This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.jcr.jackrabbit.usermanager-2.2.0 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-usermanager.git
commit 418e4bff6c2fcbc6493d6a64443a2668254f8783 Author: Eric Norman <[email protected]> AuthorDate: Tue May 3 05:29:58 2011 +0000 SLING-2070 Members of the UserAdmin group can not create a new user git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager@1098913 13f79535-47bb-0310-9956-ffa450edef68 --- .../usermanager/impl/post/CreateUserServlet.java | 35 ++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java index 34cf4c2..551a933 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java @@ -24,10 +24,12 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.sling.api.SlingHttpServletRequest; import org.apache.sling.api.servlets.HtmlResponse; +import org.apache.sling.commons.osgi.OsgiUtil; import org.apache.sling.servlets.post.impl.helper.RequestProperty; import org.apache.sling.jackrabbit.usermanager.impl.resource.AuthorizableResourceProvider; import org.apache.sling.jcr.api.SlingRepository; @@ -105,6 +107,23 @@ public class CreateUserServlet extends AbstractUserPostServlet { private Boolean selfRegistrationEnabled = DEFAULT_SELF_REGISTRATION_ENABLED; /** + * The name of the configuration parameter providing the + * 'User administrator' group name. + * + * @scr.property valueRef="DEFAULT_USER_ADMIN_GROUP_NAME" + */ + private static final String PAR_USER_ADMIN_GROUP_NAME = "user.admin.group.name"; + + /** + * The default 'User administrator' group name + * + * @see #PAR_USER_ADMIN_GROUP_NAME + */ + private static final String DEFAULT_USER_ADMIN_GROUP_NAME = "UserAdmin"; + + private String userAdminGroupName = DEFAULT_USER_ADMIN_GROUP_NAME; + + /** * The JCR Repository we access to resolve resources * * @scr.reference @@ -155,6 +174,10 @@ public class CreateUserServlet extends AbstractUserPostServlet { } else { selfRegistrationEnabled = DEFAULT_SELF_REGISTRATION_ENABLED; } + + this.userAdminGroupName = OsgiUtil.toString(props.get(PAR_USER_ADMIN_GROUP_NAME), + DEFAULT_USER_ADMIN_GROUP_NAME); + log.info("User Admin Group Name {}", this.userAdminGroupName); } /* @@ -176,6 +199,18 @@ public class CreateUserServlet extends AbstractUserPostServlet { UserManager um = AccessControlUtil.getUserManager(currentSession); User currentUser = (User) um.getAuthorizable(currentSession.getUserID()); administrator = currentUser.isAdmin(); + + if (!administrator) { + //check if the user is a member of the 'User administrator' group + Authorizable userAdmin = um.getAuthorizable(this.userAdminGroupName); + if (userAdmin instanceof Group) { + boolean isMember = ((Group)userAdmin).isMember(currentUser); + if (isMember) { + administrator = true; + } + } + + } } catch ( Exception ex ) { log.warn("Failed to determin if the user is an admin, assuming not. Cause: "+ex.getMessage()); administrator = false; -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
