Author: rombert Date: Tue Oct 6 19:47:17 2015 New Revision: 1707126 URL: http://svn.apache.org/viewvc?rev=1707126&view=rev Log: SLING-509 - Remove UserAdmin and GroupAdmin settings from AuthorizablePrivilegesInfo
- remove UserAdmin and GroupAdmin settings - remove metatype - warn if UserAdmin or GroupAdmin settings are configured Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java?rev=1707126&r1=1707125&r2=1707126&view=diff ============================================================================== --- sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java (original) +++ sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java Tue Oct 6 19:47:17 2015 @@ -26,11 +26,9 @@ import javax.jcr.Session; import javax.servlet.Servlet; import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Properties; import org.apache.felix.scr.annotations.Property; import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.api.security.user.Authorizable; -import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.sling.commons.osgi.OsgiUtil; @@ -53,25 +51,10 @@ import org.slf4j.LoggerFactory; * * <li>every known user is allowed to modify it's own properties except for * her/his group membership,</li> - * - * <li>members of the 'User administrator' group are allowed to create, modify - * and remove users,</li> - * - * <li>members of the 'Group administrator' group are allowed to create, modify - * and remove groups,</li> - * - * <li>group membership can only be edited by members of the 'Group administrator' - * and the 'User administrator' group.</li> * </ul> */ -@Component (immediate=true, metatype=true) +@Component (immediate=true) @Service (value=AuthorizablePrivilegesInfo.class) -@Properties ({ - @Property (name="service.description", - value="User/Group Privileges Information"), - @Property (name="service.vendor", - value="The Apache Software Foundation") -}) public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInfo { /** default log */ @@ -91,8 +74,6 @@ public class AuthorizablePrivilegesInfoI @Property (value=DEFAULT_USER_ADMIN_GROUP_NAME) private static final String PAR_USER_ADMIN_GROUP_NAME = "user.admin.group.name"; - private String userAdminGroupName = DEFAULT_USER_ADMIN_GROUP_NAME; - /** * The default 'User administrator' group name * @@ -106,9 +87,6 @@ public class AuthorizablePrivilegesInfoI */ @Property (value=DEFAULT_GROUP_ADMIN_GROUP_NAME) private static final String PAR_GROUP_ADMIN_GROUP_NAME = "group.admin.group.name"; - - private String groupAdminGroupName = DEFAULT_GROUP_ADMIN_GROUP_NAME; - /* (non-Javadoc) * @see org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo#canAddGroup(javax.jcr.Session) @@ -122,15 +100,6 @@ public class AuthorizablePrivilegesInfoI if (((User)currentUser).isAdmin()) { return true; //admin user has full control } - - //check if the user is a member of the 'Group administrator' group - Authorizable groupAdmin = userManager.getAuthorizable(this.groupAdminGroupName); - if (groupAdmin instanceof Group) { - boolean isMember = ((Group)groupAdmin).isMember(currentUser); - if (isMember) { - return true; - } - } } } catch (RepositoryException e) { log.warn("Failed to determine if {} can add a new group", jcrSession.getUserID()); @@ -169,15 +138,6 @@ public class AuthorizablePrivilegesInfoI if (((User)currentUser).isAdmin()) { return true; //admin user has full control } - - //check if the user is a member of the 'User administrator' group - Authorizable userAdmin = userManager.getAuthorizable(this.userAdminGroupName); - if (userAdmin instanceof Group) { - boolean isMember = ((Group)userAdmin).isMember(currentUser); - if (isMember) { - return true; - } - } } } catch (RepositoryException e) { log.warn("Failed to determine if {} can add a new user", jcrSession.getUserID()); @@ -198,27 +158,6 @@ public class AuthorizablePrivilegesInfoI if (((User)currentUser).isAdmin()) { return true; //admin user has full control } - - Authorizable authorizable = userManager.getAuthorizable(principalId); - if (authorizable instanceof User) { - //check if the user is a member of