001/* 002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $ 020 */ 021 022package org.nuxeo.ecm.platform.usermanager; 023 024import java.io.Serializable; 025import java.util.List; 026import java.util.Map; 027import java.util.Set; 028import java.util.regex.Pattern; 029 030import org.nuxeo.ecm.core.api.DocumentModel; 031import org.nuxeo.ecm.core.api.DocumentModelList; 032import org.nuxeo.ecm.core.api.NuxeoGroup; 033import org.nuxeo.ecm.core.api.NuxeoPrincipal; 034import org.nuxeo.ecm.core.api.security.ACP; 035import org.nuxeo.ecm.directory.DirectoryException; 036import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException; 037import org.nuxeo.ecm.platform.usermanager.exceptions.UserAlreadyExistsException; 038import org.nuxeo.runtime.api.login.Authenticator; 039import org.nuxeo.runtime.services.event.EventListener; 040 041/** 042 * @author Anahide Tchertchian 043 * @author Sun Seng David TAN <stan@nuxeo.com> 044 * @author Benjamin Jalon <bjalon@nuxeo.com> 045 */ 046public interface UserManager extends Authenticator, EventListener, Serializable { 047 048 enum MatchType { 049 EXACT, SUBSTRING 050 } 051 052 boolean checkUsernamePassword(String username, String password); 053 054 boolean validatePassword(String password); 055 056 /** 057 * Update a new password according to the given old password to the given user. 058 * 059 * @since 8.2 060 * @param username The username. 061 * @param oldPassword The old password of the given user. 062 * @param newPassword The new password to set for this given user. 063 */ 064 void updatePassword(String username, String oldPassword, String newPassword); 065 066 /** 067 * Retrieves the principal with the given username or null if it does not exist. 068 * <p> 069 * Can build principals for anonymous and virtual users as well as for users defined in the users directory. 070 * 071 */ 072 NuxeoPrincipal getPrincipal(String username); 073 074 /** 075 * Returns the nuxeo group with given name or null if it does not exist. 076 * 077 */ 078 NuxeoGroup getGroup(String groupName); 079 080 /** 081 * @deprecated see {@link #searchUsers(String)} 082 */ 083 @Deprecated 084 List<NuxeoPrincipal> searchPrincipals(String pattern); 085 086 /** 087 * Search matching groups through their defined search fields 088 * 089 * @since 5.5 090 */ 091 DocumentModelList searchGroups(String pattern); 092 093 /** 094 * Returns the list of all user ids. 095 * 096 * @since 5.2M4 097 */ 098 List<String> getUserIds(); 099 100 /** 101 * Creates user from given model. 102 * 103 * @since 5.2M4 104 * @throws UserAlreadyExistsException 105 */ 106 DocumentModel createUser(DocumentModel userModel) throws UserAlreadyExistsException; 107 108 /** 109 * Updates user represented by given model. 110 * 111 * @param userModel 112 * @since 5.2M4 113 */ 114 void updateUser(DocumentModel userModel); 115 116 /** 117 * Deletes user represented by given model. 118 * 119 * @since 5.2M4 120 * @throws DirectoryException if given entry does not exist 121 */ 122 void deleteUser(DocumentModel userModel); 123 124 /** 125 * Deletes user with given id. 126 * 127 * @since 5.2M4 128 * @throws DirectoryException if given entry does not exist 129 */ 130 void deleteUser(String userId); 131 132 /** 133 * Returns a bare user model. 134 * <p> 135 * Can be used for user creation/search screens. 136 * 137 * @since 5.2M4 138 */ 139 DocumentModel getBareUserModel(); 140 141 /** 142 * Returns the document model representing user with given id or null if it does not exist. 143 * 144 * @since 5.2M4 145 */ 146 DocumentModel getUserModel(String userName); 147 148 /** 149 * Returns users matching given pattern 150 * <p> 151 * Pattern is used to fill a filter and fulltext map according to users search fields configuration. Search is 152 * performed on each of these fields (OR). 