projects
/
lgpl
/
argeo-commons.git
/ commitdiff
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
285c23f
)
Clarify system roles
author
Mathieu Baudier <mbaudier@argeo.org>
Tue, 23 Aug 2022 07:22:24 +0000
(09:22 +0200)
committer
Mathieu Baudier <mbaudier@argeo.org>
Tue, 23 Aug 2022 07:22:24 +0000
(09:22 +0200)
13 files changed:
jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/internal/EgoRepository.java
patch
|
blob
|
history
org.argeo.api.acr/src/org/argeo/api/acr/NamespaceUtils.java
patch
|
blob
|
history
org.argeo.api.cms/src/org/argeo/api/cms/CmsConstants.java
patch
|
blob
|
history
org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
patch
|
blob
|
history
org.argeo.cms/src/org/argeo/cms/auth/UserAdminUtils.java
patch
|
blob
|
history
org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
patch
|
blob
|
history
org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
patch
|
blob
|
history
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/GroupsView.java
patch
|
blob
|
history
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/UserAdminWrapper.java
patch
|
blob
|
history
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/providers/RoleIconLP.java
patch
|
blob
|
history
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/providers/UserFilter.java
patch
|
blob
|
history
swt/org.argeo.cms.swt/src/org/argeo/cms/swt/useradmin/PickUpUserDialog.java
patch
|
blob
|
history
swt/org.argeo.cms.swt/src/org/argeo/cms/swt/useradmin/UserLP.java
patch
|
blob
|
history
diff --git
a/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/internal/EgoRepository.java
b/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/internal/EgoRepository.java
index abf1a641802fe7f04d3f47d412b3a8145c34369f..ef785f93d7c5bf9c5e23be59441f655923b0d866 100644
(file)
--- a/
jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/internal/EgoRepository.java
+++ b/
jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/internal/EgoRepository.java
@@
-155,7
+155,7
@@
class EgoRepository extends JcrRepositoryWrapper {
// if (workspaceName != null)
// return;
// skip system users
// if (workspaceName != null)
// return;
// skip system users
- if (username.endsWith(CmsConstants.ROLES_BASEDN))
+ if (username.endsWith(CmsConstants.
SYSTEM_
ROLES_BASEDN))
return;
try {
return;
try {
diff --git
a/org.argeo.api.acr/src/org/argeo/api/acr/NamespaceUtils.java
b/org.argeo.api.acr/src/org/argeo/api/acr/NamespaceUtils.java
index 792802d8c9e4285d19fd567e9d409ca3ecf85af6..904d50ed5e43dd0ad5da31020330d5a7cfb92fc0 100644
(file)
--- a/
org.argeo.api.acr/src/org/argeo/api/acr/NamespaceUtils.java
+++ b/
org.argeo.api.acr/src/org/argeo/api/acr/NamespaceUtils.java
@@
-13,6
+13,10
@@
import javax.xml.namespace.QName;
public class NamespaceUtils {
public class NamespaceUtils {
+ public static ContentName parsePrefixedName(String nameWithPrefix) {
+ return parsePrefixedName(RuntimeNamespaceContext.getNamespaceContext(), nameWithPrefix);
+ }
+
public static ContentName parsePrefixedName(NamespaceContext nameSpaceContext, String nameWithPrefix) {
Objects.requireNonNull(nameWithPrefix, "Name cannot be null");
if (nameWithPrefix.charAt(0) == '{') {
public static ContentName parsePrefixedName(NamespaceContext nameSpaceContext, String nameWithPrefix) {
Objects.requireNonNull(nameWithPrefix, "Name cannot be null");
if (nameWithPrefix.charAt(0) == '{') {
diff --git
a/org.argeo.api.cms/src/org/argeo/api/cms/CmsConstants.java
b/org.argeo.api.cms/src/org/argeo/api/cms/CmsConstants.java
