Class UserManagerImpl
- All Implemented Interfaces:
Serializable
,AdministratorGroupsProvider
,MultiTenantUserManager
,UserManager
,Authenticator
,EventListener
- Direct Known Subclasses:
UserManagerWithComputedGroups
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.nuxeo.ecm.platform.usermanager.UserManager
UserManager.MatchType
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Key for the ancestor group names of a group in a core event context.protected VirtualUser
protected final CacheService
static final String
protected String
protected String
protected String
protected final DirectoryService
protected Boolean
static final String
Used by JaasCacheFlusher.protected GroupConfig
static final String
static final String
protected String
protected String
protected String
protected String
protected String
static final String
protected String
protected String
protected Map<String,
UserManager.MatchType> protected String
protected String
static final String
Key for the id of a user or a group in a core event context.static final String
static final String
protected Cache
protected static final String
static final String
Possible value for theDocumentEventContext.CATEGORY_PROPERTY_KEY
key of a core event context.static final String
static final String
Used by JaasCacheFlusher.protected UserConfig
A structure used to inject field name configuration of users schema into a NuxeoPrincipalImpl instance.static final String
static final String
protected String
protected String
protected String
protected String
static final String
static final String
protected Pattern
protected String
protected Map<String,
UserManager.MatchType> protected String
static final String
protected final Map<String,
VirtualUserDescriptor> -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected void
appendSubgroups
(String groupId, Set<String> groups, DocumentModel context) Returns true is users referential is read only (ie : LDAP) -> can not add users -> can not delete users.Returns true is groups referential is read only (ie : LDAP) -> can not add groups -> can not delete groups.authenticate
(String name, String password) Get a principal object for the given username if the username / password pair is valid, otherwise returns null.protected void
checkGrouId
(DocumentModel groupModel) protected void
checkGroupsExistence
(DocumentModel userModel, String schema, DocumentModel context) protected void
checkPasswordValidity
(DocumentModel userModel) protected void
checkUserId
(DocumentModel userModel) boolean
checkUsernamePassword
(String username, String password) Check the password for the given username.protected Map<String,
Serializable> cloneMap
(Map<String, Serializable> map) createGroup
(DocumentModel groupModel) Creates a group from given modelcreateGroup
(DocumentModel groupModel, DocumentModel context) Creates a group from given model with the given context.createUser
(DocumentModel userModel) Creates user from given model.createUser
(DocumentModel userModel, DocumentModel context) Creates user from given model into the given context document.void
deleteGroup
(String groupId) Deletes group with given id.void
deleteGroup
(String groupId, DocumentModel context) Deletes group with given id with the given context.void
deleteGroup
(DocumentModel groupModel) Deletes group represented by given model.void
deleteGroup
(DocumentModel groupModel, DocumentModel context) Deletes group represented by given model with the given context.void
deleteUser
(String userId) Deletes user with given id.void
deleteUser
(String userId, DocumentModel context) Deletes user with given id into the given context document.void
deleteUser
(DocumentModel userModel) Deletes user represented by given model.void
deleteUser
(DocumentModel userModel, DocumentModel context) Deletes user represented by given model into the given context document.static String
encodeDigestAuthPassword
(String username, String realm, String password) Returns the list of administrators groups.getAncestorGroups
(String groupId) Returns the ancestor groups of the group with the given id.Gets the anonymous user id.Returns a bare group model.Returns a bare user model.getDescendantGroups
(String groupId) Returns the descendant groups of the group with the given id.Gets the Digest Auth directory.protected DocumentModel
Gets the Digest Auth realm.getDirectorySortMap
(String descriptorSortField, String fallBackField) Returns the nuxeo group with given name or null if it does not exist.protected NuxeoGroup
getGroup
(String groupName, DocumentModel context) Returns the contributedGroupConfig
.Gets the group directory name.protected String
getGroupId
(DocumentModel groupModel) Returns the group directory id field.Returns the list of all groups ids.getGroupIds
