Clarify implementation base APIs.

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / CurrentUser.java

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
index 9808305ce0000c4132b933db09142efe5c71cc7b..41a6a880d438297a0a3260d0d26a0da045240dd8 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
@@ -1,11 +1,11 @@
 package org.argeo.cms.auth;
 
-import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Locale;
 import java.util.Set;
 import java.util.UUID;
@@ -13,12 +13,15 @@ import java.util.UUID;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 
-import org.argeo.api.NodeConstants;
+import org.argeo.api.acr.NamespaceUtils;
+import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsSession;
 import org.argeo.api.cms.CmsSessionId;
+import org.argeo.cms.SystemRole;
 import org.argeo.cms.internal.auth.CmsSessionImpl;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
-import org.argeo.cms.internal.kernel.Activator;
+import org.argeo.cms.internal.runtime.CmsContextImpl;
+import org.argeo.cms.util.CurrentSubject;
 import org.osgi.service.useradmin.Authorization;
 
 /**
@@ -68,6 +71,16 @@ public final class CurrentUser {
                return roles.contains(role);
        }
 
+       /** Implies this {@link SystemRole} in this context. */
+       public final static boolean implies(SystemRole role, String context) {
+               return role.implied(currentSubject(), context);
+       }
+
+       /** Implies this role name, also independently of the context. */
+       public final static boolean implies(String role, String context) {
+               return SystemRole.implied(NamespaceUtils.parsePrefixedName(role), currentSubject(), context);
+       }
+
        /** Executes as the current user */
        public final static <T> T doAs(PrivilegedAction<T> action) {
                return Subject.doAs(currentSubject(), action);
@@ -86,7 +99,7 @@ public final class CurrentUser {
                if (subject == null)
                        throw new IllegalArgumentException("Subject cannot be null");
                if (subject.getPrincipals(X500Principal.class).size() != 1)
-                       return NodeConstants.ROLE_ANONYMOUS;
+                       return CmsConstants.ROLE_ANONYMOUS;
                Principal principal = subject.getPrincipals(X500Principal.class).iterator().next();
                return principal.getName();
        }
@@ -107,7 +120,7 @@ public final class CurrentUser {
        public final static Locale locale(Subject subject) {
                Set<Locale> locales = subject.getPublicCredentials(Locale.class);
                if (locales.isEmpty()) {
-                       Locale defaultLocale = Activator.getNodeState().getDefaultLocale();
+                       Locale defaultLocale = CmsContextImpl.getCmsContext().getDefaultLocale();
                        return defaultLocale;
                } else
                        return locales.iterator().next();
@@ -118,27 +131,32 @@ public final class CurrentUser {
                if (subject == null)
                        return true;
                String username = getUsername(subject);
-               return username == null || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
+               return username == null || username.equalsIgnoreCase(CmsConstants.ROLE_ANONYMOUS);
        }
 
-       public CmsSession getCmsSession() {
+       public static CmsSession getCmsSession() {
                Subject subject = currentSubject();
-               CmsSessionId cmsSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next();
-               return CmsSessionImpl.getByUuid(cmsSessionId.getUuid());
+               Iterator<CmsSessionId> it = subject.getPrivateCredentials(CmsSessionId.class).iterator();
+               if (!it.hasNext())
+                       throw new IllegalStateException("No CMS session id available for " + subject);
+               CmsSessionId cmsSessionId = it.next();
+               if (it.hasNext())
+                       throw new IllegalStateException("More than one CMS session id available for " + subject);
+               return CmsContextImpl.getCmsContext().getCmsSessionByUuid(cmsSessionId.getUuid());
+       }
+
+       public static boolean isAvailable() {
+               return CurrentSubject.current() != null;
        }
 
        /*
         * HELPERS
         */
        private static Subject currentSubject() {
-               Subject subject = getAccessControllerSubject();
-               if (subject != null)
-                       return subject;
-               throw new IllegalStateException("Cannot find related subject");
-       }
-
-       private static Subject getAccessControllerSubject() {
-               return Subject.getSubject(AccessController.getContext());
+               Subject subject = CurrentSubject.current();
+               if (subject == null)
+                       throw new IllegalStateException("Cannot find related subject");
+               return subject;
        }
 
        private static Authorization getAuthorization(Subject subject) {
@@ -151,8 +169,8 @@ public final class CurrentUser {
                        nodeSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
                else
                        return false;
-               CmsSessionImpl cmsSession = CmsSessionImpl.getByUuid(nodeSessionId.toString());
-               
+               CmsSessionImpl cmsSession = CmsContextImpl.getCmsContext().getCmsSessionByUuid(nodeSessionId);
+
                // FIXME logout all views
                // TODO check why it is sometimes null
                if (cmsSession != null)
@@ -162,6 +180,7 @@ public final class CurrentUser {
                return true;
        }
 
+       /** singleton */
        private CurrentUser() {
        }
 }