From 553773e18b2b0261d9f0baae99029d490c5999ac Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Fri, 30 Sep 2022 13:43:27 +0200
Subject: [PATCH] Lead pane authorization more generic

---
 .../src/org/argeo/app/ui/DefaultLeadPane.java | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/org.argeo.app.ui/src/org/argeo/app/ui/DefaultLeadPane.java b/org.argeo.app.ui/src/org/argeo/app/ui/DefaultLeadPane.java
index 44d43f6..7b7a031 100644
--- a/org.argeo.app.ui/src/org/argeo/app/ui/DefaultLeadPane.java
+++ b/org.argeo.app.ui/src/org/argeo/app/ui/DefaultLeadPane.java
@@ -43,7 +43,7 @@ public class DefaultLeadPane implements CmsUiProvider {
 	private ClassLoader l10nClassLoader;
 
 	@Override
-	public Control createUiPart(Composite parent, Content node)  {
+	public Control createUiPart(Composite parent, Content node) {
 		CmsView cmsView = CmsSwtUtils.getCmsView(parent);
 		parent.setLayout(CmsSwtUtils.noSpaceGridLayout());
 		Composite appLayersC = new Composite(parent, SWT.NONE);
@@ -72,7 +72,7 @@ public class DefaultLeadPane implements CmsUiProvider {
 		}
 
 //		boolean isAdmin = cmsView.doAs(() -> CurrentUser.isInRole(NodeConstants.ROLE_USER_ADMIN));
-		Set<String> userRoles = cmsView.doAs(() -> CurrentUser.roles());
+		// Set<String> userRoles = cmsView.doAs(() -> CurrentUser.roles());
 		Button first = null;
 		layers: for (String layerDef : defaultLayers) {
 			layerDef = layerDef.trim();
@@ -83,10 +83,21 @@ public class DefaultLeadPane implements CmsUiProvider {
 			Set<String> layerRoles = SuiteUtils.extractRoles(semiColArr);
 			if (layers.containsKey(layerId)) {
 				if (!layerRoles.isEmpty()) {
-					Set<String> intersection = new HashSet<String>(layerRoles);
-					intersection.retainAll(userRoles);
-					if (intersection.isEmpty())
+					boolean authorized = false;
+					authorized = cmsView.doAs(() -> {
+						for (String layerRole : layerRoles) {
+							if (CurrentUser.implies(layerRole, null)) {
+								return true;
+							}
+						}
+						return false;
+					});
+					if (!authorized)
 						continue layers;// skip unauthorized layer
+//					Set<String> intersection = new HashSet<String>(layerRoles);
+//					intersection.retainAll(userRoles);
+//					if (intersection.isEmpty())
+//						continue layers;// skip unauthorized layer
 				}
 				RankedObject<SuiteLayer> layerObj = layers.get(layerId);
 
-- 
2.30.2