If you want, here is my code (see below) :
- I want to allow some people to manage some groups but without global admin
rights
- all my local groups name is tokenized (see localGroupSeparator)
- all my local groups name starts with the same prefix (see localGroupPrefix)
- all my local groups name have a "second" prefix to organize them (ex:
ParisSite, BostonSite, LondonSite)
- all my local admin groups name have a suffix (see localGroupAdminSuffix)
- if a user is member of a local admin group (ex: GL_LondonSite_administrator)
he is able to manager all groups starting like "GL_LondonSite_%"
-----
package myplugin.webapp.security;
import static org.jboss.seam.ScopeType.CONVERSATION;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.webapp.security.GroupManagerActionsBean;
@Name("groupManagerActions")
@Scope(CONVERSATION)
@Install(precedence = Install.DEPLOYMENT)
public class CustomGroupManagerActionsBean extends GroupManagerActionsBean {
@SuppressWarnings("unused")
private static final Log log = LogFactory
.getLog(CustomGroupManagerActionsBean.class);
public boolean getAllowEditGroup() throws ClientException {
boolean isAllowedToEditGroup = super.getAllowEditGroup();
if (!isAllowedToEditGroup) {
log.debug("getAllowEditGroup : is allowed for local
groups");
String localGroupSeparator = "_";
String localGroupPrefix = "GL";
String localGroupAdminSuffix = "administrators";
// Check if the user is allowed to edit this group
if (selectedGroup != null) {
log.debug("getAllowEditGroup : selectedGroup id
= "
+ selectedGroup.getId());
String[] groupIdTokens =
selectedGroup.getId().split(
localGroupSeparator);
if (groupIdTokens.length > 2) {
log.debug("getAllowEditGroup : is user
member of local group admin = "
+ localGroupPrefix +
localGroupSeparator
+ groupIdTokens[1] +
localGroupSeparator
+
localGroupAdminSuffix);
// If it's a local group
if
(localGroupPrefix.equalsIgnoreCase(groupIdTokens[0])) {
if (currentUser instanceof
NuxeoPrincipal) {
NuxeoPrincipal pal =
(NuxeoPrincipal) currentUser;
// If the user is
member of the admin group for this
// local group
if
(pal.isMemberOf(localGroupPrefix
+
localGroupSeparator + groupIdTokens[1]
+
localGroupSeparator
+
localGroupAdminSuffix)) {
isAllowedToEditGroup = true;
log.info("getAllowEditGroup : user is local admin for this group");
}
}
}
}
}
}
return isAllowedToEditGroup;
}
}
-----
--
Posted by "sebastien.denef" at Nuxeo Discussions <http://nuxeo.org/discussions>
View the complete thread:
<http://www.nuxeo.org/discussions/thread.jspa?threadID=3448#10582>
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