index 5b005deca0c1a2df317654b641e70a73475fac0c..52e8a205d7de27a3652cdb3031138948970f816c 100644
(file)
--- a/
org.argeo.api.cms/src/org/argeo/api/cms/CmsConstants.java
+++ b/
org.argeo.api.cms/src/org/argeo/api/cms/CmsConstants.java
@@
-49,17
+49,18
@@
public interface CmsConstants {
/*
* RESERVED ROLES
*/
/*
* RESERVED ROLES
*/
- String ROLES_BASEDN = "ou=roles,ou=node";
+ String NODE_BASEDN = "ou=node";
+ String SYSTEM_ROLES_BASEDN = "ou=roles," + NODE_BASEDN;
String TOKENS_BASEDN = "ou=tokens,ou=node";
String TOKENS_BASEDN = "ou=tokens,ou=node";
- String ROLE_ADMIN = "cn=admin," + ROLES_BASEDN;
- String ROLE_USER_ADMIN = "cn=userAdmin," + ROLES_BASEDN;
- String ROLE_DATA_ADMIN = "cn=dataAdmin," + ROLES_BASEDN;
+ String ROLE_ADMIN = "cn=admin," +
SYSTEM_
ROLES_BASEDN;
+ String ROLE_USER_ADMIN = "cn=userAdmin," +
SYSTEM_
ROLES_BASEDN;
+ String ROLE_DATA_ADMIN = "cn=dataAdmin," +
SYSTEM_
ROLES_BASEDN;
// Special system groups that cannot be edited:
// user U anonymous = everyone
// Special system groups that cannot be edited:
// user U anonymous = everyone
- String ROLE_USER = "cn=user," + ROLES_BASEDN;
- String ROLE_ANONYMOUS = "cn=anonymous," + ROLES_BASEDN;
+ String ROLE_USER = "cn=user," +
SYSTEM_
ROLES_BASEDN;
+ String ROLE_ANONYMOUS = "cn=anonymous," +
SYSTEM_
ROLES_BASEDN;
// Account lifecycle
// Account lifecycle
- String ROLE_REGISTERING = "cn=registering," + ROLES_BASEDN;
+ String ROLE_REGISTERING = "cn=registering," +
SYSTEM_
ROLES_BASEDN;
/*
* PATHS
/*
* PATHS
@@
-87,7
+88,6
@@
public interface CmsConstants {
String EVENT_TOPICS = "event.topics";
String ACR_MOUNT_PATH = "acr.mount.path";
String EVENT_TOPICS = "event.topics";
String ACR_MOUNT_PATH = "acr.mount.path";
-
/*
* FILE SYSTEM
*/
/*
* FILE SYSTEM
*/
diff --git
a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
index 9c686a6c6016b2b0328b0b34156fc1063e4f66ee..933f80a95bc154a282fa5dfb0a37e831420296b2 100644
(file)
--- a/
org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
+++ b/
org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
@@
-5,6
+5,7
@@
import java.util.Set;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
+import org.argeo.api.cms.CmsConstants;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
public interface SystemRole {
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
public interface SystemRole {
@@
-15,7
+16,8
@@
public interface SystemRole {
for (ImpliedByPrincipal role : roles) {
if (role.isSystemRole()) {
if (role.getRoleName().equals(getName())) {
for (ImpliedByPrincipal role : roles) {
if (role.isSystemRole()) {
if (role.getRoleName().equals(getName())) {
- if (role.getContext().equalsIgnoreCase(context))
+ if (role.getContext().equalsIgnoreCase(context)
+ || role.getContext().equals(CmsConstants.NODE_BASEDN))
return true;
}
}
return true;
}
}
diff --git
a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminUtils.java
b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminUtils.java
index 5a365721136bc07a742d4a3128a996854650f323..0d4830663d04d5a298a2cca00b0f6e0b179fa0a9 100644
(file)
--- a/
org.argeo.cms/src/org/argeo/cms/auth/UserAdminUtils.java
+++ b/
org.argeo.cms/src/org/argeo/cms/auth/UserAdminUtils.java
@@
-136,7
+136,7
@@
public class UserAdminUtils {
/** Simply retrieves a display name of the relevant domain */
public final static String getDomainName(User user) {
String dn = user.getName();
/** Simply retrieves a display name of the relevant domain */
public final static String getDomainName(User user) {
String dn = user.getName();
- if (dn.endsWith(CmsConstants.ROLES_BASEDN))
+ if (dn.endsWith(CmsConstants.
