From 31b38e01786935f1cb0813c22a5ff3f1f414c8b7 Mon Sep 17 00:00:00 2001
From: Jan Vonka <jan.vonka@alfresco.com>
Date: Wed, 13 May 2009 11:34:46 +0000
Subject: [PATCH] Fix ALFCOM-2859 - MT Share Admin Console (create new user)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@14293 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 config/alfresco/script-services-context.xml   |  3 ++
 .../org/alfresco/repo/jscript/People.java     | 46 +++++++++++++++++--
 2 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/config/alfresco/script-services-context.xml b/config/alfresco/script-services-context.xml
index 8572372da1..bb85f19507 100644
--- a/config/alfresco/script-services-context.xml
+++ b/config/alfresco/script-services-context.xml
@@ -123,6 +123,9 @@
         <property name="contentUsageService">
             <ref bean="ContentUsageService"/>
         </property>
+        <property name="tenantService">
+            <ref bean="tenantService"/>
+        </property>
         <property name="userNameGenerator">
             <ref bean="userNameGenerator"/>
         </property>
diff --git a/source/java/org/alfresco/repo/jscript/People.java b/source/java/org/alfresco/repo/jscript/People.java
index ec0507f66b..047abfaa38 100644
--- a/source/java/org/alfresco/repo/jscript/People.java
+++ b/source/java/org/alfresco/repo/jscript/People.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -29,11 +29,13 @@ import java.util.StringTokenizer;
 
 import org.alfresco.model.ContentModel;
 import org.alfresco.repo.search.impl.lucene.LuceneQueryParser;
+import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
 import org.alfresco.repo.security.authentication.PasswordGenerator;
 import org.alfresco.repo.security.authentication.UserNameGenerator;
 import org.alfresco.repo.security.authority.AuthorityDAO;
+import org.alfresco.repo.tenant.TenantService;
 import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.StoreRef;
@@ -48,6 +50,8 @@ import org.alfresco.service.cmr.usage.ContentUsageService;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.util.ParameterCheck;
 import org.alfresco.util.PropertyMap;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.mozilla.javascript.Context;
 import org.mozilla.javascript.Scriptable;
 
@@ -59,6 +63,8 @@ import org.mozilla.javascript.Scriptable;
  */
 public final class People extends BaseScopableProcessorExtension
 {
+    private static Log logger = LogFactory.getLog(People.class);
+    
     /** Repository Service Registry */
     private ServiceRegistry services;
     private AuthorityDAO authorityDAO;
@@ -66,6 +72,7 @@ public final class People extends BaseScopableProcessorExtension
     private PersonService personService;
     private MutableAuthenticationDao mutableAuthenticationDao;
     private ContentUsageService contentUsageService;
+    private TenantService tenantService;
     private UserNameGenerator usernameGenerator;
     private PasswordGenerator passwordGenerator;
     private StoreRef storeRef;
@@ -144,7 +151,15 @@ public final class People extends BaseScopableProcessorExtension
     {
         this.contentUsageService = contentUsageService;
     }
-
+    
+    /**
+     * @param tenantService   the tenantService to set
+     */
+    public void setTenantService(TenantService tenantService)
+    {
+        this.tenantService = tenantService;
+    }
+    
     /**
      * Set the user name generator service
      * 
@@ -215,9 +230,34 @@ public final class People extends BaseScopableProcessorExtension
             	}
             }
         }
-		
+        
         if (userName != null)
         {
+            if (tenantService.isEnabled())
+            {
+                String currentDomain = tenantService.getCurrentUserDomain();
+                if (! currentDomain.equals(TenantService.DEFAULT_DOMAIN))
+                {
+                    if (! tenantService.isTenantUser(userName))
+                    {
+                        // force domain onto the end of the username
+                        userName = tenantService.getDomainUser(userName, currentDomain);
+                        logger.warn("Added domain to username: " + userName);
+                    }
+                    else
+                    {
+                        try
+                        {
+                            tenantService.checkDomainUser(userName);
+                        }
+                        catch (RuntimeException re)
+                        {
+                            throw new AuthenticationException("User must belong to same domain as admin: " + currentDomain);
+                        }
+                    }
+                }
+            }
+            
             person = createPerson(userName, firstName, lastName, emailAddress);
     		
     		if (createUserAccount)