X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.api.cms%2Fsrc%2Forg%2Fargeo%2Fapi%2Fcms%2Fdirectory%2FCmsUserManager.java;fp=org.argeo.api.cms%2Fsrc%2Forg%2Fargeo%2Fapi%2Fcms%2Fdirectory%2FCmsUserManager.java;h=422cadef011c0d742546b2f115848d92f71f944f;hb=de8f04a41db19968896b15cd7f43c819a28e7158;hp=0000000000000000000000000000000000000000;hpb=e018ad9078249a806f2e2ef86a6adcbd8cca3188;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsUserManager.java b/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsUserManager.java new file mode 100644 index 000000000..422cadef0 --- /dev/null +++ b/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsUserManager.java @@ -0,0 +1,119 @@ +package org.argeo.api.cms.directory; + +import java.time.ZonedDateTime; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.security.auth.Subject; +import javax.xml.namespace.QName; + +import org.osgi.service.useradmin.Role; +import org.osgi.service.useradmin.User; + +/** + * Provide method interfaces to manage user concepts without accessing directly + * the userAdmin. + */ +public interface CmsUserManager { + Map getKnownBaseDns(boolean onlyWritable); + + Set getUserDirectories(); + + // CurrentUser + /** Returns the e-mail of the current logged in user */ + String getMyMail(); + + // Other users + /** Returns a {@link User} given a username */ + CmsUser getUser(String username); + + /** Can be a group or a user */ + String getUserDisplayName(String dn); + + /** Can be a group or a user */ + String getUserMail(String dn); + + /** Lists all roles of the given user */ + String[] getUserRoles(String dn); + + /** Checks if the passed user belongs to the passed role */ + boolean isUserInRole(String userDn, String roleDn); + + // Search + /** Returns a filtered list of roles */ + Role[] getRoles(String filter); + + /** Recursively lists users in a given group. */ + Set listUsersInGroup(String groupDn, String filter); + + /** Search among groups including system roles and users if needed */ + List listGroups(String filter, boolean includeUsers, boolean includeSystemRoles); + +// /** +// * Lists functional accounts, that is users with regular access to the system +// * under this functional hierarchy unit (which probably have technical direct +// * sub hierarchy units), excluding groups which are not explicitly users. +// */ +// Set listAccounts(HierarchyUnit hierarchyUnit, boolean deep); + + /* + * EDITION + */ + /** Creates a new user. */ + CmsUser createUser(String username, Map properties, Map credentials); + + /** Creates a group. */ + CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName); + + /** Creates a new system role. */ + CmsGroup getOrCreateSystemRole(HierarchyUnit roles, QName systemRole); + + /** Add additional object classes to this role. */ + void addObjectClasses(Role role, Set objectClasses, Map additionalProperties); + + /** Add additional object classes to this hierarchy unit. */ + void addObjectClasses(HierarchyUnit hierarchyUnit, Set objectClasses, + Map additionalProperties); + + /** Add a member to this group. */ + void addMember(CmsGroup group, Role role); + + void edit(Runnable action); + + /* MISCELLANEOUS */ + /** Returns the dn of a role given its local ID */ + String buildDefaultDN(String localId, int type); + + /** Exposes the main default domain name for this instance */ + String getDefaultDomainName(); + + /** + * Search for a {@link User} (might also be a group) whose uid or cn is equals + * to localId within the various user repositories defined in the current + * context. + */ + CmsUser getUserFromLocalId(String localId); + + void changeOwnPassword(char[] oldPassword, char[] newPassword); + + void resetPassword(String username, char[] newPassword); + + @Deprecated + String addSharedSecret(String username, int hours); + +// String addSharedSecret(String username, String authInfo, String authToken); + + void addAuthToken(String userDn, String token, Integer hours, String... roles); + + void addAuthToken(String userDn, String token, ZonedDateTime expiryDate, String... roles); + + void expireAuthToken(String token); + + void expireAuthTokens(Subject subject); + + UserDirectory getDirectory(Role role); + + /** Create a new hierarchy unit. Does nothing if it already exists. */ + HierarchyUnit getOrCreateHierarchyUnit(UserDirectory directory, String path); +} \ No newline at end of file