001/* 002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $ 020 */ 021 022package org.nuxeo.ecm.platform.usermanager; 023 024import java.io.Serializable; 025import java.util.List; 026import java.util.Map; 027import java.util.Set; 028import java.util.regex.Pattern; 029 030import org.nuxeo.ecm.core.api.DocumentModel; 031import org.nuxeo.ecm.core.api.DocumentModelList; 032import org.nuxeo.ecm.core.api.NuxeoGroup; 033import org.nuxeo.ecm.core.api.NuxeoPrincipal; 034import org.nuxeo.ecm.core.api.security.ACP; 035import org.nuxeo.ecm.directory.DirectoryException; 036import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException; 037import org.nuxeo.ecm.platform.usermanager.exceptions.UserAlreadyExistsException; 038import org.nuxeo.runtime.api.login.Authenticator; 039import org.nuxeo.runtime.services.event.EventListener; 040 041/** 042 * @author Anahide Tchertchian 043 * @author Sun Seng David TAN <stan@nuxeo.com> 044 * @author Benjamin Jalon <bjalon@nuxeo.com> 045 */ 046public interface UserManager extends Authenticator, EventListener, Serializable { 047 048 enum MatchType { 049 EXACT, SUBSTRING 050 } 051 052 boolean checkUsernamePassword(String username, String password); 053 054 boolean validatePassword(String password); 055 056 /** 057 * Retrieves the principal with the given username or null if it does not exist. 058 * <p> 059 * Can build principals for anonymous and virtual users as well as for users defined in the users directory. 060 * 061 */ 062 NuxeoPrincipal getPrincipal(String username); 063 064 /** 065 * Returns the nuxeo group with given name or null if it does not exist. 066 * 067 */ 068 NuxeoGroup getGroup(String groupName); 069 070 /** 071 * @deprecated see {@link #searchUsers(String)} 072 */ 073 @Deprecated 074 List<NuxeoPrincipal> searchPrincipals(String pattern); 075 076 /** 077 * Search matching groups through their defined search fields 078 * 079 * @since 5.5 080 */ 081 DocumentModelList searchGroups(String pattern); 082 083 /** 084 * Returns the list of all user ids. 085 * 086 * @since 5.2M4 087 */ 088 List<String> getUserIds(); 089 090 /** 091 * Creates user from given model. 092 * 093 * @since 5.2M4 094 * @throws UserAlreadyExistsException 095 */ 096 DocumentModel createUser(DocumentModel userModel) throws UserAlreadyExistsException; 097 098 /** 099 * Updates user represented by given model. 100 * 101 * @param userModel 102 * @since 5.2M4 103 */ 104 void updateUser(DocumentModel userModel); 105 106 /** 107 * Deletes user represented by given model. 108 * 109 * @since 5.2M4 110 * @throws DirectoryException if given entry does not exist 111 */ 112 void deleteUser(DocumentModel userModel); 113 114 /** 115 * Deletes user with given id. 116 * 117 * @since 5.2M4 118 * @throws DirectoryException if given entry does not exist 119 */ 120 void deleteUser(String userId); 121 122 /** 123 * Returns a bare user model. 124 * <p> 125 * Can be used for user creation/search screens. 126 * 127 * @since 5.2M4 128 */ 129 DocumentModel getBareUserModel(); 130 131 /** 132 * Returns the document model representing user with given id or null if it does not exist. 133 * 134 * @since 5.2M4 135 */ 136 DocumentModel getUserModel(String userName); 137 138 /** 139 * Returns users matching given pattern 140 * <p> 141 * Pattern is used to fill a filter and fulltext map according to users search fields configuration. Search is 142 * performed on each of these fields (OR). 143 * 144 * @since 5.2M4 145 */ 146 DocumentModelList searchUsers(String pattern); 147 148 /** 149 * Returns users matching given criteria. 