From 54820e57cd85c97596d516f7ee4410cc6ecb9109 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Fri, 30 Sep 2022 13:42:59 +0200
Subject: [PATCH] Can check string-based roles

---
 org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java | 6 ++++++
 org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java  | 8 ++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
index 68ea5ff28..2fd8730d8 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java
@@ -13,6 +13,7 @@ import java.util.UUID;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 
+import org.argeo.api.acr.NamespaceUtils;
 import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsSession;
 import org.argeo.api.cms.CmsSessionId;
@@ -74,6 +75,11 @@ public final class CurrentUser {
 		return role.implied(currentSubject(), context);
 	}
 
+	/** Implies this {@link SystemRole} in this context. */
+	public final static boolean implies(String role, String context) {
+		return SystemRole.implied(NamespaceUtils.parsePrefixedName(role), currentSubject(), context);
+	}
+
 	/** Executes as the current user */
 	public final static <T> T doAs(PrivilegedAction<T> action) {
 		return Subject.doAs(currentSubject(), action);
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
index 3a28b7c88..5d62d9803 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java
@@ -12,10 +12,14 @@ public interface SystemRole {
 	QName getName();
 
 	default boolean implied(Subject subject, String context) {
+		return implied(getName(), subject, context);
+	}
+
+	static boolean implied(QName name, Subject subject, String context) {
 		Set<ImpliedByPrincipal> roles = subject.getPrincipals(ImpliedByPrincipal.class);
 		for (ImpliedByPrincipal role : roles) {
 			if (role.isSystemRole()) {
-				if (role.getRoleName().equals(getName())) {
+				if (role.getRoleName().equals(name)) {
 					// !! if context is not specified, it is considered irrelevant
 					if (context == null)
 						return true;
@@ -26,6 +30,6 @@ public interface SystemRole {
 			}
 		}
 		return false;
-	}
 
+	}
 }
-- 
2.30.2