Source code

001/*
002 * (C) Copyright 2006-2014 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Bogdan Stefanescu
018 */
019package org.nuxeo.ecm.core.api;
020
021import java.io.Serializable;
022import java.security.Principal;
023import java.util.List;
024import java.util.UUID;
025
026import org.nuxeo.runtime.api.Framework;
027import org.nuxeo.runtime.services.config.ConfigurationService;
028
029/**
030 * Class to represent a principal in Nuxeo. This class holds the list of roles and groups for this principal.
031 */
032public interface NuxeoPrincipal extends Principal, Serializable {
033
034    String PREFIX = "user:";
035
036    /**
037     * @since 8.1
038     */
039    String TRANSIENT_USER_PREFIX = "transient/";
040
041    /**
042     * @since 8.1
043     * @deprecated since 10.3.
044     */
045    @Deprecated
046    String TRANSIENT_USER_FORMAT = TRANSIENT_USER_PREFIX + "%s/%s";
047
048    /**
049     * Property that defines if a transient username should be unique no matter what base username is provided, or if a
050     * transient username should be always the same for a given base username.
051     *
052     * @since 10.3
053     */
054    String TRANSIENT_USERNAME_UNIQUE_PROP = "nuxeo.transient.username.unique";
055
056    /**
057     * Gets the first name of this principal.
058     *
059     * @return the first name of this principal
060     */
061    String getFirstName();
062
063    /**
064     * Gets the last name of this principal.
065     *
066     * @return the last name of this principal
067     */
068    String getLastName();
069
070    /**
071     * Gets the password of this principal.
072     * <p>
073     * Note: Some APIs that return principals from the database intentionally do not fill this field
074     *
075     * @return the password of this principal
076     */
077    String getPassword();
078
079    /**
080     * Gets the company name of this principal.
081     *
082     * @return the company name
083     */
084    String getCompany();
085
086    /**
087     * Get the user email if any. Return null if not email was specified
088     *
089     * @return the user email or null if none
090     */
091    String getEmail();
092
093    /**
094     * Gets the groups this principal is directly member of.
095     *
096     * @return the list of the groups
097     */
098    List<String> getGroups();
099
100    /**
101     * Gets the groups this principal directly or undirectly is member of.
102     *
103     * @return the list of the groups
104     */
105    List<String> getAllGroups();
106
107    /**
108     * Recursively test if the user is member of this group.
109     *
110     * @param group The name of the group
111     */
112    boolean isMemberOf(String group);
113
114    /**
115     * Gets the roles for this principal.
116     *
117     * @return the list of the roles
118     */
119    List<String> getRoles();
120
121    void setName(String name);
122
123    void setFirstName(String firstName);
124
125    void setLastName(String lastName);
126
127    void setGroups(List<String> groups);
128
129    void setRoles(List<String> roles);
130
131    void setCompany(String company);
132
133    void setPassword(String password);
134
135    void setEmail(String email);
136
137    /**
138     * Returns a generated id that is unique for each principal instance.
139     *
140     * @return a unique string
141     */
142    String getPrincipalId();
143
144    /**
145     * Sets the principalId.
146     *
147     * @param principalId a new principalId for this instance
148     */
149    void setPrincipalId(String principalId);
150
151    DocumentModel getModel();
152
153    void setModel(DocumentModel model);
154
155    /**
156     * Returns true if the principal is an administrator.
157     * <p>
158     * Security checks still apply on the repository for administrator user. If user is a system user, this method will
159     * return true.
160     *
161     * @return true if the principal is an administrator.
162     */
163    boolean isAdministrator();
164
165    /**
166     * Returns the {@code tenantId} of this {@NuxeoPrincipal}, or {@code null} if there is no {@code tenantId}.
167     *
168     * @since 5.6
169     */
170    String getTenantId();
171
172    /**
173     * Checks if the principal is anonymous (guest user).
174     *
175     * @return true if the principal is anonymous.
176     */
177    boolean isAnonymous();
178
179    /**
180     * Gets the base user from which this principal was created, or {@code null} if this principal was not created from
181     * another user.
182     *
183     * @return the originating user, or {@code null}
184     */
185    String getOriginatingUser();
186
187    /**
188     * Sets the originating user.
189     *
190     * @param originatingUser the originating user
191     */
192    void setOriginatingUser(String originatingUser);
193
194    /**
195     * Gets the acting user for this principal.
196     * <p>
197     * This is the originating user (usually when this principal is a system user), or if there is none this principal's
198     * user.
199     *
200     * @return the acting user
201     * @since 6.0
202     */
203    String getActingUser();
204
205    /**
206     * Returns true if the principal is a transient principal.
207     *
208     * @since 8.1
209     */
210    boolean isTransient();
211
212    /**
213     * Returns true if the given @{code username} is a transient username.
214     *
215     * @since 8.1
216     */
217    static boolean isTransientUsername(String username) {
218        return username != null && username.startsWith(TRANSIENT_USER_PREFIX);
219    }
220
221    /**
222     * Computes a transient username from the given {@code baseUsername}.
223     * <p>
224     * If the configuration property {@value #TRANSIENT_USERNAME_UNIQUE_PROP} is {@code true}, the transient username
225     * will be unique, otherwise it will always be the same for a given {@code baseUsername}.
226     *
227     * @since 8.1
228     */
229    static String computeTransientUsername(String baseUsername) {
230        if (baseUsername != null && !baseUsername.startsWith(TRANSIENT_USER_PREFIX)) {
231            StringBuilder sb = new StringBuilder(TRANSIENT_USER_PREFIX);
232            sb.append(baseUsername);
233            if (Framework.getService(ConfigurationService.class)
234                         .isBooleanPropertyTrue(TRANSIENT_USERNAME_UNIQUE_PROP)) {
235                String uuid = UUID.randomUUID().toString();
236                uuid = uuid.replaceAll("-", "").substring(0, 16);
237                sb.append("/");
238                sb.append(uuid);
239            }
240            return sb.toString();
241        }
242        return baseUsername;
243    }
244
245}