150 * 151 * @param filter filter with field names as keys 152 * @param fulltext field names used for fulltext match 153 * @since 5.2M4 154 */ 155 DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext); 156 157 String getUserListingMode(); 158 159 String getUserSortField(); 160 161 Pattern getUserPasswordPattern(); 162 163 /** 164 * Returns the list of all groups ids. 165 * 166 * @since 5.2M4 167 */ 168 List<String> getGroupIds(); 169 170 /** 171 * Returns groups matching given criteria. 172 * 173 * @param filter filter with field names as keys 174 * @param fulltext field names used for fulltext match 175 * @since 5.2M4 176 */ 177 DocumentModelList searchGroups(Map<String, Serializable> filter, Set<String> fulltext); 178 179 /** 180 * Creates a group from given model 181 * 182 * @return the created group model 183 * @since 5.2M4 184 * @throws GroupAlreadyExistsException 185 */ 186 DocumentModel createGroup(DocumentModel groupModel) throws GroupAlreadyExistsException; 187 188 /** 189 * Updates group represented by given model. 190 * 191 * @since 5.2M4 192 * @throws DirectoryException if given entry does not exist 193 */ 194 void updateGroup(DocumentModel groupModel); 195 196 /** 197 * Deletes group represented by given model. 198 * 199 * @param groupModel 200 * @since 5.2M4 201 * @throws DirectoryException if given entry does not exist 202 */ 203 void deleteGroup(DocumentModel groupModel); 204 205 /** 206 * Deletes group with given id. 207 * 208 * @param groupId 209 * @since 5.2M4 210 * @throws DirectoryException if given entry does not exist 211 */ 212 void deleteGroup(String groupId); 213 214 /** 215 * Returns a bare group model. 216 * <p> 217 * Can be used for group creation/search screens. 218 * 219 * @since 5.2M4 220 */ 221 DocumentModel getBareGroupModel(); 222 223 /** 224 * Return the group document model with this id or null if group does not exist. 225 * 226 * @param groupName the group identifier 227 * @since 5.2M4 228 */ 229 DocumentModel getGroupModel(String groupName); 230 231 String getDefaultGroup(); 232 233 String getGroupListingMode(); 234 235 /** 236 * Returns the list of groups that belong to this group. 237 * 238 * @param parentId the name of the parent group. 239 * @return 240 */ 241 List<String> getGroupsInGroup(String parentId); 242 243 /** 244 * Returns the list of groups that are not members of other groups. 245 * 246 * @return 247 */ 248 List<String> getTopLevelGroups(); 249 250 /** 251 * Returns the list of users that belong to this group. 252 * 253 * @param groupId ID of the group 254 * @return 255 */ 256 List<String> getUsersInGroup(String groupId); 257 258 /** 259 * Get users from a group and its subgroups. 260 * 261 * @param groupId ID of the group 262 * @return 263 */ 264 List<String> getUsersInGroupAndSubGroups(String groupId); 265 266 /** 267 * Returns true is users referential is read only (ie : LDAP) -> can not add users -> can not delete users. 268 */ 269 Boolean areGroupsReadOnly(); 270 271 /** 272 * Returns true is groups referential is read only (ie : LDAP) -> can not add groups -> can not delete groups. 273 */ 274 Boolean areUsersReadOnly(); 275 276 /** 277 * Gets the user directory name. 278 * 279 * @return the user directory name. 280 */ 281 String getUserDirectoryName(); 282 283 /** 284 * Returns the user directory schema name. 285 * 286 * @since 5.2M4 287 */ 288 String getUserSchemaName(); 289 290 /** 291 * Returns the user directory id field. 292 * 293 * @since 5.2M4 294 */ 295 String getUserIdField(); 296 297 /** 298 * Gets the user email field. 299 * 300 * @return the user email field. 301 */ 302 String getUserEmailField(); 303 304 /** 305 * Gets the user search fields, the fields to use when a principal search is done. 306 * 307 * @return the search fields. 