Major refactoring of Argeo CMS UI

[gpl/argeo-suite.git] / org.argeo.suite.core / src / org / argeo / suite / SuiteUtils.java

diff --git a/org.argeo.suite.core/src/org/argeo/suite/SuiteUtils.java b/org.argeo.suite.core/src/org/argeo/suite/SuiteUtils.java
index f264bdf3bdd83cb81aac7747c0013cfdfffbe30b..e67339182e34ba818ef293d99d5ac44b97894f3e 100644 (file)
--- a/org.argeo.suite.core/src/org/argeo/suite/SuiteUtils.java
+++ b/org.argeo.suite.core/src/org/argeo/suite/SuiteUtils.java
@@ -1,14 +1,20 @@
 package org.argeo.suite;
 
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.jcr.Node;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.nodetype.NodeType;
 import javax.jcr.security.Privilege;
 import javax.naming.ldap.LdapName;
+import javax.security.auth.x500.X500Principal;
 
-import org.argeo.cms.auth.CmsSession;
+import org.argeo.api.NodeConstants;
+import org.argeo.api.cms.CmsSession;
 import org.argeo.entity.EntityType;
+import org.argeo.jackrabbit.security.JackrabbitSecurityUtils;
 import org.argeo.jcr.JcrException;
 import org.argeo.jcr.JcrUtils;
 import org.argeo.naming.LdapAttrs;
@@ -33,6 +39,12 @@ public class SuiteUtils {
                                userNode.setProperty(LdapAttrs.distinguishedName.property(), userDn.toString());
                                userNode.setProperty(LdapAttrs.uid.property(), uid);
                                adminSession.save();
+                               JackrabbitSecurityUtils.denyPrivilege(adminSession, userNode.getPath(), SuiteRole.coworker.dn(),
+                                               Privilege.JCR_READ);
+                               JcrUtils.addPrivilege(adminSession, userNode.getPath(), new X500Principal(userDn.toString()).getName(),
+                                               Privilege.JCR_READ);
+                               JcrUtils.addPrivilege(adminSession, userNode.getPath(), NodeConstants.ROLE_USER_ADMIN,
+                                               Privilege.JCR_ALL);
                        } else {
                                userNode = usersBase.getNode(uid);
                        }
@@ -42,7 +54,15 @@ public class SuiteUtils {
                }
        }
 
-       public static Node getOrCreateSessionDir(Session adminSession, CmsSession cmsSession) {
+       public static Node getCmsSessionNode(Session session, CmsSession cmsSession) {
+               try {
+                       return session.getNode(getUserNodePath(cmsSession.getUserDn()) + '/' + cmsSession.getUuid().toString());
+               } catch (RepositoryException e) {
+                       throw new JcrException("Cannot get session dir for " + cmsSession, e);
+               }
+       }
+
+       public static Node getOrCreateCmsSessionNode(Session adminSession, CmsSession cmsSession) {
                try {
                        LdapName userDn = cmsSession.getUserDn();
 //                     String uid = userDn.get(userDn.size() - 1);
@@ -58,17 +78,17 @@ public class SuiteUtils {
 //                             userNode = usersBase.getNode(uid);
 //                     }
                        String cmsSessionUuid = cmsSession.getUuid().toString();
-                       Node userDir;
+                       Node cmsSessionNode;
                        if (!userNode.hasNode(cmsSessionUuid)) {
-                               userDir = userNode.addNode(cmsSessionUuid, NodeType.NT_UNSTRUCTURED);
-                               userDir.addMixin(NodeType.MIX_CREATED);
+                               cmsSessionNode = userNode.addNode(cmsSessionUuid, NodeType.NT_UNSTRUCTURED);
+                               cmsSessionNode.addMixin(NodeType.MIX_CREATED);
                                adminSession.save();
-                               JcrUtils.addPrivilege(adminSession, userDir.getPath(), cmsSession.getUserDn().toString(),
+                               JcrUtils.addPrivilege(adminSession, cmsSessionNode.getPath(), cmsSession.getUserRole(),
                                                Privilege.JCR_ALL);
                        } else {
-                               userDir = userNode.getNode(cmsSessionUuid);
+                               cmsSessionNode = userNode.getNode(cmsSessionUuid);
                        }
-                       return userDir;
+                       return cmsSessionNode;
                } catch (RepositoryException e) {
                        throw new JcrException("Cannot create session dir for " + cmsSession, e);
                }
@@ -79,4 +99,24 @@ public class SuiteUtils {
 
        }
 
+       public static Set<String> extractRoles(String[] semiColArr) {
+               Set<String> res = new HashSet<>();
+               // TODO factorize and make it more robust
+               final String rolesPrefix = "roles:=\"";
+               // first one is layer id
+               for (int i = 1; i < semiColArr.length; i++) {
+                       if (semiColArr[i].startsWith(rolesPrefix)) {
+                               String rolesStr = semiColArr[i].substring(rolesPrefix.length());
+                               // remove last "
+                               rolesStr = rolesStr.substring(0, rolesStr.lastIndexOf('\"'));
+                               // TODO support AND (&) as well
+                               String[] roles = rolesStr.split("\\|");// OR (|)
+                               for (String role : roles) {
+                                       res.add(role.trim());
+                               }
+                       }
+               }
+               return res;
+       }
+
 }