// if (workspaceName != null)
// return;
// skip system users
- if (username.endsWith(CmsConstants.ROLES_BASEDN))
+ if (username.endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))
return;
try {
public class NamespaceUtils {
+ public static ContentName parsePrefixedName(String nameWithPrefix) {
+ return parsePrefixedName(RuntimeNamespaceContext.getNamespaceContext(), nameWithPrefix);
+ }
+
public static ContentName parsePrefixedName(NamespaceContext nameSpaceContext, String nameWithPrefix) {
Objects.requireNonNull(nameWithPrefix, "Name cannot be null");
if (nameWithPrefix.charAt(0) == '{') {
/*
* RESERVED ROLES
*/
- String ROLES_BASEDN = "ou=roles,ou=node";
+ String NODE_BASEDN = "ou=node";
+ String SYSTEM_ROLES_BASEDN = "ou=roles," + NODE_BASEDN;
String TOKENS_BASEDN = "ou=tokens,ou=node";
- String ROLE_ADMIN = "cn=admin," + ROLES_BASEDN;
- String ROLE_USER_ADMIN = "cn=userAdmin," + ROLES_BASEDN;
- String ROLE_DATA_ADMIN = "cn=dataAdmin," + ROLES_BASEDN;
+ String ROLE_ADMIN = "cn=admin," + SYSTEM_ROLES_BASEDN;
+ String ROLE_USER_ADMIN = "cn=userAdmin," + SYSTEM_ROLES_BASEDN;
+ String ROLE_DATA_ADMIN = "cn=dataAdmin," + SYSTEM_ROLES_BASEDN;
// Special system groups that cannot be edited:
// user U anonymous = everyone
- String ROLE_USER = "cn=user," + ROLES_BASEDN;
- String ROLE_ANONYMOUS = "cn=anonymous," + ROLES_BASEDN;
+ String ROLE_USER = "cn=user," + SYSTEM_ROLES_BASEDN;
+ String ROLE_ANONYMOUS = "cn=anonymous," + SYSTEM_ROLES_BASEDN;
// Account lifecycle
- String ROLE_REGISTERING = "cn=registering," + ROLES_BASEDN;
+ String ROLE_REGISTERING = "cn=registering," + SYSTEM_ROLES_BASEDN;
/*
* PATHS
String EVENT_TOPICS = "event.topics";
String ACR_MOUNT_PATH = "acr.mount.path";
-
/*
* FILE SYSTEM
*/
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
+import org.argeo.api.cms.CmsConstants;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
public interface SystemRole {
for (ImpliedByPrincipal role : roles) {
if (role.isSystemRole()) {
if (role.getRoleName().equals(getName())) {
- if (role.getContext().equalsIgnoreCase(context))
+ if (role.getContext().equalsIgnoreCase(context)
+ || role.getContext().equals(CmsConstants.NODE_BASEDN))
return true;
}
}
/** Simply retrieves a display name of the relevant domain */
public final static String getDomainName(User user) {
String dn = user.getName();
- if (dn.endsWith(CmsConstants.ROLES_BASEDN))
+ if (dn.endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))
return "System roles";
if (dn.endsWith(CmsConstants.TOKENS_BASEDN))
return "Tokens";
List<User> users = new ArrayList<User>();
for (Role role : roles) {
if ((includeUsers && role.getType() == Role.USER || role.getType() == Role.GROUP) && !users.contains(role)
- && (includeSystemRoles || !role.getName().toLowerCase().endsWith(CmsConstants.ROLES_BASEDN))) {
+ && (includeSystemRoles || !role.getName().toLowerCase().endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))) {
if (match(role, filter))
users.add((User) role);
}
if (onlyWritable && readOnly)
continue;
- if (baseDn.equalsIgnoreCase(CmsConstants.ROLES_BASEDN))
