Multiple user referentials working with IPA.

[lgpl/argeo-commons.git] / org.argeo.util / src / org / argeo / osgi / useradmin / AggregatingUserAdmin.java

diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
index 83b2f170951b0b15951c93ee3e8e97a5d0d8c155..c9479d51cd40ad7703bd0b9db09a42fc73951fe1 100644 (file)
--- a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@ -118,15 +118,19 @@ public class AggregatingUserAdmin implements UserAdmin {
                }
 
                // gather roles from other referentials
-               List<String> allRoles = new ArrayList<>(Arrays.asList(rawAuthorization.getRoles()));
+               List<String> rawRoles = Arrays.asList(rawAuthorization.getRoles());
+               List<String> allRoles = new ArrayList<>(rawRoles);
                for (LdapName otherBaseDn : businessRoles.keySet()) {
                        if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn()))
                                continue;
                        DirectoryUserAdmin otherUserAdmin = userAdminToUse(user, businessRoles.get(otherBaseDn));
                        if (otherUserAdmin == null)
                                continue;
-                       Authorization auth = otherUserAdmin.getAuthorization(retrievedUser);
-                       allRoles.addAll(Arrays.asList(auth.getRoles()));
+                       for (String roleStr : rawRoles) {
+                               User role = (User) findUserAdmin(roleStr).getRole(roleStr);
+                               Authorization auth = otherUserAdmin.getAuthorization(role);
+                               allRoles.addAll(Arrays.asList(auth.getRoles()));
+                       }
 
                }
 
@@ -159,6 +163,8 @@ public class AggregatingUserAdmin implements UserAdmin {
 
        /** Decide whether to scope or not */
        private DirectoryUserAdmin userAdminToUse(User user, DirectoryUserAdmin userAdmin) {
+               if (userAdmin.isAuthenticated())
+                       return userAdmin;
                if (user instanceof DirectoryUser) {
                        return userAdmin;
                } else if (user instanceof AuthenticatingUser) {