001/* 002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $ 020 */ 021 022package org.nuxeo.ecm.platform.usermanager; 023 024import java.io.Serializable; 025import java.util.List; 026import java.util.Map; 027import java.util.Set; 028 029import org.nuxeo.ecm.core.api.DocumentModel; 030import org.nuxeo.ecm.core.api.DocumentModelList; 031import org.nuxeo.ecm.core.api.NuxeoPrincipal; 032import org.nuxeo.ecm.core.api.security.ACP; 033import org.nuxeo.ecm.directory.DirectoryException; 034import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException; 035import org.nuxeo.ecm.platform.usermanager.exceptions.UserAlreadyExistsException; 036 037/** 038 * @author Benjamin Jalon <bjalon@nuxeo.com> 039 */ 040public interface MultiTenantUserManager extends Serializable { 041 042 /** 043 * Retrieves the principal with the given username or null if it does not exist into the given context document. The 044 * context document must be contained into the tenant 045 * <p> 046 * Can build principals for anonymous and virtual users as well as for users defined in the users directory. 047 * 048 * @since 5.5 049 */ 050 NuxeoPrincipal getPrincipal(String username, DocumentModel context); 051 052 /** 053 * Search matching groups through their defined search fields into the given context document. The context document 054 * must be contained into the tenant. 055 * 056 * @since 5.5 057 */ 058 DocumentModelList searchGroups(String pattern, DocumentModel context); 059 060 /** 061 * Returns the list of all user ids into the given context document. The context document must be contained into the 062 * tenant. 063 * 064 * @since 5.5 065 */ 066 List<String> getUserIds(DocumentModel context); 067 068 /** 069 * Creates user from given model into the given context document. The context document must be contained into the 070 * tenant. 071 * 072 * @since 5.5 073 * @throws UserAlreadyExistsException 074 */ 075 DocumentModel createUser(DocumentModel userModel, DocumentModel context) throws 076 UserAlreadyExistsException; 077 078 /** 079 * Updates user represented by given model into the given context document. The context document must be contained 080 * into the tenant. 081 * 082 * @param userModel 083 * @since 5.5 084 */ 085 void updateUser(DocumentModel userModel, DocumentModel context); 086 087 /** 088 * Deletes user represented by given model into the given context document. The context document must be contained 089 * into the tenant. 090 * 091 * @since 5.5 092 * @throws DirectoryException if given entry does not exist 093 */ 094 void deleteUser(DocumentModel userModel, DocumentModel context); 095 096 /** 097 * Deletes user with given id into the given context document. The context document must be contained into the 098 * tenant. 099 * 100 * @since 5.5 101 * @throws DirectoryException if given entry does not exist 102 */ 103 void deleteUser(String userId, DocumentModel context); 104 105 /** 106 * Returns the document model representing user with given id or null if it does not exist into the given context 107 * document. The context document must be contained into the tenant. 108 * 109 * @since 5.5 110 */ 111 DocumentModel getUserModel(String userName, DocumentModel context); 112 113 /** 114 * Returns users matching given pattern with the given context. if the Document Context have a directory local 115 * configuration, the service try to open the directory with directory suffix set into the local configuration 116 * <p> 117 * Pattern is used to fill a filter and fulltext map according to users search fields configuration. Search is 118 * performed on each of these fields (OR). 119 * 120 * @since 5.5 121 */ 122 DocumentModelList searchUsers(String pattern, DocumentModel context); 123 124 /** 125 * Returns users matching given criteria and with the given context. if the Document Context have a directory local 126 * configuration, the service try to open the user directory with directory suffix set into the local configuration 127 * 128 * @param filter filter with field names as keys 129 * @param fulltext field names used for fulltext match 130 * @param context 131 * @since 5.5 132 */ 133 DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context); 134 135 /** 136 * Returns the list of all groups ids with the given context. if the Document Context have a directory local 137 * configuration, the service try to open the user directory with directory suffix set into the local configuration 138 * 139 * @since 5.5 140 */ 141 List<String> getGroupIds(DocumentModel context); 142 143 /** 144 * Returns groups matching given criteria with the given