SYSTEM_
ROLES_BASEDN))
return "System roles";
if (dn.endsWith(CmsConstants.TOKENS_BASEDN))
return "Tokens";
return "System roles";
if (dn.endsWith(CmsConstants.TOKENS_BASEDN))
return "Tokens";
diff --git
a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
index 0bf9a211bd35ff5bc31de09f7e165cd0d34ed9e5..a1bc1efc85b67e6ec422d54c8e7bee1699919ac4 100644
(file)
--- a/
org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
+++ b/
org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
@@
-166,7
+166,7
@@
public class CmsUserManagerImpl implements CmsUserManager {
List<User> users = new ArrayList<User>();
for (Role role : roles) {
if ((includeUsers && role.getType() == Role.USER || role.getType() == Role.GROUP) && !users.contains(role)
List<User> users = new ArrayList<User>();
for (Role role : roles) {
if ((includeUsers && role.getType() == Role.USER || role.getType() == Role.GROUP) && !users.contains(role)
- && (includeSystemRoles || !role.getName().toLowerCase().endsWith(CmsConstants.ROLES_BASEDN))) {
+ && (includeSystemRoles || !role.getName().toLowerCase().endsWith(CmsConstants.
SYSTEM_
ROLES_BASEDN))) {
if (match(role, filter))
users.add((User) role);
}
if (match(role, filter))
users.add((User) role);
}
@@
-368,7
+368,7
@@
public class CmsUserManagerImpl implements CmsUserManager {
if (onlyWritable && readOnly)
continue;
if (onlyWritable && readOnly)
continue;
- if (baseDn.equalsIgnoreCase(CmsConstants.ROLES_BASEDN))
+ if (baseDn.equalsIgnoreCase(CmsConstants.
SYSTEM_
ROLES_BASEDN))
continue;
if (baseDn.equalsIgnoreCase(CmsConstants.TOKENS_BASEDN))
continue;
continue;
if (baseDn.equalsIgnoreCase(CmsConstants.TOKENS_BASEDN))
continue;
diff --git
a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
index daec2ea767cb167156bb45bd5578dfd603debfdb..7f4314b996bc9a0c9d7c5f8042c10445fbaf81e2 100644
(file)
--- a/
org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
+++ b/
org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
@@
-65,7
+65,7
@@
public class CmsUserAdmin extends AggregatingUserAdmin {
private CmsState cmsState;
public CmsUserAdmin() {
private CmsState cmsState;
public CmsUserAdmin() {
- super(CmsConstants.ROLES_BASEDN, CmsConstants.TOKENS_BASEDN);
+ super(CmsConstants.
SYSTEM_
ROLES_BASEDN, CmsConstants.TOKENS_BASEDN);
}
public void start() {
}
public void start() {
@@
-93,7
+93,7
@@
public class CmsUserAdmin extends AggregatingUserAdmin {
// node roles
String nodeRolesUri = null;// getFrameworkProp(CmsConstants.ROLES_URI);
// node roles
String nodeRolesUri = null;// getFrameworkProp(CmsConstants.ROLES_URI);
- String baseNodeRoleDn = CmsConstants.ROLES_BASEDN;
+ String baseNodeRoleDn = CmsConstants.
SYSTEM_
ROLES_BASEDN;
if (nodeRolesUri == null && nodeBase != null) {
nodeRolesUri = baseNodeRoleDn + ".ldif";
Path nodeRolesFile = nodeBase.resolve(nodeRolesUri);
if (nodeRolesUri == null && nodeBase != null) {
nodeRolesUri = baseNodeRoleDn + ".ldif";
Path nodeRolesFile = nodeBase.resolve(nodeRolesUri);
diff --git
a/swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/GroupsView.java
b/swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/GroupsView.java
index 3bf48918db8cd1b65f5e8adc5aba4c676288f157..73e4f5d11900f063fd587df6dc283267d59f4d52 100644
(file)
--- a/
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/GroupsView.java
+++ b/
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/GroupsView.java
@@
-198,7
+198,7
@@
public class GroupsView {
.append("))");
if (!showSystemRoles)
.append("))");
if (!showSystemRoles)
- builder.append("(!(").append(LdapAttrs.DN).append("=*").append(CmsConstants.ROLES_BASEDN)
+ builder.append("(!(").append(LdapAttrs.DN).append("=*").append(CmsConstants.
