@Override
public void init(Session adminSession) throws RepositoryException {
JcrUtils.mkdirs(adminSession, homeBasePath);
-
JcrUtils.mkdirs(adminSession, peopleBasePath);
+ adminSession.save();
+
+ JcrUtils.addPrivilege(adminSession, homeBasePath,
+ UserAccessControlProvider.USER_ADMIN_GROUP_NAME,
+ Privilege.JCR_READ);
JcrUtils.addPrivilege(adminSession, peopleBasePath,
UserAccessControlProvider.USER_ADMIN_GROUP_NAME,
Privilege.JCR_ALL);
- // JcrUtils.addPrivilege(adminSession, "/",
- // UserAccessControlProvider.USER_ADMIN_GROUP_NAME,
- // Privilege.JCR_READ);
}
public synchronized Node sync(Session session, String username,
import org.argeo.jcr.JcrUtils;
import org.argeo.jcr.UserJcrUtils;
import org.argeo.security.NodeAuthenticationToken;
+import org.argeo.security.SecurityUtils;
import org.argeo.security.UserAdminService;
import org.argeo.security.jcr.JcrUserDetails;
import org.argeo.security.jcr.NewUserDetails;
.getAuthentication();
authentication.getName();
adminSession = (JackrabbitSession) repository.login();
- securityModel.init(adminSession);
Authorizable adminGroup = getUserManager().getAuthorizable(
KernelHeader.ROLE_ADMIN);
if (adminGroup == null) {
securityModel.sync(adminSession, KernelHeader.USERNAME_ADMIN, null);
adminSession.save();
}
+ securityModel.init(adminSession);
}
public void destroy() throws RepositoryException {
Group group = (Group) groups.next();
String groupName = group.getPrincipal().getName();
String role = groupNameToRole(groupName);
- if (role != null && !role.equals(KernelHeader.ROLE_GROUP_ADMIN))
+ if (role != null
+ && !role.equals(KernelHeader.ROLE_GROUP_ADMIN)
+ && !(role.equals(KernelHeader.ROLE_ADMIN) && !SecurityUtils
+ .hasCurrentThreadAuthority(KernelHeader.ROLE_ADMIN)))
res.add(role);
}
return res;