153 * 154 * @since 5.2M4 155 */ 156 DocumentModelList searchUsers(String pattern); 157 158 /** 159 * Returns users matching given criteria. 160 * 161 * @param filter filter with field names as keys 162 * @param fulltext field names used for fulltext match 163 * @since 5.2M4 164 */ 165 DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext); 166 167 String getUserListingMode(); 168 169 String getUserSortField(); 170 171 Pattern getUserPasswordPattern(); 172 173 /** 174 * Returns the list of all groups ids. 175 * 176 * @since 5.2M4 177 */ 178 List<String> getGroupIds(); 179 180 /** 181 * Returns groups matching given criteria. 182 * 183 * @param filter filter with field names as keys 184 * @param fulltext field names used for fulltext match 185 * @since 5.2M4 186 */ 187 DocumentModelList searchGroups(Map<String, Serializable> filter, Set<String> fulltext); 188 189 /** 190 * Creates a group from given model 191 * 192 * @return the created group model 193 * @since 5.2M4 194 * @throws GroupAlreadyExistsException 195 */ 196 DocumentModel createGroup(DocumentModel groupModel) throws GroupAlreadyExistsException; 197 198 /** 199 * Updates group represented by given model. 200 * 201 * @since 5.2M4 202 * @throws DirectoryException if given entry does not exist 203 */ 204 void updateGroup(DocumentModel groupModel); 205 206 /** 207 * Deletes group represented by given model. 208 * 209 * @param groupModel 210 * @since 5.2M4 211 * @throws DirectoryException if given entry does not exist 212 */ 213 void deleteGroup(DocumentModel groupModel); 214 215 /** 216 * Deletes group with given id. 217 * 218 * @param groupId 219 * @since 5.2M4 220 * @throws DirectoryException if given entry does not exist 221 */ 222 void deleteGroup(String groupId); 223 224 /** 225 * Returns a bare group model. 226 * <p> 227 * Can be used for group creation/search screens. 228 * 229 * @since 5.2M4 230 */ 231 DocumentModel getBareGroupModel(); 232 233 /** 234 * Return the group document model with this id or null if group does not exist. 235 * 236 * @param groupName the group identifier 237 * @since 5.2M4 238 */ 239 DocumentModel getGroupModel(String groupName); 240 241 String getDefaultGroup(); 242 243 String getGroupListingMode(); 244 245 /** 246 * Returns the list of groups that belong to this group. 247 * 248 * @param parentId the name of the parent group. 249 * @return 250 */ 251 List<String> getGroupsInGroup(String parentId); 252 253 /** 254 * Returns the list of groups that are not members of other groups. 255 * 256 * @return 257 */ 258 List<String> getTopLevelGroups(); 259 260 /** 261 * Returns the list of users that belong to this group. 262 * 263 * @param groupId ID of the group 264 * @return 265 */ 266 List<String> getUsersInGroup(String groupId); 267 268 /** 269 * Get users from a group and its subgroups. 270 * 271 * @param groupId ID of the group 272 * @return 273 */ 274 List<String> getUsersInGroupAndSubGroups(String groupId); 275 276 /** 277 * Returns true is users referential is read only (ie : LDAP) -> can not add users -> can not delete users. 278 */ 279 Boolean areGroupsReadOnly(); 280 281 /** 282 * Returns true is groups referential is read only (ie : LDAP) -> can not add groups -> can not delete groups. 283 */ 284 Boolean areUsersReadOnly(); 285 286 /** 287 * Gets the user directory name. 288 * 289 * @return the user directory name. 290 */ 291 String getUserDirectoryName(); 292 293 /** 294 * Returns the user directory schema name. 295 * 296 * @since 5.2M4 297 */ 298 String getUserSchemaName(); 299 300 /** 301 * Returns the user directory id field. 302 * 303 * @since 5.2M4 304 */ 305 String getUserIdField(); 306 307 /** 308 * Gets the user email field. 309 * 310 * @return the user email field. 