inteligr8/auth-activiti-app-ext
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

minor fixes for group mgmt

Browse Source
This commit is contained in:
Brian Long
2021-08-19 18:54:43 -04:00
parent 03c6e5aaa2
commit 76066f01dd
2 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/main/java/com/inteligr8/activiti/Inteligr8SecurityConfigurationRegistry.java
View File

@@ -4,9 +4,8 @@ import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.Date;
import java.util.List; import java.util.List;
import java.util.Set;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -59,6 +58,12 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
@Value("${keycloak-ext.default.admins.users:#{null}}") @Value("${keycloak-ext.default.admins.users:#{null}}")
private String adminUserStrs; private String adminUserStrs;
@Value("${keycloak-ext.group.admins.name:admins}")
private String adminGroupName;
@Value("${keycloak-ext.group.admins.externalId:aps-admin}")
private String adminGroupExternalId;
@Value("${keycloak-ext.group.admins.validate:false}") @Value("${keycloak-ext.group.admins.validate:false}")
private boolean validateAdministratorsGroup; private boolean validateAdministratorsGroup;
@@ -103,13 +108,15 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
return; return;
Long tenantId = this.findDefaultTenantId(); Long tenantId = this.findDefaultTenantId();
List<Group> groups = this.groupService.getSystemGroupWithName("Administrators", tenantId); Group group = this.groupService.getGroupByExternalId(this.adminGroupExternalId);
if (groups.isEmpty()) if (group == null) {
groups = Arrays.asList(this.groupService.createGroup("Administrators", tenantId, Group.TYPE_SYSTEM_GROUP, null)); this.logger.info("Creating '{}' group ...", this.adminGroupName);
group = this.groupService.createGroupFromExternalStore(
this.adminGroupExternalId, tenantId, Group.TYPE_SYSTEM_GROUP, null, this.adminGroupName, new Date());
}
this.logger.info("Validating 'Administrators' group ..."); this.logger.info("Granting '{}' group all capabilities ...", group.getName());
for (Group group : groups) this.groupService.addCapabilitiesToGroup(group.getId(), Arrays.asList("access-all-models-in-tenant", "access-editor", "access-reports", "publish-app-to-dashboard", "tenant-admin", "tenant-admin-api", "upload-license"));
this.groupService.addCapabilitiesToGroup(group.getId(), Arrays.asList("access-all-models-in-tenant", "access-editor", "access-reports", "publish-app-to-dashboard", "tenant-admin", "tenant-admin-api", "upload-license"));
} }
private void associateAdmins() { private void associateAdmins() {

2
src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java
View File

@@ -162,7 +162,7 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
// check Activiti groups // check Activiti groups
User userWithGroups = this.userService.findUserByEmailFetchGroups(user.getEmail()); User userWithGroups = this.userService.findUserByEmailFetchGroups(user.getEmail());
for (Group group : userWithGroups.getGroups()) { for (Group group : userWithGroups.getGroups()) {
this.logger.trace("Inspecting group: {} => {}", group.getId(), group.getName()); this.logger.trace("Inspecting group: {} => {} ({})", group.getId(), group.getName(), group.getExternalId());
if (group.getExternalId() == null) { if (group.getExternalId() == null) {
// skip APS system groups // skip APS system groups