From c00d84a03a4952f317956ce6a4ded7bd233644fb Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Fri, 19 Aug 2022 06:51:31 +0200 Subject: [PATCH] Adapt to changes in Argeo Commons --- .../src/org/argeo/app/api/SuiteRole.java | 38 ++++++++++++++++--- .../src/org/argeo/app/core/SuiteUtils.java | 4 +- .../argeo/app/ui/people/PeopleEntryArea.java | 6 +-- 3 files changed, 38 insertions(+), 10 deletions(-) diff --git a/org.argeo.app.api/src/org/argeo/app/api/SuiteRole.java b/org.argeo.app.api/src/org/argeo/app/api/SuiteRole.java index 38ce11f..42202ce 100644 --- a/org.argeo.app.api/src/org/argeo/app/api/SuiteRole.java +++ b/org.argeo.app.api/src/org/argeo/app/api/SuiteRole.java @@ -1,17 +1,45 @@ package org.argeo.app.api; +import javax.xml.namespace.QName; + +import org.argeo.api.acr.ContentName; +import org.argeo.api.acr.CrName; import org.argeo.api.cms.CmsConstants; -import org.argeo.util.naming.Distinguished; +import org.argeo.cms.auth.SystemRole; import org.argeo.util.naming.LdapAttrs; -/** Office specific roles used in the code */ -public enum SuiteRole implements Distinguished { - coworker, manager; +/** Standard suite system roles. */ +public enum SuiteRole implements SystemRole { + /** An external person who has read access to part of the information. */ + observer, + /** An active coworker. */ + coworker, + /** Someone who is allowed validate and publish information. */ + publisher, + /** Someone with manager status within an organisation. Does not necessarily give more rights. */ + manager, + // + ; + + private final static String QUALIFIER = "app."; + + private final ContentName name; + + SuiteRole() { + name = new ContentName(CrName.ROLE_NAMESPACE_URI, QUALIFIER + name()); + } + + @Override + public QName getName() { + return name; + } - public String getRolePrefix() { + @Deprecated + private String getRolePrefix() { return "org.argeo.suite"; } + @Deprecated public String dn() { return new StringBuilder(LdapAttrs.cn.name()).append("=").append(getRolePrefix()).append(".").append(name()) .append(",").append(CmsConstants.ROLES_BASEDN).toString(); diff --git a/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java b/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java index 46cb5de..3c103e6 100644 --- a/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java +++ b/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java @@ -41,8 +41,8 @@ public class SuiteUtils { userNode.setProperty(LdapAttrs.distinguishedName.property(), userDn.toString()); userNode.setProperty(LdapAttrs.uid.property(), uid); adminSession.save(); - JackrabbitSecurityUtils.denyPrivilege(adminSession, userNode.getPath(), SuiteRole.coworker.dn(), - Privilege.JCR_READ); +// JackrabbitSecurityUtils.denyPrivilege(adminSession, userNode.getPath(), SuiteRole.coworker.dn(), +// Privilege.JCR_READ); JcrUtils.addPrivilege(adminSession, userNode.getPath(), new X500Principal(userDn.toString()).getName(), Privilege.JCR_READ); JcrUtils.addPrivilege(adminSession, userNode.getPath(), CmsConstants.ROLE_USER_ADMIN, diff --git a/org.argeo.app.ui/src/org/argeo/app/ui/people/PeopleEntryArea.java b/org.argeo.app.ui/src/org/argeo/app/ui/people/PeopleEntryArea.java index a0decc0..ab06bca 100644 --- a/org.argeo.app.ui/src/org/argeo/app/ui/people/PeopleEntryArea.java +++ b/org.argeo.app.ui/src/org/argeo/app/ui/people/PeopleEntryArea.java @@ -85,7 +85,7 @@ public class PeopleEntryArea implements SwtUiProvider, CmsUiProvider { List visible = new ArrayList<>(); if (parent != null) { for (HierarchyUnit hu : parent.getDirectHierarchyUnits(true)) { - if (CurrentUser.implies(CmsRole.userAdmin, hu.getContext()) // + if (CurrentUser.implies(CmsRole.userAdmin, hu.getBase()) // ) // IPA { visible.add(hu); @@ -93,9 +93,9 @@ public class PeopleEntryArea implements SwtUiProvider, CmsUiProvider { } } else { for (UserDirectory directory : cmsUserManager.getUserDirectories()) { - if (CurrentUser.implies(CmsRole.userAdmin, directory.getContext()) // + if (CurrentUser.implies(CmsRole.userAdmin, directory.getBase()) // || CurrentUser.implies(CmsRole.userAdmin, - IpaUtils.IPA_ACCOUNTS_RDN + "," + directory.getContext())) // IPA + IpaUtils.IPA_ACCOUNTS_RDN + "," + directory.getBase())) // IPA { visible.add(directory); } -- 2.30.2