You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:50:01 UTC
[sling-org-apache-sling-jcr-jackrabbit-usermanager] 08/10:
SLING-5093 - Remove UserAdmin and GroupAdmin settings from
AuthorizablePrivilegesInfo
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.jcr.jackrabbit.usermanager-2.2.4
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-usermanager.git
commit 5197ce67cbd950e7c282131adde1661c14ad38e3
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Tue Oct 6 19:47:17 2015 +0000
SLING-5093 - Remove UserAdmin and GroupAdmin settings from
AuthorizablePrivilegesInfo
- remove UserAdmin and GroupAdmin settings
- remove metatype
- warn if UserAdmin or GroupAdmin settings are configured
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager@1707126 13f79535-47bb-0310-9956-ffa450edef68
---
.../impl/AuthorizablePrivilegesInfoImpl.java | 124 ++-------------------
1 file changed, 9 insertions(+), 115 deletions(-)
diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java
index 641f8a1..ee76f1f 100644
--- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java
+++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java
@@ -26,11 +26,9 @@ import javax.jcr.Session;
import javax.servlet.Servlet;
import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.Authorizable;
-import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.commons.osgi.OsgiUtil;
@@ -53,25 +51,10 @@ import org.slf4j.LoggerFactory;
*
* <li>every known user is allowed to modify it's own properties except for
* her/his group membership,</li>
- *
- * <li>members of the 'User administrator' group are allowed to create, modify
- * and remove users,</li>
- *
- * <li>members of the 'Group administrator' group are allowed to create, modify
- * and remove groups,</li>
- *
- * <li>group membership can only be edited by members of the 'Group administrator'
- * and the 'User administrator' group.</li>
* </ul>
*/
-@Component (immediate=true, metatype=true)
+@Component (immediate=true)
@Service (value=AuthorizablePrivilegesInfo.class)
-@Properties ({
- @Property (name="service.description",
- value="User/Group Privileges Information"),
- @Property (name="service.vendor",
- value="The Apache Software Foundation")
-})
public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInfo {
/** default log */
@@ -91,8 +74,6 @@ public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInf
@Property (value=DEFAULT_USER_ADMIN_GROUP_NAME)
private static final String PAR_USER_ADMIN_GROUP_NAME = "user.admin.group.name";
- private String userAdminGroupName = DEFAULT_USER_ADMIN_GROUP_NAME;
-
/**
* The default 'User administrator' group name
*
@@ -106,9 +87,6 @@ public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInf
*/
@Property (value=DEFAULT_GROUP_ADMIN_GROUP_NAME)
private static final String PAR_GROUP_ADMIN_GROUP_NAME = "group.admin.group.name";
-
- private String groupAdminGroupName = DEFAULT_GROUP_ADMIN_GROUP_NAME;
-
/* (non-Javadoc)
* @see org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo#canAddGroup(javax.jcr.Session)
@@ -122,15 +100,6 @@ public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInf
if (((User)currentUser).isAdmin()) {
return true; //admin user has full control
}
-
- //check if the user is a member of the 'Group administrator' group
- Authorizable groupAdmin = userManager.getAuthorizable(this.groupAdminGroupName);
- if (groupAdmin instanceof Group) {
- boolean isMember = ((Group)groupAdmin).isMember(currentUser);
- if (isMember) {
- return true;
- }
- }
}
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can add a new group", jcrSession.getUserID());
@@ -169,15 +138,6 @@ public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInf
if (((User)currentUser).isAdmin()) {
return true; //admin user has full control
}
-
- //check if the user is a member of the 'User administrator' group
- Authorizable userAdmin = userManager.getAuthorizable(this.userAdminGroupName);
- if (userAdmin instanceof Group) {
- boolean isMember = ((Group)userAdmin).isMember(currentUser);
- if (isMember) {
- return true;
- }
- }
}
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can add a new user", jcrSession.getUserID());
@@ -198,27 +158,6 @@ public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInf
if (((User)currentUser).isAdmin()) {
return true; //admin user has full control