SYSTEM_
ROLES_BASEDN)
.append("))");
builder.append("(|");
builder.append(tmpBuilder.toString());
.append("))");
builder.append("(|");
builder.append(tmpBuilder.toString());
@@
-207,7
+207,7
@@
public class GroupsView {
if (!showSystemRoles)
builder.append("(&(").append(LdapAttrs.objectClass.name()).append("=")
.append(LdapObjs.groupOfNames.name()).append(")(!(").append(LdapAttrs.DN).append("=*")
if (!showSystemRoles)
builder.append("(&(").append(LdapAttrs.objectClass.name()).append("=")
.append(LdapObjs.groupOfNames.name()).append(")(!(").append(LdapAttrs.DN).append("=*")
- .append(CmsConstants.ROLES_BASEDN).append("))(!(").append(LdapAttrs.DN).append("=*")
+ .append(CmsConstants.
SYSTEM_
ROLES_BASEDN).append("))(!(").append(LdapAttrs.DN).append("=*")
.append(CmsConstants.TOKENS_BASEDN).append(")))");
else
builder.append("(&(").append(LdapAttrs.objectClass.name()).append("=")
.append(CmsConstants.TOKENS_BASEDN).append(")))");
else
builder.append("(&(").append(LdapAttrs.objectClass.name()).append("=")
diff --git
a/swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/UserAdminWrapper.java
b/swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/UserAdminWrapper.java
index 00b519d5cc08fafc8e3cd82ccf0cc3b5b3b6644f..dbb629c2551fb101444fd15009f5e376686d39be 100644
(file)
--- a/
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/UserAdminWrapper.java
+++ b/
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/UserAdminWrapper.java
@@
-95,7
+95,7
@@
public class UserAdminWrapper {
if (onlyWritable && readOnly)
continue;
if (onlyWritable && readOnly)
continue;
- if (baseDn.equalsIgnoreCase(CmsConstants.ROLES_BASEDN))
+ if (baseDn.equalsIgnoreCase(CmsConstants.
SYSTEM_
ROLES_BASEDN))
continue;
if (baseDn.equalsIgnoreCase(CmsConstants.TOKENS_BASEDN))
continue;
continue;
if (baseDn.equalsIgnoreCase(CmsConstants.TOKENS_BASEDN))
continue;
diff --git
a/swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/providers/RoleIconLP.java
b/swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/providers/RoleIconLP.java
index 8c94093e406e02fe1a1825e30620a03a5fe2b548..8e12eeda14afc5ddf8dfcf7baede4854d2ab97d5 100644
(file)
--- a/
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/providers/RoleIconLP.java
+++ b/
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/providers/RoleIconLP.java
@@
-22,7
+22,7
@@
public class RoleIconLP extends UserAdminAbstractLP {
public Image getImage(Object element) {
User user = (User) element;
String dn = user.getName();
public Image getImage(Object element) {
User user = (User) element;
String dn = user.getName();
- if (dn.endsWith(CmsConstants.ROLES_BASEDN))
+ if (dn.endsWith(CmsConstants.
