Layer visibility depending on roles.
[gpl/argeo-suite.git] / core / org.argeo.suite.core / src / org / argeo / suite / SuiteUtils.java
1 package org.argeo.suite;
2
3 import java.util.HashSet;
4 import java.util.Set;
5
6 import javax.jcr.Node;
7 import javax.jcr.RepositoryException;
8 import javax.jcr.Session;
9 import javax.jcr.nodetype.NodeType;
10 import javax.jcr.security.Privilege;
11 import javax.naming.ldap.LdapName;
12 import javax.security.auth.x500.X500Principal;
13
14 import org.argeo.api.NodeConstants;
15 import org.argeo.cms.auth.CmsSession;
16 import org.argeo.entity.EntityType;
17 import org.argeo.jackrabbit.security.JackrabbitSecurityUtils;
18 import org.argeo.jcr.JcrException;
19 import org.argeo.jcr.JcrUtils;
20 import org.argeo.naming.LdapAttrs;
21
22 /** Utilities around the Argeo Suite APIs. */
23 public class SuiteUtils {
24
25         public static String getUserNodePath(LdapName userDn) {
26                 String uid = userDn.getRdn(userDn.size() - 1).getValue().toString();
27                 return EntityType.user.basePath() + '/' + uid;
28         }
29
30         public static Node getOrCreateUserNode(Session adminSession, LdapName userDn) {
31                 try {
32                         Node usersBase = adminSession.getNode(EntityType.user.basePath());
33                         String uid = userDn.getRdn(userDn.size() - 1).getValue().toString();
34                         Node userNode;
35                         if (!usersBase.hasNode(uid)) {
36                                 userNode = usersBase.addNode(uid, NodeType.NT_UNSTRUCTURED);
37                                 userNode.addMixin(EntityType.user.get());
38                                 userNode.addMixin(NodeType.MIX_CREATED);
39                                 userNode.setProperty(LdapAttrs.distinguishedName.property(), userDn.toString());
40                                 userNode.setProperty(LdapAttrs.uid.property(), uid);
41                                 adminSession.save();
42                                 JackrabbitSecurityUtils.denyPrivilege(adminSession, userNode.getPath(), SuiteRole.coworker.dn(),
43                                                 Privilege.JCR_READ);
44                                 JcrUtils.addPrivilege(adminSession, userNode.getPath(), new X500Principal(userDn.toString()).getName(),
45                                                 Privilege.JCR_READ);
46                                 JcrUtils.addPrivilege(adminSession, userNode.getPath(), NodeConstants.ROLE_USER_ADMIN,
47                                                 Privilege.JCR_ALL);
48                         } else {
49                                 userNode = usersBase.getNode(uid);
50                         }
51                         return userNode;
52                 } catch (RepositoryException e) {
53                         throw new JcrException("Cannot create user node for " + userDn, e);
54                 }
55         }
56
57         public static Node getCmsSessionNode(Session session, CmsSession cmsSession) {
58                 try {
59                         return session.getNode(getUserNodePath(cmsSession.getUserDn()) + '/' + cmsSession.getUuid().toString());
60                 } catch (RepositoryException e) {
61                         throw new JcrException("Cannot get session dir for " + cmsSession, e);
62                 }
63         }
64
65         public static Node getOrCreateCmsSessionNode(Session adminSession, CmsSession cmsSession) {
66                 try {
67                         LdapName userDn = cmsSession.getUserDn();
68 //                      String uid = userDn.get(userDn.size() - 1);
69                         Node userNode = getOrCreateUserNode(adminSession, userDn);
70 //                      if (!usersBase.hasNode(uid)) {
71 //                              userNode = usersBase.addNode(uid, NodeType.NT_UNSTRUCTURED);
72 //                              userNode.addMixin(EntityType.user.get());
73 //                              userNode.addMixin(NodeType.MIX_CREATED);
74 //                              usersBase.setProperty(LdapAttrs.uid.property(), uid);
75 //                              usersBase.setProperty(LdapAttrs.distinguishedName.property(), userDn.toString());
76 //                              adminSession.save();
77 //                      } else {
78 //                              userNode = usersBase.getNode(uid);
79 //                      }
80                         String cmsSessionUuid = cmsSession.getUuid().toString();
81                         Node cmsSessionNode;
82                         if (!userNode.hasNode(cmsSessionUuid)) {
83                                 cmsSessionNode = userNode.addNode(cmsSessionUuid, NodeType.NT_UNSTRUCTURED);
84                                 cmsSessionNode.addMixin(NodeType.MIX_CREATED);
85                                 adminSession.save();
86                                 JcrUtils.addPrivilege(adminSession, cmsSessionNode.getPath(), cmsSession.getUserRole(),
87                                                 Privilege.JCR_ALL);
88                         } else {
89                                 cmsSessionNode = userNode.getNode(cmsSessionUuid);
90                         }
91                         return cmsSessionNode;
92                 } catch (RepositoryException e) {
93                         throw new JcrException("Cannot create session dir for " + cmsSession, e);
94                 }
95         }
96
97         /** Singleton. */
98         private SuiteUtils() {
99
100         }
101
102         public static Set<String> extractRoles(String[] semiColArr) {
103                 Set<String> res = new HashSet<>();
104                 // TODO factorize and make it more robust
105                 final String rolesPrefix = "roles:=\"";
106                 // first one is layer id
107                 for (int i = 1; i < semiColArr.length; i++) {
108                         if (semiColArr[i].startsWith(rolesPrefix)) {
109                                 String rolesStr = semiColArr[i].substring(rolesPrefix.length());
110                                 // remove last "
111                                 rolesStr = rolesStr.substring(0, rolesStr.lastIndexOf('\"'));
112                                 // TODO support AND (&) as well
113                                 String[] roles = rolesStr.split("\\|");// OR (|)
114                                 for (String role : roles) {
115                                         res.add(role.trim());
116                                 }
117                         }
118                 }
119                 return res;
120         }
121
122 }