001/*
002 * (C) Copyright 2006-2014 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Bogdan Stefanescu
018 */
019package org.nuxeo.ecm.core.api;
020
021import java.io.Serializable;
022import java.security.Principal;
023import java.util.List;
024import java.util.UUID;
025
026/**
027 * Class to represent a principal in Nuxeo. This class holds the list of roles and groups for this principal.
028 */
029public interface NuxeoPrincipal extends Principal, Serializable {
030
031    String PREFIX = "user:";
032
033    /**
034     * @since 8.1
035     */
036    String TRANSIENT_USER_PREFIX = "transient/";
037
038    /**
039     * @since 8.1
040     */
041    String TRANSIENT_USER_FORMAT = TRANSIENT_USER_PREFIX + "%s/%s";
042
043    /**
044     * Gets the first name of this principal.
045     *
046     * @return the first name of this principal
047     */
048    String getFirstName();
049
050    /**
051     * Gets the last name of this principal.
052     *
053     * @return the last name of this principal
054     */
055    String getLastName();
056
057    /**
058     * Gets the password of this principal.
059     * <p>
060     * Note: Some APIs that return principals from the database intentionally do not fill this field
061     *
062     * @return the password of this principal
063     */
064    String getPassword();
065
066    /**
067     * Gets the company name of this principal.
068     *
069     * @return the company name
070     */
071    String getCompany();
072
073    /**
074     * Get the user email if any. Return null if not email was specified
075     *
076     * @return the user email or null if none
077     */
078    String getEmail();
079
080    /**
081     * Gets the groups this principal is directly member of.
082     *
083     * @return the list of the groups
084     */
085    List<String> getGroups();
086
087    /**
088     * Gets the groups this principal directly or undirectly is member of.
089     *
090     * @return the list of the groups
091     */
092    List<String> getAllGroups();
093
094    /**
095     * Recursively test if the user is member of this group.
096     *
097     * @param group The name of the group
098     */
099    boolean isMemberOf(String group);
100
101    /**
102     * Gets the roles for this principal.
103     *
104     * @return the list of the roles
105     */
106    List<String> getRoles();
107
108    void setName(String name);
109
110    void setFirstName(String firstName);
111
112    void setLastName(String lastName);
113
114    void setGroups(List<String> groups);
115
116    void setRoles(List<String> roles);
117
118    void setCompany(String company);
119
120    void setPassword(String password);
121
122    void setEmail(String email);
123
124    /**
125     * Returns a generated id that is unique for each principal instance.
126     *
127     * @return a unique string
128     */
129    String getPrincipalId();
130
131    /**
132     * Sets the principalId.
133     *
134     * @param principalId a new principalId for this instance
135     */
136    void setPrincipalId(String principalId);
137
138    DocumentModel getModel();
139
140    void setModel(DocumentModel model);
141
142    /**
143     * Returns true if the principal is an administrator.
144     * <p>
145     * Security checks still apply on the repository for administrator user. If user is a system user, this method will
146     * return true.
147     *
148     * @return true if the principal is an administrator.
149     */
150    boolean isAdministrator();
151
152    /**
153     * Returns the {@code tenantId} of this {@NuxeoPrincipal}, or {@code null} if there is no
154     * {@code tenantId}.
155     *
156     * @since 5.6
157     */
158    String getTenantId();
159
160    /**
161     * Checks if the principal is anonymous (guest user).
162     *
163     * @return true if the principal is anonymous.
164     */
165    boolean isAnonymous();
166
167    /**
168     * Gets the base user from which this principal was created, or {@code null} if this principal was not created from
169     * another user.
170     *
171     * @return the originating user, or {@code null}
172     */
173    String getOriginatingUser();
174
175    /**
176     * Sets the originating user.
177     *
178     * @param originatingUser the originating user
179     */
180    void setOriginatingUser(String originatingUser);
181
182    /**
183     * Gets the acting user for this principal.
184     * <p>
185     * This is the originating user (usually when this principal is a system user), or if there is none this principal's
186     * user.
187     *
188     * @return the acting user
189     * @since 6.0
190     */
191    String getActingUser();
192
193    /**
194     * Returns true if the principal is a transient principal.
195     *
196     * @since 8.1
197     */
198    boolean isTransient();
199
200    /**
201     * Returns true if the given @{code username} is a transient username.
202     *
203     * @since 8.1
204     */
205    static boolean isTransientUsername(String username) {
206        return username != null && username.startsWith(TRANSIENT_USER_PREFIX);
207    }
208
209    /**
210     * Computes a unique transient username from the given {@code baseUsername}.
211     *
212     * @since 8.1
213     */
214    static String computeTransientUsername(String baseUsername) {
215        if (baseUsername != null && !baseUsername.startsWith(TRANSIENT_USER_PREFIX)) {
216            String uuid = UUID.randomUUID().toString();
217            uuid = uuid.replaceAll("-", "").substring(0, 16);
218            return String.format(TRANSIENT_USER_FORMAT, baseUsername, uuid);
219        }
220        return baseUsername;
221    }
222
223}