}
-
- Authorizable authorizable = userManager.getAuthorizable(principalId);
- if (authorizable instanceof User) {
- //check if the user is a member of the 'User administrator' group
- Authorizable userAdmin = userManager.getAuthorizable(this.userAdminGroupName);
- if (userAdmin instanceof Group) {
- boolean isMember = ((Group)userAdmin).isMember(currentUser);
- if (isMember) {
- return true;
- }
- }
- } else if (authorizable instanceof Group) {
- //check if the user is a member of the 'Group administrator' group
- Authorizable groupAdmin = userManager.getAuthorizable(this.groupAdminGroupName);
- if (groupAdmin instanceof Group) {
- boolean isMember = ((Group)groupAdmin).isMember(currentUser);
- if (isMember) {
- return true;
- }
- }
- }
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can remove authorizable {}", jcrSession.getUserID(), principalId);
}
@@ -236,27 +175,6 @@ public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInf
if (((User)currentUser).isAdmin()) {
return true; //admin user has full control
}
-
- Authorizable authorizable = userManager.getAuthorizable(groupId);
- if (authorizable instanceof Group) {
- //check if the user is a member of the 'Group administrator' group
- Authorizable groupAdmin = userManager.getAuthorizable(this.groupAdminGroupName);
- if (groupAdmin instanceof Group) {
- boolean isMember = ((Group)groupAdmin).isMember(currentUser);
- if (isMember) {
- return true;
- }
- }
-
- //check if the user is a member of the 'User administrator' group
- Authorizable userAdmin = userManager.getAuthorizable(this.userAdminGroupName);
- if (userAdmin instanceof Group) {
- boolean isMember = ((Group)userAdmin).isMember(currentUser);
- if (isMember) {
- return true;
- }
- }
- }
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can remove authorizable {}", jcrSession.getUserID(), groupId);
}
@@ -279,27 +197,6 @@ public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInf
if (((User)currentUser).isAdmin()) {
return true; //admin user has full control
}
-
- Authorizable authorizable = userManager.getAuthorizable(principalId);
- if (authorizable instanceof User) {
- //check if the user is a member of the 'User administrator' group
- Authorizable userAdmin = userManager.getAuthorizable(this.userAdminGroupName);
- if (userAdmin instanceof Group) {
- boolean isMember = ((Group)userAdmin).isMember(currentUser);
- if (isMember) {
- return true;
- }
- }
- } else if (authorizable instanceof Group) {
- //check if the user is a member of the 'Group administrator' group
- Authorizable groupAdmin = userManager.getAuthorizable(this.groupAdminGroupName);
- if (groupAdmin instanceof Group) {
- boolean isMember = ((Group)groupAdmin).isMember(currentUser);
- if (isMember) {
- return true;
- }
- }
- }
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can remove authorizable {}", jcrSession.getUserID(), principalId);
}
@@ -328,17 +225,14 @@ public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInf
Dictionary<?, ?> properties = componentContext.getProperties();
- this.userAdminGroupName = OsgiUtil.toString(properties.get(PAR_USER_ADMIN_GROUP_NAME),
- DEFAULT_USER_ADMIN_GROUP_NAME);
- log.info("User Admin Group Name {}", this.userAdminGroupName);
-
- this.groupAdminGroupName = OsgiUtil.toString(properties.get(PAR_GROUP_ADMIN_GROUP_NAME),
- DEFAULT_GROUP_ADMIN_GROUP_NAME);
- log.info("Group Admin Group Name {}", this.groupAdminGroupName);
- }
+ String userAdminGroupName = OsgiUtil.toString(properties.get(PAR_USER_ADMIN_GROUP_NAME), null);
+ if ( userAdminGroupName != null && ! DEFAULT_USER_ADMIN_GROUP_NAME.equals(userAdminGroupName)) {
+ log.warn("Configuration setting for {} is deprecated and will not have any effect", PAR_USER_ADMIN_GROUP_NAME);
+ }
- protected void deactivate(ComponentContext componentContext) {
- this.userAdminGroupName = DEFAULT_USER_ADMIN_GROUP_NAME;
- this.groupAdminGroupName = DEFAULT_GROUP_ADMIN_GROUP_NAME;
+ String groupAdminGroupName = OsgiUtil.toString(properties.get(PAR_GROUP_ADMIN_GROUP_NAME), null);
+ if ( groupAdminGroupName != null && ! DEFAULT_GROUP_ADMIN_GROUP_NAME.equals(userAdminGroupName)) {
+ log.warn("Configuration setting for {} is deprecated and will not have any effect", PAR_GROUP_ADMIN_GROUP_NAME);
+ }
}
}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.