context. if the Document Context have a directory local 145 * configuration, the service try to open the user directory with directory suffix set into the local configuration 146 * 147 * @param filter filter with field names as keys 148 * @param fulltext field names used for fulltext match 149 * @param context 150 * @since 5.5 151 */ 152 DocumentModelList searchGroups(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context); 153 154 /** 155 * Creates a group from given model with the given context. If the Document Context have a directory local 156 * configuration, the service will append at the end of the groupname the directory suffix set into the local 157 * configuration of the context document. 158 * 159 * @return the created group model 160 * @since 5.5 161 * @throws GroupAlreadyExistsException 162 */ 163 DocumentModel createGroup(DocumentModel groupModel, DocumentModel context) throws 164 GroupAlreadyExistsException; 165 166 /** 167 * Updates group represented by given model with the given context. If the Document Context have a directory local 168 * configuration, the service will append at the end of the groupname the directory suffix set into the local 169 * configuration of the context document. 170 * 171 * @since 5.5 172 * @throws DirectoryException if given entry does not exist 173 */ 174 void updateGroup(DocumentModel groupModel, DocumentModel context); 175 176 /** 177 * Deletes group represented by given model with the given context. If the Document Context have a directory local 178 * configuration, the service will append at the end of the groupname the directory suffix set into the local 179 * configuration of the context document. 180 * 181 * @param groupModel 182 * @since 5.5 183 * @throws DirectoryException if given entry does not exist 184 */ 185 void deleteGroup(DocumentModel groupModel, DocumentModel context); 186 187 /** 188 * Deletes group with given id with the given context. If the Document Context have a directory local configuration, 189 * the service will append at the end of the groupname the directory suffix set into the local configuration of the 190 * context document. 191 * 192 * @param groupId 193 * @since 5.5 194 * @throws DirectoryException if given entry does not exist 195 */ 196 void deleteGroup(String groupId, DocumentModel context); 197 198 /** 199 * Return the group document model with this id concatenated with the directory local config (if not null) or null 200 * if group does not exist. 201 * 202 * @param groupName the group identifier 203 * @since 5.5 204 */ 205 DocumentModel getGroupModel(String groupName, DocumentModel context); 206 207 /** 208 * Returns the list of groups that belong to this group with the given context. If the Document Context have a 209 * directory local configuration, the service will append at the end of the groupname the directory suffix set into 210 * the local configuration of the context document. 211 * 212 * @param parentId the name of the parent group. 213 * @return 214 * @since 5.5 215 */ 216 List<String> getGroupsInGroup(String parentId, DocumentModel context); 217 218 /** 219 * Returns the list of groups that are not members of other groups with the given context. 220 * 221 * @return 222 * @since 5.5 223 */ 224 List<String> getTopLevelGroups(DocumentModel context); 225 226 /** 227 * Returns the list of users that belong to this group into the given context 228 * 229 * @param groupId ID of the group 230 * @return 231 * @since 5.5 232 */ 233 List<String> getUsersInGroup(String groupId, DocumentModel context); 234 235 /** 236 * Get users from a group and its subgroups into the given context 237 * 238 * @param groupId ID of the group 239 * @return 240 * @since 5.5 241 */ 242 List<String> getUsersInGroupAndSubGroups(String groupId, DocumentModel context); 243 244 /** 245 * Returns true is users referential is read only (ie : LDAP) -> can not add users -> can not delete users. 246 * 247 * @since 5.5 248 */ 249 Boolean areGroupsReadOnly(); 250 251 /** 252 * Returns true is groups referential is read only (ie : LDAP) -> can not add groups -> can not delete groups. 253 */ 254 Boolean areUsersReadOnly(); 255 256 /** 257 * For an ACP, get the list of user that has a permission into the given context. This method should be use with 258 * care as it can cause performance issues while getting the list of users. 259 * 260 * @since 5.5 261 * @param perm the permission 262 * @param acp The access control policy of the document 263 * @return the list of user ids 264 */ 265 String[] getUsersForPermission(String perm, ACP acp, DocumentModel context); 266 267}