cms/CmsUserManager.java

   1 package org.argeo.cms;
   2
   3 import java.time.ZonedDateTime;
   4 import java.util.List;
   5 import java.util.Map;
   6 import java.util.Set;
   7
   8 import javax.security.auth.Subject;
   9
  10 import org.argeo.cms.auth.SystemRole;
  11 import org.argeo.osgi.useradmin.UserDirectory;
  12 import org.argeo.util.directory.HierarchyUnit;
  13 import org.osgi.framework.InvalidSyntaxException;
  14 import org.osgi.service.useradmin.Group;
  15 import org.osgi.service.useradmin.Role;
  16 import org.osgi.service.useradmin.User;
  17
  18 /**
  19  * Provide method interfaces to manage user concepts without accessing directly
  20  * the userAdmin.
  21  */
  22 public interface CmsUserManager {
  23         Map<String, String> getKnownBaseDns(boolean onlyWritable);
  24
  25         Set<UserDirectory> getUserDirectories();
  26
  27         // CurrentUser
  28         /** Returns the e-mail of the current logged in user */
  29         String getMyMail();
  30
  31         // Other users
  32         /** Returns a {@link User} given a username */
  33         User getUser(String username);
  34
  35         /** Can be a group or a user */
  36         String getUserDisplayName(String dn);
  37
  38         /** Can be a group or a user */
  39         String getUserMail(String dn);
  40
  41         /** Lists all roles of the given user */
  42         String[] getUserRoles(String dn);
  43
  44         /** Checks if the passed user belongs to the passed role */
  45         boolean isUserInRole(String userDn, String roleDn);
  46
  47         // Search
  48         /** Returns a filtered list of roles */
  49         Role[] getRoles(String filter) throws InvalidSyntaxException;
  50
  51         /** Recursively lists users in a given group. */
  52         Set<User> listUsersInGroup(String groupDn, String filter);
  53
  54         /** Search among groups including system roles and users if needed */
  55         List<User> listGroups(String filter, boolean includeUsers, boolean includeSystemRoles);
  56
  57 //      /**
  58 //       * Lists functional accounts, that is users with regular access to the system
  59 //       * under this functional hierarchy unit (which probably have technical direct
  60 //       * sub hierarchy units), excluding groups which are not explicitly users.
  61 //       */
  62 //      Set<User> listAccounts(HierarchyUnit hierarchyUnit, boolean deep);
  63
  64         /*
  65          * EDITION
  66          */
  67         /** Creates a new user. */
  68         User createUser(String username, Map<String, Object> properties, Map<String, Object> credentials);
  69
  70         /** Creates a group. */
  71         Group getOrCreateGroup(HierarchyUnit groups, String commonName);
  72
  73         /** Creates a new system role. */
  74         Group getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole);
  75
  76         /** Add additional object classes to this role. */
  77         void addObjectClasses(Role role, Set<String> objectClasses, Map<String, Object> additionalProperties);
  78
  79         /** Add additional object classes to this hierarchy unit. */
  80         void addObjectClasses(HierarchyUnit hierarchyUnit, Set<String> objectClasses,
  81                         Map<String, Object> additionalProperties);
  82
  83         /** Add a member to this group. */
  84         void addMember(Group group, Role role);
  85
  86         void edit(Runnable action);
  87
  88         /* MISCELLANEOUS */
  89         /** Returns the dn of a role given its local ID */
  90         String buildDefaultDN(String localId, int type);
  91
  92         /** Exposes the main default domain name for this instance */
  93         String getDefaultDomainName();
  94
  95         /**
  96          * Search for a {@link User} (might also be a group) whose uid or cn is equals
  97          * to localId within the various user repositories defined in the current
  98          * context.
  99          */
 100         User getUserFromLocalId(String localId);
 101
 102         void changeOwnPassword(char[] oldPassword, char[] newPassword);
 103
 104         void resetPassword(String username, char[] newPassword);
 105
 106         @Deprecated
 107         String addSharedSecret(String username, int hours);
 108
 109 //      String addSharedSecret(String username, String authInfo, String authToken);
 110
 111         void addAuthToken(String userDn, String token, Integer hours, String... roles);
 112
 113         void addAuthToken(String userDn, String token, ZonedDateTime expiryDate, String... roles);
 114
 115         void expireAuthToken(String token);
 116
 117         void expireAuthTokens(Subject subject);
 118
 119         UserDirectory getDirectory(Role role);
 120
 121         /** Create a new hierarchy unit. Does nothing if it already exists. */
 122         HierarchyUnit getOrCreateHierarchyUnit(UserDirectory directory, String path);
 123 }