001/*
002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 *
019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $
020 */
021
022package org.nuxeo.ecm.platform.usermanager;
023
024import java.io.Serializable;
025import java.util.List;
026import java.util.Map;
027import java.util.Set;
028
029import org.nuxeo.ecm.core.api.DocumentModel;
030import org.nuxeo.ecm.core.api.DocumentModelList;
031import org.nuxeo.ecm.core.api.NuxeoPrincipal;
032import org.nuxeo.ecm.core.api.security.ACP;
033import org.nuxeo.ecm.core.query.sql.model.QueryBuilder;
034import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException;
035import org.nuxeo.ecm.platform.usermanager.exceptions.UserAlreadyExistsException;
036
037/**
038 * @author Benjamin Jalon
039 */
040public interface MultiTenantUserManager extends Serializable {
041
042    /**
043     * Retrieves the principal with the given username or null if it does not exist into the given context document. The
044     * context document must be contained into the tenant
045     * <p>
046     * Can build principals for anonymous and virtual users as well as for users defined in the users directory.
047     *
048     * @since 5.5
049     */
050    NuxeoPrincipal getPrincipal(String username, DocumentModel context);
051
052    /**
053     * Search matching groups through their defined search fields into the given context document. The context document
054     * must be contained into the tenant.
055     *
056     * @since 5.5
057     */
058    DocumentModelList searchGroups(String pattern, DocumentModel context);
059
060    /**
061     * Returns groups matching the given query, within the given context.
062     *
063     * @param queryBuilder the query to use, including limit, offset, ordering and countTotal
064     * @param context the context for the tenant, or {@code null}
065     * @since 10.3
066     */
067    DocumentModelList searchGroups(QueryBuilder queryBuilder, DocumentModel context);
068
069    /**
070     * Returns the list of all user ids into the given context document. The context document must be contained into the
071     * tenant.
072     *
073     * @since 5.5
074     */
075    List<String> getUserIds(DocumentModel context);
076
077    /**
078     * Creates user from given model into the given context document. The context document must be contained into the
079     * tenant.
080     *
081     * @since 5.5
082     */
083    DocumentModel createUser(DocumentModel userModel, DocumentModel context) throws
084            UserAlreadyExistsException;
085
086    /**
087     * Updates user represented by given model into the given context document. The context document must be contained
088     * into the tenant.
089     *
090     * @since 5.5
091     */
092    void updateUser(DocumentModel userModel, DocumentModel context);
093
094    /**
095     * Deletes user represented by given model into the given context document. The context document must be contained
096     * into the tenant.
097     *
098     * @since 5.5
099     */
100    void deleteUser(DocumentModel userModel, DocumentModel context);
101
102    /**
103     * Deletes user with given id into the given context document. The context document must be contained into the
104     * tenant.
105     *
106     * @since 5.5
107     */
108    void deleteUser(String userId, DocumentModel context);
109
110    /**
111     * Returns the document model representing user with given id or null if it does not exist into the given context
112     * document. The context document must be contained into the tenant.
113     *
114     * @since 5.5
115     */
116    DocumentModel getUserModel(String userName, DocumentModel context);
117
118    /**
119     * Returns users matching given pattern with the given context. if the Document Context have a directory local
120     * configuration, the service try to open the directory with directory suffix set into the local configuration
121     * <p>
122     * Pattern is used to fill a filter and fulltext map according to users search fields configuration. Search is
123     * performed on each of these fields (OR).
124     *
125     * @since 5.5
126     */
127    DocumentModelList searchUsers(String pattern, DocumentModel context);
128
129    /**
130     * Returns users matching the given query, within the given context.
