X-Git-Url: https://git.argeo.org/?p=gpl%2Fargeo-suite.git;a=blobdiff_plain;f=org.argeo.suite.core%2Fsrc%2Forg%2Fargeo%2Fsuite%2FSuiteUtils.java;h=e67339182e34ba818ef293d99d5ac44b97894f3e;hp=f264bdf3bdd83cb81aac7747c0013cfdfffbe30b;hb=3cf66bc01bb8ad4c55139ae01be5a5bdb3759e2c;hpb=25ed06d42600a81063515220c51ac2d93fefa27a diff --git a/org.argeo.suite.core/src/org/argeo/suite/SuiteUtils.java b/org.argeo.suite.core/src/org/argeo/suite/SuiteUtils.java index f264bdf..e673391 100644 --- a/org.argeo.suite.core/src/org/argeo/suite/SuiteUtils.java +++ b/org.argeo.suite.core/src/org/argeo/suite/SuiteUtils.java @@ -1,14 +1,20 @@ package org.argeo.suite; +import java.util.HashSet; +import java.util.Set; + import javax.jcr.Node; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.nodetype.NodeType; import javax.jcr.security.Privilege; import javax.naming.ldap.LdapName; +import javax.security.auth.x500.X500Principal; -import org.argeo.cms.auth.CmsSession; +import org.argeo.api.NodeConstants; +import org.argeo.api.cms.CmsSession; import org.argeo.entity.EntityType; +import org.argeo.jackrabbit.security.JackrabbitSecurityUtils; import org.argeo.jcr.JcrException; import org.argeo.jcr.JcrUtils; import org.argeo.naming.LdapAttrs; @@ -33,6 +39,12 @@ public class SuiteUtils { userNode.setProperty(LdapAttrs.distinguishedName.property(), userDn.toString()); userNode.setProperty(LdapAttrs.uid.property(), uid); adminSession.save(); + JackrabbitSecurityUtils.denyPrivilege(adminSession, userNode.getPath(), SuiteRole.coworker.dn(), + Privilege.JCR_READ); + JcrUtils.addPrivilege(adminSession, userNode.getPath(), new X500Principal(userDn.toString()).getName(), + Privilege.JCR_READ); + JcrUtils.addPrivilege(adminSession, userNode.getPath(), NodeConstants.ROLE_USER_ADMIN, + Privilege.JCR_ALL); } else { userNode = usersBase.getNode(uid); } @@ -42,7 +54,15 @@ public class SuiteUtils { } } - public static Node getOrCreateSessionDir(Session adminSession, CmsSession cmsSession) { + public static Node getCmsSessionNode(Session session, CmsSession cmsSession) { + try { + return session.getNode(getUserNodePath(cmsSession.getUserDn()) + '/' + cmsSession.getUuid().toString()); + } catch (RepositoryException e) { + throw new JcrException("Cannot get session dir for " + cmsSession, e); + } + } + + public static Node getOrCreateCmsSessionNode(Session adminSession, CmsSession cmsSession) { try { LdapName userDn = cmsSession.getUserDn(); // String uid = userDn.get(userDn.size() - 1); @@ -58,17 +78,17 @@ public class SuiteUtils { // userNode = usersBase.getNode(uid); // } String cmsSessionUuid = cmsSession.getUuid().toString(); - Node userDir; + Node cmsSessionNode; if (!userNode.hasNode(cmsSessionUuid)) { - userDir = userNode.addNode(cmsSessionUuid, NodeType.NT_UNSTRUCTURED); - userDir.addMixin(NodeType.MIX_CREATED); + cmsSessionNode = userNode.addNode(cmsSessionUuid, NodeType.NT_UNSTRUCTURED); + cmsSessionNode.addMixin(NodeType.MIX_CREATED); adminSession.save(); - JcrUtils.addPrivilege(adminSession, userDir.getPath(), cmsSession.getUserDn().toString(), + JcrUtils.addPrivilege(adminSession, cmsSessionNode.getPath(), cmsSession.getUserRole(), Privilege.JCR_ALL); } else { - userDir = userNode.getNode(cmsSessionUuid); + cmsSessionNode = userNode.getNode(cmsSessionUuid); } - return userDir; + return cmsSessionNode; } catch (RepositoryException e) { throw new JcrException("Cannot create session dir for " + cmsSession, e); } @@ -79,4 +99,24 @@ public class SuiteUtils { } + public static Set extractRoles(String[] semiColArr) { + Set res = new HashSet<>(); + // TODO factorize and make it more robust + final String rolesPrefix = "roles:=\""; + // first one is layer id + for (int i = 1; i < semiColArr.length; i++) { + if (semiColArr[i].startsWith(rolesPrefix)) { + String rolesStr = semiColArr[i].substring(rolesPrefix.length()); + // remove last " + rolesStr = rolesStr.substring(0, rolesStr.lastIndexOf('\"')); + // TODO support AND (&) as well + String[] roles = rolesStr.split("\\|");// OR (|) + for (String role : roles) { + res.add(role.trim()); + } + } + } + return res; + } + }