inteligr8/auth-activiti-app-ext
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

minor fixes for group mgmt

Browse Source
This commit is contained in:
Brian Long
2021-08-19 18:54:43 -04:00
parent 03c6e5aaa2
commit 76066f01dd
2 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/main/java/com/inteligr8/activiti/Inteligr8SecurityConfigurationRegistry.java
View File

@@ -4,9 +4,8 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Date;
import java.util.List;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -59,6 +58,12 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
@Value("${keycloak-ext.default.admins.users:#{null}}")
private String adminUserStrs;
@Value("${keycloak-ext.group.admins.name:admins}")
private String adminGroupName;
@Value("${keycloak-ext.group.admins.externalId:aps-admin}")
private String adminGroupExternalId;
@Value("${keycloak-ext.group.admins.validate:false}")
private boolean validateAdministratorsGroup;
@@ -103,12 +108,14 @@ public class Inteligr8SecurityConfigurationRegistry implements AlfrescoSecurityC
return;
Long tenantId = this.findDefaultTenantId();
List<Group> groups = this.groupService.getSystemGroupWithName("Administrators", tenantId);
if (groups.isEmpty())
groups = Arrays.asList(this.groupService.createGroup("Administrators", tenantId, Group.TYPE_SYSTEM_GROUP, null));
Group group = this.groupService.getGroupByExternalId(this.adminGroupExternalId);
if (group == null) {
this.logger.info("Creating '{}' group ...", this.adminGroupName);
group = this.groupService.createGroupFromExternalStore(
this.adminGroupExternalId, tenantId, Group.TYPE_SYSTEM_GROUP, null, this.adminGroupName, new Date());
}
this.logger.info("Validating 'Administrators' group ...");
for (Group group : groups)
this.logger.info("Granting '{}' group all capabilities ...", group.getName());
this.groupService.addCapabilitiesToGroup(group.getId(), Arrays.asList("access-all-models-in-tenant", "access-editor", "access-reports", "publish-app-to-dashboard", "tenant-admin", "tenant-admin-api", "upload-license"));
}

2
src/main/java/com/inteligr8/activiti/keycloak/KeycloakActivitiAppAuthenticator.java
View File

@@ -162,7 +162,7 @@ public class KeycloakActivitiAppAuthenticator extends AbstractKeycloakActivitiAu
// check Activiti groups
User userWithGroups = this.userService.findUserByEmailFetchGroups(user.getEmail());
for (Group group : userWithGroups.getGroups()) {
this.logger.trace("Inspecting group: {} => {}", group.getId(), group.getName());
this.logger.trace("Inspecting group: {} => {} ({})", group.getId(), group.getName(), group.getExternalId());
if (group.getExternalId() == null) {
// skip APS system groups