From: Mathieu Baudier <mbaudier@argeo.org>
Date: Fri, 30 Sep 2022 11:42:59 +0000 (+0200)
Subject: Can check string-based roles
X-Git-Tag: v2.3.10~21
X-Git-Url: https://git.argeo.org/?p=lgpl%2Fargeo-commons.git;a=commitdiff_plain;h=54820e57cd85c97596d516f7ee4410cc6ecb9109

Can check string-based roles
---

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
index 68ea5ff28..2fd8730d8 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
@@ -13,6 +13,7 @@ import java.util.UUID;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 
+import org.argeo.api.acr.NamespaceUtils;
 import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsSession;
 import org.argeo.api.cms.CmsSessionId;
@@ -74,6 +75,11 @@ public final class CurrentUser {
 		return role.implied(currentSubject(), context);
 	}
 
+	/** Implies this {@link SystemRole} in this context. */
+	public final static boolean implies(String role, String context) {
+		return SystemRole.implied(NamespaceUtils.parsePrefixedName(role), currentSubject(), context);
+	}
+
 	/** Executes as the current user */
 	public final static <T> T doAs(PrivilegedAction<T> action) {
 		return Subject.doAs(currentSubject(), action);
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
index 3a28b7c88..5d62d9803 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
@@ -12,10 +12,14 @@ public interface SystemRole {
 	QName getName();
 
 	default boolean implied(Subject subject, String context) {
+		return implied(getName(), subject, context);
+	}
+
+	static boolean implied(QName name, Subject subject, String context) {
 		Set<ImpliedByPrincipal> roles = subject.getPrincipals(ImpliedByPrincipal.class);
 		for (ImpliedByPrincipal role : roles) {
 			if (role.isSystemRole()) {
-				if (role.getRoleName().equals(getName())) {
+				if (role.getRoleName().equals(name)) {
 					// !! if context is not specified, it is considered irrelevant
 					if (context == null)
 						return true;
@@ -26,6 +30,6 @@ public interface SystemRole {
 			}
 		}
 		return false;
-	}
 
+	}
 }