001/*
002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 *
019 * $Id: JOOoConvertPluginImpl.java 18651 2007-05-13 20:28:53Z sfermigier $
020 */
021
022package org.nuxeo.ecm.platform.usermanager;
023
024import java.io.Serializable;
025import java.util.List;
026import java.util.Map;
027import java.util.Set;
028
029import org.nuxeo.ecm.core.api.DocumentModel;
030import org.nuxeo.ecm.core.api.DocumentModelList;
031import org.nuxeo.ecm.core.api.NuxeoPrincipal;
032import org.nuxeo.ecm.core.api.security.ACP;
033import org.nuxeo.ecm.directory.DirectoryException;
034import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException;
035import org.nuxeo.ecm.platform.usermanager.exceptions.UserAlreadyExistsException;
036
037/**
038 * @author Benjamin Jalon <bjalon@nuxeo.com>
039 */
040public interface MultiTenantUserManager extends Serializable {
041
042    /**
043     * Retrieves the principal with the given username or null if it does not exist into the given context document. The
044     * context document must be contained into the tenant
045     * <p>
046     * Can build principals for anonymous and virtual users as well as for users defined in the users directory.
047     *
048     * @since 5.5
049     */
050    NuxeoPrincipal getPrincipal(String username, DocumentModel context);
051
052    /**
053     * Search matching groups through their defined search fields into the given context document. The context document
054     * must be contained into the tenant.
055     *
056     * @since 5.5
057     */
058    DocumentModelList searchGroups(String pattern, DocumentModel context);
059
060    /**
061     * Returns the list of all user ids into the given context document. The context document must be contained into the
062     * tenant.
063     *
064     * @since 5.5
065     */
066    List<String> getUserIds(DocumentModel context);
067
068    /**
069     * Creates user from given model into the given context document. The context document must be contained into the
070     * tenant.
071     *
072     * @since 5.5
073     * @throws UserAlreadyExistsException
074     */
075    DocumentModel createUser(DocumentModel userModel, DocumentModel context) throws
076            UserAlreadyExistsException;
077
078    /**
079     * Updates user represented by given model into the given context document. The context document must be contained
080     * into the tenant.
081     *
082     * @param userModel
083     * @since 5.5
084     */
085    void updateUser(DocumentModel userModel, DocumentModel context);
086
087    /**
088     * Deletes user represented by given model into the given context document. The context document must be contained
089     * into the tenant.
090     *
091     * @since 5.5
092     * @throws DirectoryException if given entry does not exist
093     */
094    void deleteUser(DocumentModel userModel, DocumentModel context);
095
096    /**
097     * Deletes user with given id into the given context document. The context document must be contained into the
098     * tenant.
099     *
100     * @since 5.5
101     * @throws DirectoryException if given entry does not exist
102     */
103    void deleteUser(String userId, DocumentModel context);
104
105    /**
106     * Returns the document model representing user with given id or null if it does not exist into the given context
107     * document. The context document must be contained into the tenant.
108     *
109     * @since 5.5
110     */
111    DocumentModel getUserModel(String userName, DocumentModel context);
112
113    /**
114     * Returns users matching given pattern with the given context. if the Document Context have a directory local
115     * configuration, the service try to open the directory with directory suffix set into the local configuration
116     * <p>
117     * Pattern is used to fill a filter and fulltext map according to users search fields configuration. Search is
118     * performed on each of these fields (OR).
119     *
120     * @since 5.5
121     */
122    DocumentModelList searchUsers(String pattern, DocumentModel context);
123
124    /**
125     * Returns users matching given criteria and with the given context. if the Document Context have a directory local
126     * configuration, the service try to open the user directory with directory suffix set into the local configuration
127     *
128     * @param filter filter with field names as keys
129     * @param fulltext field names used for fulltext match
130     * @param context
131     * @since 5.5
132     */
133    DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context);
134
135    /**
136     * Returns the list of all groups ids with the given context. if the Document Context have a directory local
137     * configuration, the service try to open the user directory with directory suffix set into the local configuration
138     *
139     * @since 5.5
140     */
141    List<String> getGroupIds(DocumentModel context);
142
143    /**
144     * Returns groups matching given criteria with the given context. if the Document Context have a directory local
145     * configuration, the service try to open the user directory with directory suffix set into the local configuration
146     *
147     * @param filter filter with field names as keys
148     * @param fulltext field names used for fulltext match
149     * @param context
150     * @since 5.5
151     */
152    DocumentModelList searchGroups(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context);
153
154    /**
155     * Creates a group from given model with the given context. If the Document Context have a directory local
156     * configuration, the service will append at the end of the groupname the directory suffix set into the local
157     * configuration of the context document.