308 */ 309 Set<String> getUserSearchFields(); 310 311 /** 312 * Gets the group search fields. 313 */ 314 Set<String> getGroupSearchFields(); 315 316 /** 317 * Gets the group directory name. 318 * 319 * @return the group directory name. 320 */ 321 String getGroupDirectoryName(); 322 323 /** 324 * Returns the group directory schema name. 325 * 326 * @since 5.2M4 327 */ 328 String getGroupSchemaName(); 329 330 /** 331 * Returns the group directory id field. 332 * 333 * @since 5.2M4 334 */ 335 String getGroupIdField(); 336 337 /** 338 * Returns the group label field. 339 * 340 * @since 5.5 341 */ 342 String getGroupLabelField(); 343 344 /** 345 * Gets the group members field. 346 * 347 * @return the group members field. 348 */ 349 String getGroupMembersField(); 350 351 /** 352 * Gets the group sub-groups field. 353 * 354 * @return the sub-groups field. 355 */ 356 String getGroupSubGroupsField(); 357 358 /** 359 * Gets the group parent-groups field. 360 * 361 * @return the parent-groups field. 362 */ 363 String getGroupParentGroupsField(); 364 365 /** 366 * Gets the anonymous user id. 367 * 368 * @return the anonymous user id, or the default one if none is defined. 369 */ 370 String getAnonymousUserId(); 371 372 /** Gets the Digest Auth directory. */ 373 String getDigestAuthDirectory(); 374 375 /** Gets the Digest Auth realm. */ 376 String getDigestAuthRealm(); 377 378 /** 379 * Sets the given configuration on the service. 380 * 381 * @param descriptor the descriptor as parsed from xml, merged from the previous one if it exists. 382 */ 383 void setConfiguration(UserManagerDescriptor descriptor); 384 385 /** 386 * Returns the list of administrators groups. 387 * 388 * @since 5.3 GA 389 */ 390 List<String> getAdministratorsGroups(); 391 392 // DEPRECATED API 393 394 /** 395 * @deprecated use {@link #getUserModel(String)} 396 */ 397 @Deprecated 398 DocumentModel getModelForUser(String name); 399 400 /** 401 * @deprecated use {@link #getUserIds()} or {@link #searchUsers(null)} 402 */ 403 @Deprecated 404 List<NuxeoPrincipal> getAvailablePrincipals(); 405 406 /** 407 * @deprecated use {@link #createUser(DocumentModel)} 408 */ 409 @Deprecated 410 void createPrincipal(NuxeoPrincipal principal); 411 412 /** 413 * @deprecated use {@link #updateUser(DocumentModel)} 414 */ 415 @Deprecated 416 void updatePrincipal(NuxeoPrincipal principal); 417 418 /** 419 * @deprecated use {@link #deleteUser(DocumentModel)} 420 */ 421 @Deprecated 422 void deletePrincipal(NuxeoPrincipal principal); 423 424 /** 425 * @deprecated use {@link #searchUsers(Map, Set)} 426 */ 427 @Deprecated 428 List<NuxeoPrincipal> searchByMap(Map<String, Serializable> filter, Set<String> pattern); 429 430 /** 431 * @deprecated use {@link #getGroupIds()} or {@link #searchGroups(Map, Set)} 432 */ 433 @Deprecated 434 List<NuxeoGroup> getAvailableGroups(); 435 436 /** 437 * @deprecated use {@link #createGroup(DocumentModel)} 438 */ 439 @Deprecated 440 void createGroup(NuxeoGroup group); 441 442 /** 443 * @deprecated use {@link #deleteGroup(DocumentModel)} 444 */ 445 @Deprecated 446 void deleteGroup(NuxeoGroup group); 447 448 /** 449 * @deprecated use {@link #updateGroup(DocumentModel)} 450 */ 451 @Deprecated 452 void updateGroup(NuxeoGroup group); 453 454 /** 455 * For an ACP, get the list of user that has a permission. This method should be use with care as it can cause 456 * performance issues while getting the list of users. 457 * 458 * @since 5.4.2 459 * @param perm the permission 460 * @param acp The access control policy of the document 461 * @return the list of user ids 462 */ 463 String[] getUsersForPermission(String perm, ACP acp); 464 465}