001/* 002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $ 020 */ 021 022package org.nuxeo.ecm.platform.usermanager; 023 024import java.io.Serializable; 025import java.util.List; 026import java.util.Map; 027import java.util.Set; 028 029import org.nuxeo.ecm.core.api.DocumentModel; 030import org.nuxeo.ecm.core.api.DocumentModelList; 031import org.nuxeo.ecm.core.api.NuxeoPrincipal; 032import org.nuxeo.ecm.core.api.security.ACP; 033import org.nuxeo.ecm.core.query.sql.model.QueryBuilder; 034import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException; 035import org.nuxeo.ecm.platform.usermanager.exceptions.UserAlreadyExistsException; 036 037/** 038 * @author Benjamin Jalon 039 */ 040public interface MultiTenantUserManager extends Serializable { 041 042 /** 043 * Retrieves the principal with the given username or null if it does not exist into the given context document. The 044 * context document must be contained into the tenant 045 * <p> 046 * Can build principals for anonymous and virtual users as well as for users defined in the users directory. 047 * 048 * @since 5.5 049 */ 050 NuxeoPrincipal getPrincipal(String username, DocumentModel context); 051 052 /** 053 * Search matching groups through their defined search fields into the given context document. The context document 054 * must be contained into the tenant. 055 * 056 * @since 5.5 057 */ 058 DocumentModelList searchGroups(String pattern, DocumentModel context); 059 060 /** 061 * Returns groups matching the given query, within the given context. 062 * 063 * @param queryBuilder the query to use, including limit, offset, ordering and countTotal 064 * @param context the context for the tenant, or {@code null} 065 * @since 10.3 066 */ 067 DocumentModelList searchGroups(QueryBuilder queryBuilder, DocumentModel context); 068 069 /** 070 * Returns the list of all user ids into the given context document. The context document must be contained into the 071 * tenant. 072 * 073 * @since 5.5 074 */ 075 List<String> getUserIds(DocumentModel context); 076 077 /** 078 * Creates user from given model into the given context document. The context document must be contained into the 079 * tenant. 080 * 081 * @since 5.5 082 */ 083 DocumentModel createUser(DocumentModel userModel, DocumentModel context) throws 084 UserAlreadyExistsException; 085 086 /** 087 * Updates user represented by given model into the given context document. The context document must be contained 088 * into the tenant. 089 * 090 * @since 5.5 091 */ 092 void updateUser(DocumentModel userModel, DocumentModel context); 093 094 /** 095 * Deletes user represented by given model into the given context document. The context document must be contained 096 * into the tenant. 097 * 098 * @since 5.5 099 */ 100 void deleteUser(DocumentModel userModel, DocumentModel context); 101 102 /** 103 * Deletes user with given id into the given context document. The context document must be contained into the 104 * tenant. 105 * 106 * @since 5.5 107 */ 108 void deleteUser(String userId, DocumentModel context); 109 110 /** 111 * Returns the document model representing user with given id or null if it does not exist into the given context 112 * document. The context document must be contained into the tenant. 113 * 114 * @since 5.5 115 */ 116 DocumentModel getUserModel(String userName, DocumentModel context); 117 118 /** 119 * Returns users matching given pattern with the given context. if the Document Context have a directory local 120 * configuration, the service try to open the directory with directory suffix set into the local configuration 121 * <p> 122 * Pattern is used to fill a filter and fulltext map according to users search fields configuration. Search is 123 * performed on each of these fields (OR). 124 * 125 * @since 5.5 126 */ 127 DocumentModelList searchUsers(String pattern, DocumentModel context); 128 129 /** 130 * Returns users matching the given query, within the given context. 131 * 132 * @param queryBuilder the query to use, including limit, offset, ordering and countTotal 133 * @param context the context for the tenant, or {@code null} 134 * @since 10.3 135 */ 136 DocumentModelList searchUsers(QueryBuilder queryBuilder, DocumentModel context); 137 138 /** 139 * Returns users matching given criteria and with the given context. if the Document Context have a directory local 140 * configuration, the service try to open the user directory with directory suffix set into the local configuration 141 * 142 * @param filter filter with field names as keys 143 * @param fulltext field names used for fulltext match 144 * @since 5.5 145 */ 146 DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context); 