(DocumentModel context) Returns the list of all groups ids with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configurationReturns the group label field.Gets the group members field.getGroupModel
(String groupName) Return the group document model with this id or null if group does not exist.getGroupModel
(String groupIdValue, DocumentModel context) Return the group document model with this id concatenated with the directory local config (if not null) or null if group does not exist.protected OrderByExpr
Gets the group parent-groups field.Returns the group directory schema name.Gets the group search fields.getGroupsInGroup
(String parentId) Returns the list of groups that belong to this group.getGroupsInGroup
(String parentId, DocumentModel context) Returns the list of groups that belong to this group with the given context.Gets the group sub-groups field.getLeafPermissions
(String perm) getPrincipal
(String username, boolean fetchReferences) Retrieves the principal with the given username or null if it does not exist.getPrincipal
(String username, DocumentModel context) Retrieves the principal with the given username or null if it does not exist into the given context document.protected NuxeoPrincipal
getPrincipal
(String username, DocumentModel context, boolean fetchReferences) protected NuxeoPrincipal
getPrincipalUsingCache
(String username) protected QueryBuilder
getQueryForPattern
(String pattern, String dirName, Map<String, UserManager.MatchType> searchFields, OrderByExpr orderBy) Returns the list of groups that are not members of other groups.getTopLevelGroups
(DocumentModel context) Returns the list of groups that are not members of other groups with the given context.Gets the user directory name.Gets the user email field.protected String
getUserId
(DocumentModel userModel) Returns the user directory id field.Returns the list of all user ids.getUserIds
(DocumentModel context) Returns the list of all user ids into the given context document.getUserModel
(String userName) Returns the document model representing user with given id or null if it does not exist.getUserModel
(String userName, DocumentModel context) Returns the document model representing user with given id or null if it does not exist into the given context document.protected DocumentModel
getUserModel
(String userName, DocumentModel context, boolean fetchReferences) protected OrderByExpr
Returns the user directory schema name.Gets the user search fields, the fields to use when a principal search is done.String[]
getUsersForPermission
(String perm, ACP acp) For an ACP, get the list of user that has a permission.String[]
getUsersForPermission
(String perm, ACP acp, DocumentModel context) For an ACP, get the list of user that has a permission into the given context.getUsersInGroup
(String groupId) Returns the list of users that belong to this group.getUsersInGroup
(String groupId, DocumentModel context) Returns the list of users that belong to this group into the given contextgetUsersInGroupAndSubGroups
(String groupId) Get users from a group and its subgroups.getUsersInGroupAndSubGroups
(String groupId, DocumentModel context) Get users from a group and its subgroups into the given contextvoid
handleEvent
(Event event) An event was received.protected void
protected void
invalidatePrincipal
(String userName) protected boolean
isAnonymousMatching
(Map<String, Serializable> filter, Set<String> fulltext) protected boolean
isAnonymousMatching
(QueryBuilder queryBuilder, Directory dir) protected NuxeoPrincipal
protected NuxeoGroup
makeGroup
(DocumentModel groupEntry) protected NuxeoPrincipal
makePrincipal
(DocumentModel userEntry) protected NuxeoPrincipal
makePrincipal
(DocumentModel userEntry, boolean anonymous, boolean isTransient, List<String> groups) protected NuxeoPrincipal
makePrincipal
(DocumentModel userEntry, boolean anonymous, List<String> groups) protected NuxeoPrincipal
makeTransientPrincipal
(String username) protected NuxeoPrincipal
protected DocumentModel
makeVirtualUserEntry
(String id, VirtualUser user) protected void
notifyCore
(String userOrGroupId, String eventId) protected void
notifyCore
(String userOrGroupId, String eventId, List<String> ancestorGroupIds) void
notifyGroupChanged
(String groupName, String eventId, List<String> ancestorGroupNames) Notifies that the given group has changed with the given event: At the runtime level so that the JaasCacheFlusher listener can make sure the principal cache is reset. At the core level, passing thegroupName
as the"id"
property of the fired event.protected void
notifyRuntime
(String userOrGroupName, String eventId) void
notifyUserChanged
(String userName, String eventId) Notifies that the given user has changed with the given event: At the runtime level so that the JaasCacheFlusher listener can make sure the principal cache is reset. At the core level, passing theuserName
