org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsUserManager.java

   1 package org.argeo.api.cms.directory;
   2
   3 import java.time.ZonedDateTime;
   4 import java.util.List;
   5 import java.util.Map;
   6 import java.util.Set;
   7
   8 import javax.security.auth.Subject;
   9 import javax.xml.namespace.QName;
  10
  11 import org.osgi.service.useradmin.Role;
  12 import org.osgi.service.useradmin.User;
  13
  14 /**
  15  * Provide method interfaces to manage user concepts without accessing directly
  16  * the userAdmin.
  17  */
  18 public interface CmsUserManager {
  19         Map<String, String> getKnownBaseDns(boolean onlyWritable);
  20
  21         Set<UserDirectory> getUserDirectories();
  22
  23         // CurrentUser
  24         /** Returns the e-mail of the current logged in user */
  25         String getMyMail();
  26
  27         // Other users
  28         /** Returns a {@link User} given a username */
  29         CmsUser getUser(String username);
  30
  31         /** Can be a group or a user */
  32         String getUserDisplayName(String dn);
  33
  34         /** Can be a group or a user */
  35         String getUserMail(String dn);
  36
  37         /** Lists all roles of the given user */
  38         String[] getUserRoles(String dn);
  39
  40         /** Checks if the passed user belongs to the passed role */
  41         boolean isUserInRole(String userDn, String roleDn);
  42
  43         // Search
  44         /** Returns a filtered list of roles */
  45         Role[] getRoles(String filter);
  46
  47         /** Recursively lists users in a given group. */
  48         Set<CmsUser> listUsersInGroup(String groupDn, String filter);
  49
  50         /** Search among groups including system roles and users if needed */
  51         List<CmsUser> listGroups(String filter, boolean includeUsers, boolean includeSystemRoles);
  52
  53 //      /**
  54 //       * Lists functional accounts, that is users with regular access to the system
  55 //       * under this functional hierarchy unit (which probably have technical direct
  56 //       * sub hierarchy units), excluding groups which are not explicitly users.
  57 //       */
  58 //      Set<User> listAccounts(HierarchyUnit hierarchyUnit, boolean deep);
  59
  60         /*
  61          * EDITION
  62          */
  63         /** Creates a new user. */
  64         CmsUser createUser(String username, Map<String, Object> properties, Map<String, Object> credentials);
  65
  66         /** Creates a group. */
  67         CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName);
  68
  69         /** Creates a new system role. */
  70         CmsGroup getOrCreateSystemRole(HierarchyUnit roles, QName systemRole);
  71
  72         /** Add additional object classes to this role. */
  73         void addObjectClasses(Role role, Set<String> objectClasses, Map<String, Object> additionalProperties);
  74
  75         /** Add additional object classes to this hierarchy unit. */
  76         void addObjectClasses(HierarchyUnit hierarchyUnit, Set<String> objectClasses,
  77                         Map<String, Object> additionalProperties);
  78
  79         /** Add a member to this group. */
  80         void addMember(CmsGroup group, Role role);
  81
  82         void edit(Runnable action);
  83
  84         /* MISCELLANEOUS */
  85         /** Returns the dn of a role given its local ID */
  86         String buildDefaultDN(String localId, int type);
  87
  88         /** Exposes the main default domain name for this instance */
  89         String getDefaultDomainName();
  90
  91         /**
  92          * Search for a {@link User} (might also be a group) whose uid or cn is equals
  93          * to localId within the various user repositories defined in the current
  94          * context.
  95          */
  96         CmsUser getUserFromLocalId(String localId);
  97
  98         void changeOwnPassword(char[] oldPassword, char[] newPassword);
  99
 100         void resetPassword(String username, char[] newPassword);
 101
 102         @Deprecated
 103         String addSharedSecret(String username, int hours);
 104
 105 //      String addSharedSecret(String username, String authInfo, String authToken);
 106
 107         void addAuthToken(String userDn, String token, Integer hours, String... roles);
 108
 109         void addAuthToken(String userDn, String token, ZonedDateTime expiryDate, String... roles);
 110
 111         void expireAuthToken(String token);
 112
 113         void expireAuthTokens(Subject subject);
 114
 115         UserDirectory getDirectory(Role role);
 116
 117         /** Create a new hierarchy unit. Does nothing if it already exists. */
 118         HierarchyUnit getOrCreateHierarchyUnit(UserDirectory directory, String path);
 119 }