001/* 002 * (C) Copyright 2006-2007 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Nuxeo - initial API and implementation 016 * 017 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $ 018 */ 019 020package org.nuxeo.ecm.platform.usermanager; 021 022import java.io.Serializable; 023import java.util.List; 024import java.util.Map; 025import java.util.Set; 026 027import org.nuxeo.ecm.core.api.DocumentModel; 028import org.nuxeo.ecm.core.api.DocumentModelList; 029import org.nuxeo.ecm.core.api.NuxeoPrincipal; 030import org.nuxeo.ecm.core.api.security.ACP; 031import org.nuxeo.ecm.directory.DirectoryException; 032import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException; 033import org.nuxeo.ecm.platform.usermanager.exceptions.UserAlreadyExistsException; 034 035/** 036 * @author Benjamin Jalon <bjalon@nuxeo.com> 037 */ 038public interface MultiTenantUserManager extends Serializable { 039 040 /** 041 * Retrieves the principal with the given username or null if it does not exist into the given context document. The 042 * context document must be contained into the tenant 043 * <p> 044 * Can build principals for anonymous and virtual users as well as for users defined in the users directory. 045 * 046 * @since 5.5 047 */ 048 NuxeoPrincipal getPrincipal(String username, DocumentModel context); 049 050 /** 051 * Search matching groups through their defined search fields into the given context document. The context document 052 * must be contained into the tenant. 053 * 054 * @since 5.5 055 */ 056 DocumentModelList searchGroups(String pattern, DocumentModel context); 057 058 /** 059 * Returns the list of all user ids into the given context document. The context document must be contained into the 060 * tenant. 061 * 062 * @since 5.5 063 */ 064 List<String> getUserIds(DocumentModel context); 065 066 /** 067 * Creates user from given model into the given context document. The context document must be contained into the 068 * tenant. 069 * 070 * @since 5.5 071 * @throws UserAlreadyExistsException 072 */ 073 DocumentModel createUser(DocumentModel userModel, DocumentModel context) throws 074 UserAlreadyExistsException; 075 076 /** 077 * Updates user represented by given model into the given context document. The context document must be contained 078 * into the tenant. 079 * 080 * @param userModel 081 * @since 5.5 082 */ 083 void updateUser(DocumentModel userModel, DocumentModel context); 084 085 /** 086 * Deletes user represented by given model into the given context document. The context document must be contained 087 * into the tenant. 088 * 089 * @since 5.5 090 * @throws DirectoryException if given entry does not exist 091 */ 092 void deleteUser(DocumentModel userModel, DocumentModel context); 093 094 /** 095 * Deletes user with given id into the given context document. The context document must be contained into the 096 * tenant. 097 * 098 * @since 5.5 099 * @throws DirectoryException if given entry does not exist 100 */ 101 void deleteUser(String userId, DocumentModel context); 102 103 /** 104 * Returns the document model representing user with given id or null if it does not exist into the given context 105 * document. The context document must be contained into the tenant. 106 * 107 * @since 5.5 108 */ 109 DocumentModel getUserModel(String userName, DocumentModel context); 110 111 /** 112 * Returns users matching given pattern with the given context. if the Document Context have a directory local 113 * configuration, the service try to open the directory with directory suffix set into the local configuration 114 * <p> 115 * Pattern is used to fill a filter and fulltext map according to users search fields configuration. Search is 116 * performed on each of these fields (OR). 117 * 118 * @since 5.5 119 */ 120 DocumentModelList searchUsers(String pattern, DocumentModel context); 121 122 /** 123 * Returns users matching given criteria and with the given context. if the Document Context have a directory local 124 * configuration, the service try to open the user directory with directory suffix set into the local configuration 125 * 126 * @param filter filter with field names as keys 127 * @param fulltext field names used for fulltext match 128 * @param context 129 * @since 5.5 130 */ 131 DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context); 132 133 /** 134 * Returns the list of all groups ids with the given context. if the Document Context have a directory local 135 * configuration, the service try to open the user directory with directory suffix set into the local configuration 136 * 137 * @since 5.5 138 */ 139 List<String> getGroupIds(DocumentModel context); 140 141 /** 