158     *
159     * @return the created group model
160     * @since 5.5
161     * @throws GroupAlreadyExistsException
162     */
163    DocumentModel createGroup(DocumentModel groupModel, DocumentModel context) throws
164            GroupAlreadyExistsException;
165
166    /**
167     * Updates group represented by given model with the given context. If the Document Context have a directory local
168     * configuration, the service will append at the end of the groupname the directory suffix set into the local
169     * configuration of the context document.
170     *
171     * @since 5.5
172     * @throws DirectoryException if given entry does not exist
173     */
174    void updateGroup(DocumentModel groupModel, DocumentModel context);
175
176    /**
177     * Deletes group represented by given model with the given context. If the Document Context have a directory local
178     * configuration, the service will append at the end of the groupname the directory suffix set into the local
179     * configuration of the context document.
180     *
181     * @param groupModel
182     * @since 5.5
183     * @throws DirectoryException if given entry does not exist
184     */
185    void deleteGroup(DocumentModel groupModel, DocumentModel context);
186
187    /**
188     * Deletes group with given id with the given context. If the Document Context have a directory local configuration,
189     * the service will append at the end of the groupname the directory suffix set into the local configuration of the
190     * context document.
191     *
192     * @param groupId
193     * @since 5.5
194     * @throws DirectoryException if given entry does not exist
195     */
196    void deleteGroup(String groupId, DocumentModel context);
197
198    /**
199     * Return the group document model with this id concatenated with the directory local config (if not null) or null
200     * if group does not exist.
201     *
202     * @param groupName the group identifier
203     * @since 5.5
204     */
205    DocumentModel getGroupModel(String groupName, DocumentModel context);
206
207    /**
208     * Returns the list of groups that belong to this group with the given context. If the Document Context have a
209     * directory local configuration, the service will append at the end of the groupname the directory suffix set into
210     * the local configuration of the context document.
211     *
212     * @param parentId the name of the parent group.
213     * @return
214     * @since 5.5
215     */
216    List<String> getGroupsInGroup(String parentId, DocumentModel context);
217
218    /**
219     * Returns the list of groups that are not members of other groups with the given context.
220     *
221     * @return
222     * @since 5.5
223     */
224    List<String> getTopLevelGroups(DocumentModel context);
225
226    /**
227     * Returns the list of users that belong to this group into the given context
228     *
229     * @param groupId ID of the group
230     * @return
231     * @since 5.5
232     */
233    List<String> getUsersInGroup(String groupId, DocumentModel context);
234
235    /**
236     * Get users from a group and its subgroups into the given context
237     *
238     * @param groupId ID of the group
239     * @return
240     * @since 5.5
241     */
242    List<String> getUsersInGroupAndSubGroups(String groupId, DocumentModel context);
243
244    /**
245     * Returns true is users referential is read only (ie : LDAP) -> can not add users -> can not delete users.
246     *
247     * @since 5.5
248     */
249    Boolean areGroupsReadOnly();
250
251    /**
252     * Returns true is groups referential is read only (ie : LDAP) -> can not add groups -> can not delete groups.
253     */
254    Boolean areUsersReadOnly();
255
256    /**
257     * For an ACP, get the list of user that has a permission into the given context. This method should be use with
258     * care as it can cause performance issues while getting the list of users.
259     *
260     * @since 5.5
261     * @param perm the permission
262     * @param acp The access control policy of the document
263     * @return the list of user ids
264     */
265    String[] getUsersForPermission(String perm, ACP acp, DocumentModel context);
266
267}