Le jeudi 19 avril 2007 à 16:12 +0200, Frédéric Thise a écrit :
>
> Also present in UserManagerActionsBean:
> public void initialize() {
> log.info("Initializing...");
> principal = (NuxeoPrincipal) FacesContext.getCurrentInstan()
> .getExternalContext().getUserPrincipal();
> principalIsAdmin = principal.getGroups().contains("administrators");
> }
>
> wouldn't it be simpler to allow the user through a configuration file
> to set the name of the "administrators" and "members" groups?
> eg: principalIsAdmin =
> principal.getGroups().contains(Config.getAdministratorsGroupName());
> and Config is built from an XML file...
Yes, that was the point : making an extension point for groups mapping.
The existing extension point for the UserManager could be a good
candidate for that.
How about to contribute this ? :)
>
>
>
> "Tiry" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> Le jeudi 19 avril 2007 à 14:46 +0200, Frédéric Thise a écrit :
> >
> > Unfortunately yes,
> > for example in NuxeoPrincipalImpl, "administrators" is hardcoded:
> > public boolean isAdministrator()
> > {
> > try {
> > return isMemberOf("administrators");
> > } catch (ClientException e) {
> > // TODO Auto-generated catch block
> > e.printStackTrace();
> > return false;
> > }
> > }
> >
> This was added a few days ago in order to guard some administration
> actions.
> If needed, this method could be pluggable.
>
> > ...
> >
> >
> > "Olivier Grisel" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> > Frédéric Thise a écrit :
> > > Hello,
> > >
> > > i would like to map the groups from my LDAP server to the Nuxeo
> > groups
> > > (administrators, members) but i don't want to use these names in
> my
> > LDAP
> > > server (besides administrators is reserved in my Active directory
> > server)..
> > > Is there a way to map group names? eg: in LDAP:
> > 'nuxeo_administrators'
> > > mapped to 'administrators'.
> >
> > You are free to use other group names and give them the needed
> rights
> > at the
> > root of your domains using the rights management tab. You can use
> the
> > the
> > defaultAdministratorId tag to setup a virtual administrator.
> >
> > Hopefully security checks are done on permissions and not group
> names
> > but their
> > might be a few places in the code where groupnames are hardcoded.
> >
> > --
> > Olivier
> > _______________________________________________
> > ECM mailing list
> > [email protected]
> > http://lists.nuxeo.com/mailman/listinfo/ecm
> _______________________________________________
> ECM mailing list
> [email protected]
> http://lists.nuxeo.com/mailman/listinfo/ecm
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