311 */ 312 String getUserEmailField(); 313 314 /** 315 * Gets the user search fields, the fields to use when a principal search is done. 316 * 317 * @return the search fields. 318 */ 319 Set<String> getUserSearchFields(); 320 321 /** 322 * Gets the group search fields. 323 */ 324 Set<String> getGroupSearchFields(); 325 326 /** 327 * Gets the group directory name. 328 * 329 * @return the group directory name. 330 */ 331 String getGroupDirectoryName(); 332 333 /** 334 * Returns the group directory schema name. 335 * 336 * @since 5.2M4 337 */ 338 String getGroupSchemaName(); 339 340 /** 341 * Returns the group directory id field. 342 * 343 * @since 5.2M4 344 */ 345 String getGroupIdField(); 346 347 /** 348 * Returns the group label field. 349 * 350 * @since 5.5 351 */ 352 String getGroupLabelField(); 353 354 /** 355 * Gets the group members field. 356 * 357 * @return the group members field. 358 */ 359 String getGroupMembersField(); 360 361 /** 362 * Gets the group sub-groups field. 363 * 364 * @return the sub-groups field. 365 */ 366 String getGroupSubGroupsField(); 367 368 /** 369 * Gets the group parent-groups field. 370 * 371 * @return the parent-groups field. 372 */ 373 String getGroupParentGroupsField(); 374 375 /** 376 * Gets the anonymous user id. 377 * 378 * @return the anonymous user id, or the default one if none is defined. 379 */ 380 String getAnonymousUserId(); 381 382 /** Gets the Digest Auth directory. */ 383 String getDigestAuthDirectory(); 384 385 /** Gets the Digest Auth realm. */ 386 String getDigestAuthRealm(); 387 388 /** 389 * Sets the given configuration on the service. 390 * 391 * @param descriptor the descriptor as parsed from xml, merged from the previous one if it exists. 392 */ 393 void setConfiguration(UserManagerDescriptor descriptor); 394 395 /** 396 * Returns the list of administrators groups. 397 * 398 * @since 5.3 GA 399 */ 400 List<String> getAdministratorsGroups(); 401 402 // DEPRECATED API 403 404 /** 405 * @deprecated use {@link #getUserModel(String)} 406 */ 407 @Deprecated 408 DocumentModel getModelForUser(String name); 409 410 /** 411 * @deprecated use {@link #getUserIds()} or {@link #searchUsers(null)} 412 */ 413 @Deprecated 414 List<NuxeoPrincipal> getAvailablePrincipals(); 415 416 /** 417 * @deprecated use {@link #createUser(DocumentModel)} 418 */ 419 @Deprecated 420 void createPrincipal(NuxeoPrincipal principal); 421 422 /** 423 * @deprecated use {@link #updateUser(DocumentModel)} 424 */ 425 @Deprecated 426 void updatePrincipal(NuxeoPrincipal principal); 427 428 /** 429 * @deprecated use {@link #deleteUser(DocumentModel)} 430 */ 431 @Deprecated 432 void deletePrincipal(NuxeoPrincipal principal); 433 434 /** 435 * @deprecated use {@link #searchUsers(Map, Set)} 436 */ 437 @Deprecated 438 List<NuxeoPrincipal> searchByMap(Map<String, Serializable> filter, Set<String> pattern); 439 440 /** 441 * @deprecated use {@link #getGroupIds()} or {@link #searchGroups(Map, Set)} 442 */ 443 @Deprecated 444 List<NuxeoGroup> getAvailableGroups(); 445 446 /** 447 * @deprecated use {@link #createGroup(DocumentModel)} 448 */ 449 @Deprecated 450 void createGroup(NuxeoGroup group); 451 452 /** 453 * @deprecated use {@link #deleteGroup(DocumentModel)} 454 */ 455 @Deprecated 456 void deleteGroup(NuxeoGroup group); 457 458 /** 459 * @deprecated use {@link #updateGroup(DocumentModel)} 460 */ 461 @Deprecated 462 void updateGroup(NuxeoGroup group); 463 464 /** 465 * For an ACP, get the list of user that has a permission. This method should be use with care as it can cause 466 * performance issues while getting the list of users. 467 * 468 * @since 5.4.2 469 * @param perm the permission 470 * @param acp The access control policy of the document 471 * @return the list of user ids 472 */ 473 String[] getUsersForPermission(String perm, ACP acp); 474 475}