147 148 /** 149 * Returns the list of all groups ids with the given context. if the Document Context have a directory local 150 * configuration, the service try to open the user directory with directory suffix set into the local configuration 151 * 152 * @since 5.5 153 */ 154 List<String> getGroupIds(DocumentModel context); 155 156 /** 157 * Returns groups matching given criteria with the given context. if the Document Context have a directory local 158 * configuration, the service try to open the user directory with directory suffix set into the local configuration 159 * 160 * @param filter filter with field names as keys 161 * @param fulltext field names used for fulltext match 162 * @since 5.5 163 */ 164 DocumentModelList searchGroups(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context); 165 166 /** 167 * Creates a group from given model with the given context. If the Document Context have a directory local 168 * configuration, the service will append at the end of the groupname the directory suffix set into the local 169 * configuration of the context document. 170 * 171 * @return the created group model 172 * @since 5.5 173 */ 174 DocumentModel createGroup(DocumentModel groupModel, DocumentModel context) throws 175 GroupAlreadyExistsException; 176 177 /** 178 * Updates group represented by given model with the given context. If the Document Context have a directory local 179 * configuration, the service will append at the end of the groupname the directory suffix set into the local 180 * configuration of the context document. 181 * 182 * @since 5.5 183 */ 184 void updateGroup(DocumentModel groupModel, DocumentModel context); 185 186 /** 187 * Deletes group represented by given model with the given context. If the Document Context have a directory local 188 * configuration, the service will append at the end of the groupname the directory suffix set into the local 189 * configuration of the context document. 190 * 191 * @since 5.5 192 */ 193 void deleteGroup(DocumentModel groupModel, DocumentModel context); 194 195 /** 196 * Deletes group with given id with the given context. If the Document Context have a directory local configuration, 197 * the service will append at the end of the groupname the directory suffix set into the local configuration of the 198 * context document. 199 * 200 * @since 5.5 201 */ 202 void deleteGroup(String groupId, DocumentModel context); 203 204 /** 205 * Return the group document model with this id concatenated with the directory local config (if not null) or null 206 * if group does not exist. 207 * 208 * @param groupName the group identifier 209 * @since 5.5 210 */ 211 DocumentModel getGroupModel(String groupName, DocumentModel context); 212 213 /** 214 * Returns the list of groups that belong to this group with the given context. If the Document Context have a 215 * directory local configuration, the service will append at the end of the groupname the directory suffix set into 216 * the local configuration of the context document. 217 * 218 * @param parentId the name of the parent group. 219 * @since 5.5 220 */ 221 List<String> getGroupsInGroup(String parentId, DocumentModel context); 222 223 /** 224 * Returns the list of groups that are not members of other groups with the given context. 225 * 226 * @since 5.5 227 */ 228 List<String> getTopLevelGroups(DocumentModel context); 229 230 /** 231 * Returns the list of users that belong to this group into the given context 232 * 233 * @param groupId ID of the group 234 * @since 5.5 235 */ 236 List<String> getUsersInGroup(String groupId, DocumentModel context); 237 238 /** 239 * Get users from a group and its subgroups into the given context 240 * 241 * @param groupId ID of the group 242 * @since 5.5 243 */ 244 List<String> getUsersInGroupAndSubGroups(String groupId, DocumentModel context); 245 246 /** 247 * Returns true is users referential is read only (ie : LDAP) -> can not add users -> can not delete users. 248 * 249 * @since 5.5 250 */ 251 Boolean areGroupsReadOnly(); 252 253 /** 254 * Returns true is groups referential is read only (ie : LDAP) -> can not add groups -> can not delete groups. 255 */ 256 Boolean areUsersReadOnly(); 257 258 /** 259 * For an ACP, get the list of user that has a permission into the given context. This method should be use with 260 * care as it can cause performance issues while getting the list of users. 261 * 262 * @since 5.5 263 * @param perm the permission 264 * @param acp The access control policy of the document 265 * @return the list of user ids 266 */ 267 String[] getUsersForPermission(String perm, ACP acp, DocumentModel context); 268 269}