001/* 002 * (C) Copyright 2006-2014 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Bogdan Stefanescu 018 */ 019package org.nuxeo.ecm.core.api; 020 021import java.io.Serializable; 022import java.security.Principal; 023import java.util.List; 024import java.util.UUID; 025 026/** 027 * Class to represent a principal in Nuxeo. This class holds the list of roles and groups for this principal. 028 */ 029public interface NuxeoPrincipal extends Principal, Serializable { 030 031 String PREFIX = "user:"; 032 033 /** 034 * @since 8.1 035 */ 036 String TRANSIENT_USER_PREFIX = "transient/"; 037 038 /** 039 * @since 8.1 040 */ 041 String TRANSIENT_USER_FORMAT = TRANSIENT_USER_PREFIX + "%s/%s"; 042 043 /** 044 * Gets the first name of this principal. 045 * 046 * @return the first name of this principal 047 */ 048 String getFirstName(); 049 050 /** 051 * Gets the last name of this principal. 052 * 053 * @return the last name of this principal 054 */ 055 String getLastName(); 056 057 /** 058 * Gets the password of this principal. 059 * <p> 060 * Note: Some APIs that return principals from the database intentionally do not fill this field 061 * 062 * @return the password of this principal 063 */ 064 String getPassword(); 065 066 /** 067 * Gets the company name of this principal. 068 * 069 * @return the company name 070 */ 071 String getCompany(); 072 073 /** 074 * Get the user email if any. Return null if not email was specified 075 * 076 * @return the user email or null if none 077 */ 078 String getEmail(); 079 080 /** 081 * Gets the groups this principal is directly member of. 082 * 083 * @return the list of the groups 084 */ 085 List<String> getGroups(); 086 087 /** 088 * Gets the groups this principal directly or undirectly is member of. 089 * 090 * @return the list of the groups 091 */ 092 List<String> getAllGroups(); 093 094 /** 095 * Recursively test if the user is member of this group. 096 * 097 * @param group The name of the group 098 */ 099 boolean isMemberOf(String group); 100 101 /** 102 * Gets the roles for this principal. 103 * 104 * @return the list of the roles 105 */ 106 List<String> getRoles(); 107 108 void setName(String name); 109 110 void setFirstName(String firstName); 111 112 void setLastName(String lastName); 113 114 void setGroups(List<String> groups); 115 116 void setRoles(List<String> roles); 117 118 void setCompany(String company); 119 120 void setPassword(String password); 121 122 void setEmail(String email); 123 124 /** 125 * Returns a generated id that is unique for each principal instance. 126 * 127 * @return a unique string 128 */ 129 String getPrincipalId(); 130 131 /** 132 * Sets the principalId. 133 * 134 * @param principalId a new principalId for this instance 135 */ 136 void setPrincipalId(String principalId); 137 138 DocumentModel getModel(); 139 140 void setModel(DocumentModel model); 141 142 /** 143 * Returns true if the principal is an administrator. 144 * <p> 145 * Security checks still apply on the repository for administrator user. If user is a system user, this method will 146 * return true. 147 * 148 * @return true if the principal is an administrator. 149 */ 150 boolean isAdministrator(); 151 152 /** 153 * Returns the {@code tenantId} of this {@NuxeoPrincipal}, or {@code null} if there is no 154 * {@code tenantId}. 155 * 156 * @since 5.6 157 */ 158 String getTenantId(); 159 160 /** 161 * Checks if the principal is anonymous (guest user). 162 * 163 * @return true if the principal is anonymous. 164 */ 165 boolean isAnonymous(); 166 167 /** 168 * Gets the base user from which this principal was created, or {@code null} if this principal was not created from 169 * another user. 170 * 171 * @return the originating user, or {@code null} 172 */ 173 String getOriginatingUser(); 174 175 /** 176 * Sets the originating user. 177 * 178 * @param originatingUser the originating user 179 */ 180 void setOriginatingUser(String originatingUser); 181 182 /** 183 * Gets the acting user for this principal. 184 * <p> 185 * This is the originating user (usually when this principal is a system user), or if there is none this principal's 186 * user. 187 * 188 * @return the acting user 189 * @since 6.0 190 */ 191 String getActingUser(); 192 193 /** 194 * Returns true if the principal is a transient principal. 195 * 196 * @since 8.1 197 */ 198 boolean isTransient(); 199 200 /** 201 * Returns true if the given @{code username} is a transient username. 202 * 203 * @since 8.1 204 */ 205 static boolean isTransientUsername(String username) { 206 return username != null && username.startsWith(TRANSIENT_USER_PREFIX); 207 } 208 209 /** 210 * Computes a unique transient username from the given {@code baseUsername}. 211 * 212 * @since 8.1 213 */ 214 static String computeTransientUsername(String baseUsername) { 215 if (baseUsername != null && !baseUsername.startsWith(TRANSIENT_USER_PREFIX)) { 216 String uuid = UUID.randomUUID().toString(); 217 uuid = uuid.replaceAll("-", "").substring(0, 16); 218 return String.format(TRANSIENT_USER_FORMAT, baseUsername, uuid); 219 } 220 return baseUsername; 221 } 222 223}