+ if (baseDn.equalsIgnoreCase(CmsConstants.SYSTEM_ROLES_BASEDN))
continue;
if (baseDn.equalsIgnoreCase(CmsConstants.TOKENS_BASEDN))
continue;
private CmsState cmsState;
public CmsUserAdmin() {
- super(CmsConstants.ROLES_BASEDN, CmsConstants.TOKENS_BASEDN);
+ super(CmsConstants.SYSTEM_ROLES_BASEDN, CmsConstants.TOKENS_BASEDN);
}
public void start() {
// node roles
String nodeRolesUri = null;// getFrameworkProp(CmsConstants.ROLES_URI);
- String baseNodeRoleDn = CmsConstants.ROLES_BASEDN;
+ String baseNodeRoleDn = CmsConstants.SYSTEM_ROLES_BASEDN;
if (nodeRolesUri == null && nodeBase != null) {
nodeRolesUri = baseNodeRoleDn + ".ldif";
Path nodeRolesFile = nodeBase.resolve(nodeRolesUri);
.append("))");
if (!showSystemRoles)
- builder.append("(!(").append(LdapAttrs.DN).append("=*").append(CmsConstants.ROLES_BASEDN)
+ builder.append("(!(").append(LdapAttrs.DN).append("=*").append(CmsConstants.SYSTEM_ROLES_BASEDN)
.append("))");
builder.append("(|");
builder.append(tmpBuilder.toString());
if (!showSystemRoles)
builder.append("(&(").append(LdapAttrs.objectClass.name()).append("=")
.append(LdapObjs.groupOfNames.name()).append(")(!(").append(LdapAttrs.DN).append("=*")
- .append(CmsConstants.ROLES_BASEDN).append("))(!(").append(LdapAttrs.DN).append("=*")
+ .append(CmsConstants.SYSTEM_ROLES_BASEDN).append("))(!(").append(LdapAttrs.DN).append("=*")
.append(CmsConstants.TOKENS_BASEDN).append(")))");
else
builder.append("(&(").append(LdapAttrs.objectClass.name()).append("=")
if (onlyWritable && readOnly)
continue;
- if (baseDn.equalsIgnoreCase(CmsConstants.ROLES_BASEDN))
+ if (baseDn.equalsIgnoreCase(CmsConstants.SYSTEM_ROLES_BASEDN))
continue;
if (baseDn.equalsIgnoreCase(CmsConstants.TOKENS_BASEDN))
continue;
public Image getImage(Object element) {
User user = (User) element;
String dn = user.getName();
- if (dn.endsWith(CmsConstants.ROLES_BASEDN))
+ if (dn.endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))
return SecurityAdminImages.ICON_ROLE;
else if (user.getType() == Role.GROUP) {
String businessCategory = UserAdminUtils.getProperty(user, LdapAttrs.businessCategory);
@Override
public boolean select(Viewer viewer, Object parentElement, Object element) {
User user = (User) element;
- if (!showSystemRole && user.getName().matches(".*(" + CmsConstants.ROLES_BASEDN + ")"))
+ if (!showSystemRole && user.getName().matches(".*(" + CmsConstants.SYSTEM_ROLES_BASEDN + ")"))
// UserAdminUtils.getProperty(user, LdifName.dn.name())
// .toLowerCase().endsWith(AuthConstants.ROLES_BASEDN))
return false;
if (!showSystemRoleBtn.getSelection())
typeStr = "(& " + typeStr + "(!(" + LdapAttrs.DN + "=*"
- + CmsConstants.ROLES_BASEDN + ")))";
+ + CmsConstants.SYSTEM_ROLES_BASEDN + ")))";
if (filterBuilder.length() > 1) {
builder.append("(&" + typeStr);
if (COL_ICON.equals(currType)) {
User user = (User) element;
String dn = user.getName();
- if (dn.endsWith(CmsConstants.ROLES_BASEDN))
+ if (dn.endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))
return UsersImages.ICON_ROLE;
else if (user.getType() == Role.GROUP)
return UsersImages.ICON_GROUP;