142 * Returns groups matching given criteria with the given context. if the Document Context have a directory local 143 * configuration, the service try to open the user directory with directory suffix set into the local configuration 144 * 145 * @param filter filter with field names as keys 146 * @param fulltext field names used for fulltext match 147 * @param context 148 * @since 5.5 149 */ 150 DocumentModelList searchGroups(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context); 151 152 /** 153 * Creates a group from given model with the given context. If the Document Context have a directory local 154 * configuration, the service will append at the end of the groupname the directory suffix set into the local 155 * configuration of the context document. 156 * 157 * @return the created group model 158 * @since 5.5 159 * @throws GroupAlreadyExistsException 160 */ 161 DocumentModel createGroup(DocumentModel groupModel, DocumentModel context) throws 162 GroupAlreadyExistsException; 163 164 /** 165 * Updates group represented by given model with the given context. If the Document Context have a directory local 166 * configuration, the service will append at the end of the groupname the directory suffix set into the local 167 * configuration of the context document. 168 * 169 * @since 5.5 170 * @throws DirectoryException if given entry does not exist 171 */ 172 void updateGroup(DocumentModel groupModel, DocumentModel context); 173 174 /** 175 * Deletes group represented by given model with the given context. If the Document Context have a directory local 176 * configuration, the service will append at the end of the groupname the directory suffix set into the local 177 * configuration of the context document. 178 * 179 * @param groupModel 180 * @since 5.5 181 * @throws DirectoryException if given entry does not exist 182 */ 183 void deleteGroup(DocumentModel groupModel, DocumentModel context); 184 185 /** 186 * Deletes group with given id with the given context. If the Document Context have a directory local configuration, 187 * the service will append at the end of the groupname the directory suffix set into the local configuration of the 188 * context document. 189 * 190 * @param groupId 191 * @since 5.5 192 * @throws DirectoryException if given entry does not exist 193 */ 194 void deleteGroup(String groupId, DocumentModel context); 195 196 /** 197 * Return the group document model with this id concatenated with the directory local config (if not null) or null 198 * if group does not exist. 199 * 200 * @param groupName the group identifier 201 * @since 5.5 202 */ 203 DocumentModel getGroupModel(String groupName, DocumentModel context); 204 205 /** 206 * Returns the list of groups that belong to this group with the given context. If the Document Context have a 207 * directory local configuration, the service will append at the end of the groupname the directory suffix set into 208 * the local configuration of the context document. 209 * 210 * @param parentId the name of the parent group. 211 * @return 212 * @since 5.5 213 */ 214 List<String> getGroupsInGroup(String parentId, DocumentModel context); 215 216 /** 217 * Returns the list of groups that are not members of other groups with the given context. 218 * 219 * @return 220 * @since 5.5 221 */ 222 List<String> getTopLevelGroups(DocumentModel context); 223 224 /** 225 * Returns the list of users that belong to this group into the given context 226 * 227 * @param groupId ID of the group 228 * @return 229 * @since 5.5 230 */ 231 List<String> getUsersInGroup(String groupId, DocumentModel context); 232 233 /** 234 * Get users from a group and its subgroups into the given context 235 * 236 * @param groupId ID of the group 237 * @return 238 * @since 5.5 239 */ 240 List<String> getUsersInGroupAndSubGroups(String groupId, DocumentModel context); 241 242 /** 243 * Returns true is users referential is read only (ie : LDAP) -> can not add users -> can not delete users. 244 * 245 * @since 5.5 246 */ 247 Boolean areGroupsReadOnly(); 248 249 /** 250 * Returns true is groups referential is read only (ie : LDAP) -> can not add groups -> can not delete groups. 251 */ 252 Boolean areUsersReadOnly(); 253 254 /** 255 * For an ACP, get the list of user that has a permission into the given context. This method should be use with 256 * care as it can cause performance issues while getting the list of users. 257 * 258 * @since 5.5 259 * @param perm the permission 260 * @param acp The access control policy of the document 261 * @return the list of user ids 262 */ 263 String[] getUsersForPermission(String perm, ACP acp, DocumentModel context); 264 265}