131     *
132     * @param queryBuilder the query to use, including limit, offset, ordering and countTotal
133     * @param context the context for the tenant, or {@code null}
134     * @since 10.3
135     */
136    DocumentModelList searchUsers(QueryBuilder queryBuilder, DocumentModel context);
137
138    /**
139     * Returns users matching given criteria and with the given context. if the Document Context have a directory local
140     * configuration, the service try to open the user directory with directory suffix set into the local configuration
141     *
142     * @param filter filter with field names as keys
143     * @param fulltext field names used for fulltext match
144     * @since 5.5
145     */
146    DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context);
147
148    /**
149     * Returns the list of all groups ids with the given context. if the Document Context have a directory local
150     * configuration, the service try to open the user directory with directory suffix set into the local configuration
151     *
152     * @since 5.5
153     */
154    List<String> getGroupIds(DocumentModel context);
155
156    /**
157     * Returns groups matching given criteria with the given context. if the Document Context have a directory local
158     * configuration, the service try to open the user directory with directory suffix set into the local configuration
159     *
160     * @param filter filter with field names as keys
161     * @param fulltext field names used for fulltext match
162     * @since 5.5
163     */
164    DocumentModelList searchGroups(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context);
165
166    /**
167     * Creates a group from given model with the given context. If the Document Context have a directory local
168     * configuration, the service will append at the end of the groupname the directory suffix set into the local
169     * configuration of the context document.
170     *
171     * @return the created group model
172     * @since 5.5
173     */
174    DocumentModel createGroup(DocumentModel groupModel, DocumentModel context) throws
175            GroupAlreadyExistsException;
176
177    /**
178     * Updates group represented by given model with the given context. If the Document Context have a directory local
179     * configuration, the service will append at the end of the groupname the directory suffix set into the local
180     * configuration of the context document.
181     *
182     * @since 5.5
183     */
184    void updateGroup(DocumentModel groupModel, DocumentModel context);
185
186    /**
187     * Deletes group represented by given model with the given context. If the Document Context have a directory local
188     * configuration, the service will append at the end of the groupname the directory suffix set into the local
189     * configuration of the context document.
190     *
191     * @since 5.5
192     */
193    void deleteGroup(DocumentModel groupModel, DocumentModel context);
194
195    /**
196     * Deletes group with given id with the given context. If the Document Context have a directory local configuration,
197     * the service will append at the end of the groupname the directory suffix set into the local configuration of the
198     * context document.
199     *
200     * @since 5.5
201     */
202    void deleteGroup(String groupId, DocumentModel context);
203
204    /**
205     * Return the group document model with this id concatenated with the directory local config (if not null) or null
206     * if group does not exist.
207     *
208     * @param groupName the group identifier
209     * @since 5.5
210     */
211    DocumentModel getGroupModel(String groupName, DocumentModel context);
212
213    /**
214     * Returns the list of groups that belong to this group with the given context. If the Document Context have a
215     * directory local configuration, the service will append at the end of the groupname the directory suffix set into
216     * the local configuration of the context document.
217     *
218     * @param parentId the name of the parent group.
219     * @since 5.5
220     */
221    List<String> getGroupsInGroup(String parentId, DocumentModel context);
222
223    /**
224     * Returns the list of groups that are not members of other groups with the given context.
225     *
226     * @since 5.5
227     */
228    List<String> getTopLevelGroups(DocumentModel context);
229
230    /**
231     * Returns the list of users that belong to this group into the given context
232     *
233     * @param groupId ID of the group
234     * @since 5.5
235     */
236    List<String> getUsersInGroup(String groupId, DocumentModel context);
237
238    /**
239     * Get users from a group and its subgroups into the given context
240     *
241     * @param groupId ID of the group
242     * @since 5.5
243     */
244    List<String> getUsersInGroupAndSubGroups(String groupId, DocumentModel context);
245
246    /**
247     * Returns true is users referential is read only (ie : LDAP) -&gt; can not add users -&gt; can not delete users.
248     *
249     * @since 5.5
250     */
251    Boolean areGroupsReadOnly();
252
253    /**
254     * Returns true is groups referential is read only (ie : LDAP) -&gt; can not add groups -&gt; can not delete groups.
255     */
256    Boolean areUsersReadOnly();
257
258    /**
259     * For an ACP, get the list of user that has a permission into the given context. This method should be use with
260     * care as it can cause performance issues while getting the list of users.
261     *
262     * @since 5.5
263     * @param perm the permission
264     * @param acp The access control policy of the document
265     * @return the list of user ids
266     */
267    String[] getUsersForPermission(String perm, ACP acp, DocumentModel context);
268
269}