SYSTEM_
ROLES_BASEDN))
return SecurityAdminImages.ICON_ROLE;
else if (user.getType() == Role.GROUP) {
String businessCategory = UserAdminUtils.getProperty(user, LdapAttrs.businessCategory);
return SecurityAdminImages.ICON_ROLE;
else if (user.getType() == Role.GROUP) {
String businessCategory = UserAdminUtils.getProperty(user, LdapAttrs.businessCategory);
diff --git
a/swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/providers/UserFilter.java
b/swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/providers/UserFilter.java
index 154b04725574e6523fd93446c9f6553b7837bf8c..7a7bfbf56007543d34d4c26b9917e5eb0863aea6 100644
(file)
--- a/
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/providers/UserFilter.java
+++ b/
swt/org.argeo.cms.e4/src/org/argeo/cms/e4/users/providers/UserFilter.java
@@
-37,7
+37,7
@@
public class UserFilter extends ViewerFilter {
@Override
public boolean select(Viewer viewer, Object parentElement, Object element) {
User user = (User) element;
@Override
public boolean select(Viewer viewer, Object parentElement, Object element) {
User user = (User) element;
- if (!showSystemRole && user.getName().matches(".*(" + CmsConstants.ROLES_BASEDN + ")"))
+ if (!showSystemRole && user.getName().matches(".*(" + CmsConstants.
SYSTEM_
ROLES_BASEDN + ")"))
// UserAdminUtils.getProperty(user, LdifName.dn.name())
// .toLowerCase().endsWith(AuthConstants.ROLES_BASEDN))
return false;
// UserAdminUtils.getProperty(user, LdifName.dn.name())
// .toLowerCase().endsWith(AuthConstants.ROLES_BASEDN))
return false;
diff --git
a/swt/org.argeo.cms.swt/src/org/argeo/cms/swt/useradmin/PickUpUserDialog.java
b/swt/org.argeo.cms.swt/src/org/argeo/cms/swt/useradmin/PickUpUserDialog.java
index ed1bfd8684f50dba1fc7a6dc17442b747209edd2..23e41eadab704ca44d61c2eb3a42678c18480b09 100644
(file)
--- a/
swt/org.argeo.cms.swt/src/org/argeo/cms/swt/useradmin/PickUpUserDialog.java
+++ b/
swt/org.argeo.cms.swt/src/org/argeo/cms/swt/useradmin/PickUpUserDialog.java
@@
-214,7
+214,7
@@
public class PickUpUserDialog extends TrayDialog {
if (!showSystemRoleBtn.getSelection())
typeStr = "(& " + typeStr + "(!(" + LdapAttrs.DN + "=*"
if (!showSystemRoleBtn.getSelection())
typeStr = "(& " + typeStr + "(!(" + LdapAttrs.DN + "=*"
- + CmsConstants.ROLES_BASEDN + ")))";
+ + CmsConstants.
SYSTEM_
ROLES_BASEDN + ")))";
if (filterBuilder.length() > 1) {
builder.append("(&" + typeStr);
if (filterBuilder.length() > 1) {
builder.append("(&" + typeStr);
diff --git
a/swt/org.argeo.cms.swt/src/org/argeo/cms/swt/useradmin/UserLP.java
b/swt/org.argeo.cms.swt/src/org/argeo/cms/swt/useradmin/UserLP.java
index d1c90a43f76f316e1b58f92345d9bd13379bfdd4..b3ab40ec3b46308a7f0b401de8e5a2f49c95b490 100644
(file)
--- a/
swt/org.argeo.cms.swt/src/org/argeo/cms/swt/useradmin/UserLP.java
+++ b/
swt/org.argeo.cms.swt/src/org/argeo/cms/swt/useradmin/UserLP.java
@@
-46,7
+46,7
@@
class UserLP extends ColumnLabelProvider {
if (COL_ICON.equals(currType)) {
User user = (User) element;
String dn = user.getName();
if (COL_ICON.equals(currType)) {
User user = (User) element;
String dn = user.getName();
- if (dn.endsWith(CmsConstants.ROLES_BASEDN))
+ if (dn.endsWith(CmsConstants.
SYSTEM_
ROLES_BASEDN))
return UsersImages.ICON_ROLE;
else if (user.getType() == Role.GROUP)
return UsersImages.ICON_GROUP;
return UsersImages.ICON_ROLE;
else if (user.getType() == Role.GROUP)
return UsersImages.ICON_GROUP;