the 'User administrator' group - Authorizable userAdmin = userManager.getAuthorizable(this.userAdminGroupName); - if (userAdmin instanceof Group) { - boolean isMember = ((Group)userAdmin).isMember(currentUser); - if (isMember) { - return true; - } - } - } else if (authorizable instanceof Group) { - //check if the user is a member of the 'Group administrator' group - Authorizable groupAdmin = userManager.getAuthorizable(this.groupAdminGroupName); - if (groupAdmin instanceof Group) { - boolean isMember = ((Group)groupAdmin).isMember(currentUser); - if (isMember) { - return true; - } - } - } } catch (RepositoryException e) { log.warn("Failed to determine if {} can remove authorizable {}", jcrSession.getUserID(), principalId); } @@ -236,27 +175,6 @@ public class AuthorizablePrivilegesInfoI if (((User)currentUser).isAdmin()) { return true; //admin user has full control } - - Authorizable authorizable = userManager.getAuthorizable(groupId); - if (authorizable instanceof Group) { - //check if the user is a member of the 'Group administrator' group - Authorizable groupAdmin = userManager.getAuthorizable(this.groupAdminGroupName); - if (groupAdmin instanceof Group) { - boolean isMember = ((Group)groupAdmin).isMember(currentUser); - if (isMember) { - return true; - } - } - - //check if the user is a member of the 'User administrator' group - Authorizable userAdmin = userManager.getAuthorizable(this.userAdminGroupName); - if (userAdmin instanceof Group) { - boolean isMember = ((Group)userAdmin).isMember(currentUser); - if (isMember) { - return true; - } - } - } } catch (RepositoryException e) { log.warn("Failed to determine if {} can remove authorizable {}", jcrSession.getUserID(), groupId); } @@ -279,27 +197,6 @@ public class AuthorizablePrivilegesInfoI if (((User)currentUser).isAdmin()) { return true; //admin user has full control } - - Authorizable authorizable = userManager.getAuthorizable(principalId); - if (authorizable instanceof User) { - //check if the user is a member of the 'User administrator' group - Authorizable userAdmin = userManager.getAuthorizable(this.userAdminGroupName); - if (userAdmin instanceof Group) { - boolean isMember = ((Group)userAdmin).isMember(currentUser); - if (isMember) { - return true; - } - } - } else if (authorizable instanceof Group) { - //check if the user is a member of the 'Group administrator' group - Authorizable groupAdmin = userManager.getAuthorizable(this.groupAdminGroupName); - if (groupAdmin instanceof Group) { - boolean isMember = ((Group)groupAdmin).isMember(currentUser); - if (isMember) { - return true; - } - } - } } catch (RepositoryException e) { log.warn("Failed to determine if {} can remove authorizable {}", jcrSession.getUserID(), principalId); } @@ -328,17 +225,14 @@ public class AuthorizablePrivilegesInfoI Dictionary<?, ?> properties = componentContext.getProperties(); - this.userAdminGroupName = OsgiUtil.toString(properties.get(PAR_USER_ADMIN_GROUP_NAME), - DEFAULT_USER_ADMIN_GROUP_NAME); - log.info("User Admin Group Name {}", this.userAdminGroupName); - - this.groupAdminGroupName = OsgiUtil.toString(properties.get(PAR_GROUP_ADMIN_GROUP_NAME), - DEFAULT_GROUP_ADMIN_GROUP_NAME); - log.info("Group Admin Group Name {}", this.groupAdminGroupName); - } + String userAdminGroupName = OsgiUtil.toString(properties.get(PAR_USER_ADMIN_GROUP_NAME), null); + if ( userAdminGroupName != null && ! DEFAULT_USER_ADMIN_GROUP_NAME.equals(userAdminGroupName)) { + log.warn("Configuration setting for {} is deprecated and will not have any effect", PAR_USER_ADMIN_GROUP_NAME); + } - protected void deactivate(ComponentContext componentContext) { - this.userAdminGroupName = DEFAULT_USER_ADMIN_GROUP_NAME; - this.groupAdminGroupName = DEFAULT_GROUP_ADMIN_GROUP_NAME; + String groupAdminGroupName = OsgiUtil.toString(properties.get(PAR_GROUP_ADMIN_GROUP_NAME), null); + if ( groupAdminGroupName != null && ! DEFAULT_GROUP_ADMIN_GROUP_NAME.equals(userAdminGroupName)) { + log.warn("Configuration setting for {} is deprecated and will not have any effect", PAR_GROUP_ADMIN_GROUP_NAME); + } } }