X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=c1727f7465d2e4fbdde2bdeea3671cc51da90fc0;hb=1d7058b30bd990cda7d4efc1c029501f05a07113;hp=3857b08d0607027cf55e0a4b72528de70135b7e7;hpb=dc27b57704278684e72efcaf72b01c5b91df39f8;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java index 3857b08d0..c1727f746 100644 --- a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java +++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java @@ -93,6 +93,7 @@ public class AggregatingUserAdmin implements UserAdmin { } DirectoryUserAdmin userReferentialOfThisUser = findUserAdmin(user.getName()); Authorization rawAuthorization = userReferentialOfThisUser.getAuthorization(user); + User retrievedUser = (User) userReferentialOfThisUser.getRole(user.getName()); String usernameToUse; String displayNameToUse; if (user instanceof Group) { @@ -113,6 +114,17 @@ public class AggregatingUserAdmin implements UserAdmin { } // gather roles from other referentials + List allRoles = new ArrayList<>(Arrays.asList(rawAuthorization.getRoles())); + for (LdapName otherBaseDn : businessRoles.keySet()) { + if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn())) + continue; + DirectoryUserAdmin otherUserAdmin = businessRoles.get(otherBaseDn); + Authorization auth = otherUserAdmin.getAuthorization(retrievedUser); + allRoles.addAll(Arrays.asList(auth.getRoles())); + + } + + // integrate system roles final DirectoryUserAdmin userAdminToUse;// possibly scoped when authenticating if (user instanceof DirectoryUser) { userAdminToUse = userReferentialOfThisUser; @@ -136,7 +148,7 @@ public class AggregatingUserAdmin implements UserAdmin { } addAbstractSystemRoles(rawAuthorization, sysRoles); Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles, - rawAuthorization.getRoles()); + allRoles.toArray(new String[allRoles.size()])); return authorization; } finally { if (userAdminToUse != null && userAdminToUse.isScoped()) { @@ -238,7 +250,11 @@ public class AggregatingUserAdmin implements UserAdmin { // return res; // } - public void destroy() { + public void start() { + + } + + public void stop() { for (LdapName name : businessRoles.keySet()) { DirectoryUserAdmin userDirectory = businessRoles.get(name); destroy(userDirectory); @@ -254,6 +270,14 @@ public class AggregatingUserAdmin implements UserAdmin { userDirectory.destroy(); } +// protected void removeUserDirectory(UserDirectory userDirectory) { +// LdapName baseDn = toLdapName(userDirectory.getContext()); +// businessRoles.remove(baseDn); +// if (userDirectory instanceof DirectoryUserAdmin) +// destroy((DirectoryUserAdmin) userDirectory); +// } + + @Deprecated protected void removeUserDirectory(String basePath) { if (isSystemRolesBaseDn(basePath)) throw new IllegalArgumentException("System roles cannot be removed "); @@ -274,6 +298,8 @@ public class AggregatingUserAdmin implements UserAdmin { public Set getUserDirectories() { TreeSet res = new TreeSet<>((o1, o2) -> o1.getContext().compareTo(o2.getContext())); res.addAll(businessRoles.values()); + res.add(systemRoles); return res; } + }