inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feature/acs 9456 SCIM user sync (#3324)

Browse Source
This commit is contained in:
jakubkochman
2025-05-15 10:55:09 +02:00
committed by GitHub
parent 193cb9b30d
commit 9ca251edba
5 changed files with 42 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
packaging/tests/scripts/start-compose.sh
View File

@@ -49,5 +49,6 @@ then
echo "Docker Compose started ok" echo "Docker Compose started ok"
else else
echo "Docker Compose failed to start" >&2 echo "Docker Compose failed to start" >&2
docker compose ${DOCKER_COMPOSES} logs --tail 200
exit 1 exit 1
fi fi

5
repository/src/main/java/org/alfresco/repo/security/authority/AuthorityDAO.java
View File

@@ -248,4 +248,9 @@ public interface AuthorityDAO
* Remove an authority from zones. * Remove an authority from zones.
*/ */
public void removeAuthorityFromZones(String authorityName, Set<String> zones); public void removeAuthorityFromZones(String authorityName, Set<String> zones);
/**
* @return Returns the authority container, <b>which must exist</b>
*/
NodeRef getAuthorityContainer();
} }

3
repository/src/main/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
View File

@@ -1360,7 +1360,8 @@ public class AuthorityDAOImpl implements AuthorityDAO, NodeServicePolicies.Befor
/** /**
* @return Returns the authority container, <b>which must exist</b> * @return Returns the authority container, <b>which must exist</b>
*/ */
private NodeRef getAuthorityContainer() @Override
public NodeRef getAuthorityContainer()
{ {
return getSystemContainer(qnameAssocAuthorities); return getSystemContainer(qnameAssocAuthorities);
} }

11
repository/src/main/java/org/alfresco/repo/security/sync/ChainingUserRegistrySynchronizer.java
View File

@@ -411,6 +411,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
Date groupLastModified = groupLastModifiedMillis == -1 ? null : new Date(groupLastModifiedMillis); Date groupLastModified = groupLastModifiedMillis == -1 ? null : new Date(groupLastModifiedMillis);
Date personLastModified = personLastModifiedMillis == -1 ? null : new Date(personLastModifiedMillis); Date personLastModified = personLastModifiedMillis == -1 ? null : new Date(personLastModifiedMillis);
plugin.initSync(groupLastModified, syncDelete);
ret.setGroups(plugin.getGroupNames()); ret.setGroups(plugin.getGroupNames());
ret.setUsers(plugin.getPersonNames()); ret.setUsers(plugin.getPersonNames());
@@ -918,7 +919,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
: getMostRecentUpdateTime( : getMostRecentUpdateTime(
ChainingUserRegistrySynchronizer.GROUP_LAST_MODIFIED_ATTRIBUTE, zoneId, splitTxns); ChainingUserRegistrySynchronizer.GROUP_LAST_MODIFIED_ATTRIBUTE, zoneId, splitTxns);
Date lastModified = lastModifiedMillis == -1 ? null : new Date(lastModifiedMillis); Date lastModified = lastModifiedMillis == -1 ? null : new Date(lastModifiedMillis);
userRegistry.initSync(lastModified, syncDelete);
if (ChainingUserRegistrySynchronizer.logger.isInfoEnabled()) if (ChainingUserRegistrySynchronizer.logger.isInfoEnabled())
{ {
if (lastModified == null) if (lastModified == null)
@@ -945,6 +946,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
this.loggingInterval); this.loggingInterval);
class Analyzer extends BaseBatchProcessWorker<NodeDescription> class Analyzer extends BaseBatchProcessWorker<NodeDescription>
{ {
private final Map<String, NodeDescription> nodeDescriptions = new HashMap<>();
private final Map<String, String> groupsToCreate = new TreeMap<String, String>(); private final Map<String, String> groupsToCreate = new TreeMap<String, String>();
private final Map<String, Set<String>> personParentAssocsToCreate = newPersonMap(); private final Map<String, Set<String>> personParentAssocsToCreate = newPersonMap();
private final Map<String, Set<String>> personParentAssocsToDelete = newPersonMap(); private final Map<String, Set<String>> personParentAssocsToDelete = newPersonMap();
@@ -1103,6 +1105,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
{ {
PropertyMap groupProperties = group.getProperties(); PropertyMap groupProperties = group.getProperties();
String groupName = (String) groupProperties.get(ContentModel.PROP_AUTHORITY_NAME); String groupName = (String) groupProperties.get(ContentModel.PROP_AUTHORITY_NAME);
nodeDescriptions.put(groupName, group);
String groupDisplayName = (String) groupProperties.get(ContentModel.PROP_AUTHORITY_DISPLAY_NAME); String groupDisplayName = (String) groupProperties.get(ContentModel.PROP_AUTHORITY_DISPLAY_NAME);
if (groupDisplayName == null) if (groupDisplayName == null)
{ {
@@ -1565,9 +1568,11 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
+ groupShortName + "'"); + groupShortName + "'");
} }
// create the group // create the group
Map<QName, Serializable> groupProperties = Optional.ofNullable(Analyzer.this.nodeDescriptions.get(child))
.map(NodeDescription::getProperties)
.orElse(new PropertyMap());
ChainingUserRegistrySynchronizer.this.authorityService.createAuthority( ChainingUserRegistrySynchronizer.this.authorityService.createAuthority(
AuthorityType.getAuthorityType(child), groupShortName, groupDisplayName, AuthorityType.getAuthorityType(child), groupShortName, groupDisplayName, zoneSet, groupProperties);
zoneSet);
} }
else else
{ {

13
repository/src/main/java/org/alfresco/repo/security/sync/UserRegistry.java
View File

@@ -76,4 +76,17 @@ public interface UserRegistry
* @return the person mapped properties * @return the person mapped properties
*/ */
public Set<QName> getPersonMappedProperties(); public Set<QName> getPersonMappedProperties();
/**
* Notifies the user registry that the sync process is about to start.
*
* @param modifiedSince
* if non-null, then only descriptions of groups and users modified since this date should be returned; if <code>null</code> then descriptions of all groups and users should be returned.
* @param syncDelete
* if <code>true</code> then registry will be queried for all users and groups to calculate deleted entities
*/
default void initSync(Date modifiedSince, boolean syncDelete)
{
// default implementation does nothing
}
} }