inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feature/acs 9456 SCIM user sync (#3324)

Browse Source
This commit is contained in:
jakubkochman
2025-05-15 10:55:09 +02:00
committed by GitHub
parent 193cb9b30d
commit 9ca251edba
5 changed files with 42 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packaging/tests/scripts/start-compose.sh
View File

@@ -49,5 +49,6 @@ then
echo "Docker Compose started ok"
else
echo "Docker Compose failed to start" >&2
docker compose ${DOCKER_COMPOSES} logs --tail 200
exit 1
fi
fi

5
repository/src/main/java/org/alfresco/repo/security/authority/AuthorityDAO.java
View File

@@ -248,4 +248,9 @@ public interface AuthorityDAO
* Remove an authority from zones.
*/
public void removeAuthorityFromZones(String authorityName, Set<String> zones);
/**
* @return Returns the authority container, <b>which must exist</b>
*/
NodeRef getAuthorityContainer();
}

3
repository/src/main/java/org/alfresco/repo/security/authority/AuthorityDAOImpl.java
View File

@@ -1360,7 +1360,8 @@ public class AuthorityDAOImpl implements AuthorityDAO, NodeServicePolicies.Befor
/**
* @return Returns the authority container, <b>which must exist</b>
*/
private NodeRef getAuthorityContainer()
@Override
public NodeRef getAuthorityContainer()
{
return getSystemContainer(qnameAssocAuthorities);
}

11
repository/src/main/java/org/alfresco/repo/security/sync/ChainingUserRegistrySynchronizer.java
View File

@@ -411,6 +411,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
Date groupLastModified = groupLastModifiedMillis == -1 ? null : new Date(groupLastModifiedMillis);
Date personLastModified = personLastModifiedMillis == -1 ? null : new Date(personLastModifiedMillis);
plugin.initSync(groupLastModified, syncDelete);
ret.setGroups(plugin.getGroupNames());
ret.setUsers(plugin.getPersonNames());
@@ -918,7 +919,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
: getMostRecentUpdateTime(
ChainingUserRegistrySynchronizer.GROUP_LAST_MODIFIED_ATTRIBUTE, zoneId, splitTxns);
Date lastModified = lastModifiedMillis == -1 ? null : new Date(lastModifiedMillis);
userRegistry.initSync(lastModified, syncDelete);
if (ChainingUserRegistrySynchronizer.logger.isInfoEnabled())
{
if (lastModified == null)
@@ -945,6 +946,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
this.loggingInterval);
class Analyzer extends BaseBatchProcessWorker<NodeDescription>
{
private final Map<String, NodeDescription> nodeDescriptions = new HashMap<>();
private final Map<String, String> groupsToCreate = new TreeMap<String, String>();
private final Map<String, Set<String>> personParentAssocsToCreate = newPersonMap();
private final Map<String, Set<String>> personParentAssocsToDelete = newPersonMap();
@@ -1103,6 +1105,7 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
{
PropertyMap groupProperties = group.getProperties();
String groupName = (String) groupProperties.get(ContentModel.PROP_AUTHORITY_NAME);
nodeDescriptions.put(groupName, group);
String groupDisplayName = (String) groupProperties.get(ContentModel.PROP_AUTHORITY_DISPLAY_NAME);
if (groupDisplayName == null)
{
@@ -1565,9 +1568,11 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
+ groupShortName + "'");
}
// create the group
Map<QName, Serializable> groupProperties = Optional.ofNullable(Analyzer.this.nodeDescriptions.get(child))
.map(NodeDescription::getProperties)
.orElse(new PropertyMap());
ChainingUserRegistrySynchronizer.this.authorityService.createAuthority(
AuthorityType.getAuthorityType(child), groupShortName, groupDisplayName,
zoneSet);
AuthorityType.getAuthorityType(child), groupShortName, groupDisplayName, zoneSet, groupProperties);
}
else
{

37
repository/src/main/java/org/alfresco/repo/security/sync/UserRegistry.java
View File

@@ -4,21 +4,21 @@
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
@@ -33,14 +33,14 @@ import org.alfresco.service.namespace.QName;
/**
* A <code>UserRegistry</code> is an encapsulation of an external registry from which user and group information can be queried (typically an LDAP directory). Implementations may optional support the ability to query only those users and groups modified since a certain time.
*
*
* @author dward
*/
public interface UserRegistry
{
/**
* Gets descriptions of all the persons (users) in the user registry or all those changed since a certain date.
*
*
* @param modifiedSince
* if non-null, then only descriptions of users modified since this date should be returned; if <code>null</code> then descriptions of all users should be returned.
* @return a {@link Collection} of {@link NodeDescription}s of all the persons (users) in the user registry or all those changed since a certain date. The description properties should correspond to those of an Alfresco person node.
@@ -49,7 +49,7 @@ public interface UserRegistry
/**
* Gets descriptions of all the groups in the user registry or all those changed since a certain date.
*
*
* @param modifiedSince
* if non-null, then only descriptions of groups modified since this date should be returned; if <code>null</code> then descriptions of all groups should be returned.
* @return a {@link Collection} of {@link NodeDescription}s of all the groups in the user registry or all those changed since a certain date. The description properties should correspond to those of an Alfresco authority node.
@@ -58,22 +58,35 @@ public interface UserRegistry
/**
* Gets the names of all persons in the registry. Used to detect local persons to be deleted. Note that the treatment of these names will depend on Alfresco's username case-sensitivity setting.
*
*
* @return the person names
*/
public Collection<String> getPersonNames();
/**
* Gets the names of all groups in the registry. Used to detect local groups to be deleted.
*
*
* @return the person names
*/
public Collection<String> getGroupNames();
/**
* Gets the set of property names that are auto-mapped by this user registry. These should remain read-only for this registry's users in the UI.
*
*
* @return the person mapped properties
*/
public Set<QName> getPersonMappedProperties();
/**
* Notifies the user registry that the sync process is about to start.
*
* @param modifiedSince
* if non-null, then only descriptions of groups and users modified since this date should be returned; if <code>null</code> then descriptions of all groups and users should be returned.
* @param syncDelete
* if <code>true</code> then registry will be queried for all users and groups to calculate deleted entities
*/
default void initSync(Date modifiedSince, boolean syncDelete)
{
// default implementation does nothing
}
}