements UserAdmin { for (LdapName otherBaseDn : businessRoles.keySet()) { if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn())) continue; - DirectoryUserAdmin otherUserAdmin = businessRoles.get(otherBaseDn); + DirectoryUserAdmin otherUserAdmin = userAdminToUse(user, businessRoles.get(otherBaseDn)); + if (otherUserAdmin == null) + continue; Authorization auth = otherUserAdmin.getAuthorization(retrievedUser); allRoles.addAll(Arrays.asList(auth.getRoles())); } // integrate system roles - final DirectoryUserAdmin userAdminToUse;// possibly scoped when authenticating - if (user instanceof DirectoryUser) { - userAdminToUse = userReferentialOfThisUser; - } else if (user instanceof AuthenticatingUser) { - userAdminToUse = (DirectoryUserAdmin) userReferentialOfThisUser.scope(user); - } else { - throw new IllegalArgumentException("Unsupported user type " + user.getClass()); - } + final DirectoryUserAdmin userAdminToUse = userAdminToUse(retrievedUser, userReferentialOfThisUser); + Objects.requireNonNull(userAdminToUse); try { Set sysRoles = new HashSet(); @@ -159,6 +157,18 @@ public class AggregatingUserAdmin implements UserAdmin { } } + /** Decide whether to scope or not */ + private DirectoryUserAdmin userAdminToUse(User user, DirectoryUserAdmin userAdmin) { + if (user instanceof DirectoryUser) { + return userAdmin; + } else if (user instanceof AuthenticatingUser) { + return userAdmin.scope(user).orElse(null); + } else { + throw new IllegalArgumentException("Unsupported user type " + user.getClass()); + } + + } + /** * Enrich with application-specific roles which are strictly programmatic, such * as anonymous/user semantics.