From c2f47b7be9644eb4b39578f782a5b38919f82a1e Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Tue, 21 Jun 2022 11:27:54 +0200 Subject: [PATCH] Use system roles --- .../src/org/argeo/app/core/SuiteUtils.java | 13 ++++--- .../argeo/app/ui/people/UsersEntryArea.java | 37 +++++++++++++------ 2 files changed, 32 insertions(+), 18 deletions(-) diff --git a/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java b/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java index 2b21142..23790f7 100644 --- a/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java +++ b/org.argeo.app.core/src/org/argeo/app/core/SuiteUtils.java @@ -10,7 +10,6 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.nodetype.NodeType; import javax.jcr.security.Privilege; -import javax.naming.ldap.LdapName; import javax.security.auth.x500.X500Principal; import org.argeo.api.acr.Content; @@ -21,6 +20,7 @@ import org.argeo.app.api.EntityType; import org.argeo.app.api.SuiteRole; import org.argeo.cms.CmsUserManager; import org.argeo.cms.acr.CmsContentRepository; +import org.argeo.cms.auth.RoleNameUtils; import org.argeo.jackrabbit.security.JackrabbitSecurityUtils; import org.argeo.jcr.JcrException; import org.argeo.jcr.JcrUtils; @@ -39,15 +39,16 @@ public class SuiteUtils { } @Deprecated - public static String getUserNodePath(LdapName userDn) { - String uid = userDn.getRdn(userDn.size() - 1).getValue().toString(); + public static String getUserNodePath(String userDn) { + String uid = RoleNameUtils.getLastRdnValue(userDn); return EntityType.user.basePath() + '/' + uid; } - private static Node getOrCreateUserNode(Session adminSession, LdapName userDn) { + @Deprecated + private static Node getOrCreateUserNode(Session adminSession, String userDn) { try { Node usersBase = adminSession.getNode(EntityType.user.basePath()); - String uid = userDn.getRdn(userDn.size() - 1).getValue().toString(); + String uid = RoleNameUtils.getLastRdnValue(userDn); Node userNode; if (!usersBase.hasNode(uid)) { userNode = usersBase.addNode(uid, NodeType.NT_UNSTRUCTURED); @@ -83,7 +84,7 @@ public class SuiteUtils { @Deprecated public static Node getOrCreateCmsSessionNode(Session adminSession, CmsSession cmsSession) { try { - LdapName userDn = cmsSession.getUserDn(); + String userDn = cmsSession.getUserDn(); // String uid = userDn.get(userDn.size() - 1); Node userNode = getOrCreateUserNode(adminSession, userDn); // if (!usersBase.hasNode(uid)) { diff --git a/org.argeo.app.ui/src/org/argeo/app/ui/people/UsersEntryArea.java b/org.argeo.app.ui/src/org/argeo/app/ui/people/UsersEntryArea.java index 04cccf7..3227c2e 100644 --- a/org.argeo.app.ui/src/org/argeo/app/ui/people/UsersEntryArea.java +++ b/org.argeo.app.ui/src/org/argeo/app/ui/people/UsersEntryArea.java @@ -15,6 +15,8 @@ import org.argeo.app.ui.SuiteEvent; import org.argeo.app.ui.SuiteIcon; import org.argeo.app.ui.dialogs.NewUserWizard; import org.argeo.cms.CmsUserManager; +import org.argeo.cms.auth.CmsRole; +import org.argeo.cms.auth.CurrentUser; import org.argeo.cms.jcr.acr.JcrContent; import org.argeo.cms.swt.CmsSwtUtils; import org.argeo.cms.swt.Selected; @@ -31,8 +33,6 @@ import org.argeo.osgi.useradmin.Organization; import org.argeo.osgi.useradmin.Person; import org.argeo.osgi.useradmin.UserDirectory; import org.argeo.util.LangUtils; -import org.argeo.util.naming.LdapAttrs; -import org.argeo.util.naming.LdapObjs; import org.eclipse.jface.window.Window; import org.eclipse.jface.wizard.Wizard; import org.eclipse.swt.SWT; @@ -46,7 +46,6 @@ import org.eclipse.swt.widgets.TableItem; import org.eclipse.swt.widgets.ToolBar; import org.eclipse.swt.widgets.ToolItem; import org.eclipse.swt.widgets.TreeItem; -import org.osgi.service.useradmin.Group; import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.User; @@ -79,24 +78,35 @@ public class UsersEntryArea implements SwtUiProvider, CmsUiProvider { protected void refreshRootItem(TreeItem item) { int index = getTree().indexOf(item); UserDirectory directory = (UserDirectory) directories.get(index); - item.setData(directory); + List visible = new ArrayList<>(); +// item.setData(directory); item.setText(directory.getName()); - - item.setItemCount(LangUtils.size(directory.getRootHierarchyUnits(true))); +// if (CmsRole.userAdmin.implied(CurrentUser.getCmsSession().getSubject(), directory.getGlobalId())) { +// visible.addAll(directory.getRootHierarchyUnits(true)); +// +// } else { + for (HierarchyUnit hu : directory.getDirectHierarchyUnits(true)) { + if (CurrentUser.implies(CmsRole.userAdmin, hu.getContext())) { + visible.add(hu); + } + } +// } + item.setData(visible); + item.setItemCount(visible.size()); } @Override protected void refreshItem(TreeItem parentItem, TreeItem item) { int index = getTree().indexOf(item); Iterable children; - if (parentItem.getData() instanceof UserDirectory) - children = ((UserDirectory) parentItem.getData()).getRootHierarchyUnits(true); + if (parentItem.getData() instanceof Iterable) + children = (Iterable) parentItem.getData(); else - children = ((HierarchyUnit) parentItem.getData()).getFunctionalHierachyUnits(); + children = ((HierarchyUnit) parentItem.getData()).getDirectHierachyUnits(true); HierarchyUnit child = LangUtils.getAt(children, index); item.setData(child); item.setText(child.getHierarchyUnitName()); - item.setItemCount(LangUtils.size(child.getFunctionalHierachyUnits())); + item.setItemCount(LangUtils.size(child.getDirectHierachyUnits(true))); } @Override @@ -134,9 +144,12 @@ public class UsersEntryArea implements SwtUiProvider, CmsUiProvider { HierarchyUnit hu = (HierarchyUnit) getInput(); if (hu == null) return 0; - for (HierarchyUnit directChild : hu.getDirectHierachyUnits()) { + for (HierarchyUnit directChild : hu.getDirectHierachyUnits(false)) { if (!directChild.isFunctional()) { - roles.addAll(directChild.getHierarchyUnitRoles(null, false)); + for (Role r : directChild.getHierarchyUnitRoles(null, false)) { + if (r instanceof Person || r instanceof Organization) + roles.add(r); + } } } // roles = hu.getHierarchyUnitRoles(null, false); -- 2.30.2