as the"id"
property of the fired event.protected void
populateAncestorGroups
(String groupId, List<String> ancestorGroups) protected void
populateDescendantGroups
(String groupId, List<String> descendantGroups) protected DocumentModelList
queryWithVirtualEntries
(Session session, QueryBuilder queryBuilder, List<DocumentModel> virtualEntries) Executes a query then adds virtual entries (already supposed to match the query).protected void
removeVirtualFilters
(Map<String, Serializable> filter) searchGroups
(String pattern) Search matching groups through their defined search fieldssearchGroups
(String pattern, DocumentModel context) Search matching groups through their defined search fields into the given context document.searchGroups
(Map<String, Serializable> filter, Set<String> fulltext) Returns groups matching given criteria.searchGroups
(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context) Returns groups matching given criteria with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configurationsearchGroups
(QueryBuilder queryBuilder) Returns groups matching the given query.searchGroups
(QueryBuilder queryBuilder, DocumentModel context) Returns groups matching the given query, within the given context.searchPrincipals
(String pattern) searchUsers
(String pattern) Returns users matching given patternsearchUsers
(String pattern, DocumentModel context) Returns users matching given pattern with the given context. if the Document Context have a directory local configuration, the service try to open the directory with directory suffix set into the local configurationsearchUsers
(Map<String, Serializable> filter, Set<String> fulltext) Returns users matching given criteria.searchUsers
(Map<String, Serializable> filter, Set<String> fulltext, Map<String, String> orderBy, DocumentModel context) MULTI-TENANT-IMPLEMENTATIONsearchUsers
(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context) Returns users matching given criteria and with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configurationsearchUsers
(QueryBuilder queryBuilder) Returns users matching the given query.searchUsers
(QueryBuilder queryBuilder, DocumentModel context) Returns users matching the given query, within the given context.void
setConfiguration
(UserManagerDescriptor descriptor) Sets the given configuration on the service.protected void
setGroupDirectoryName
(String groupDirectoryName) protected void
setUserDirectoryName
(String userDirectoryName) protected void
setVirtualUsers
(Map<String, VirtualUserDescriptor> virtualUsers) protected void
syncDigestAuthPassword
(String username, String password) void
updateGroup
(DocumentModel groupModel) Updates group represented by given model.void
updateGroup
(DocumentModel groupModel, DocumentModel context) Updates group represented by given model with the given context.void
updateUser
(DocumentModel userModel) Updates user represented by given model.void
updateUser
(DocumentModel userModel, DocumentModel context) Updates user represented by given model into the given context document.protected boolean
useCache()
protected boolean
boolean
validatePassword
(String password) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.nuxeo.ecm.platform.usermanager.UserManager
getPrincipal, notifyGroupChanged
-
Field Details
-
SEARCH_ESCAPE_COMPAT_PARAM
- Since:
- 11.1
- See Also:
-
USERMANAGER_TOPIC
- See Also:
-
USERCHANGED_EVENT_ID
Used by JaasCacheFlusher.- See Also:
-
USERCREATED_EVENT_ID
- See Also:
-
USERDELETED_EVENT_ID
- See Also:
-
USERMODIFIED_EVENT_ID
- See Also:
-
GROUPCHANGED_EVENT_ID
Used by JaasCacheFlusher.- See Also:
-
GROUPCREATED_EVENT_ID
- See Also:
-
GROUPDELETED_EVENT_ID
- See Also:
-
GROUPMODIFIED_EVENT_ID
- See Also:
-
DEFAULT_ANONYMOUS_USER_ID
- See Also:
-
VIRTUAL_FIELD_FILTER_PREFIX
- See Also:
-
INVALIDATE_PRINCIPAL_EVENT_ID
- See Also:
-
INVALIDATE_ALL_PRINCIPALS_EVENT_ID
- See Also:
-
USER_GROUP_CATEGORY
Possible value for theDocumentEventContext.CATEGORY_PROPERTY_KEY
key of a core event context.- Since:
- 9.2
- See Also:
-
ID_PROPERTY_KEY
Key for the id of a user or a group in a core event context.- Since:
- 9.2
- See Also:
-
ANCESTOR_GROUPS_PROPERTY_KEY
Key for the ancestor group names of a group in a core event context.- Since:
- 9.2
- See Also:
-
USER_HAS_PARTIAL_CONTENT
- Since:
- 11.4
- See Also:
-
dirService
-
cacheService
-
principalCache
-
multiTenantManagement
-
userConfig
A structure used to inject field name configuration of users schema into a NuxeoPrincipalImpl instance. TODO not all fields inside are configurable for now - they will use default values -
groupConfig
- Since:
- 9.3
-
userDirectoryName
-
userSchemaName
-
userIdField
-
userEmailField
-
userSearchFields
-
groupDirectoryName
-
groupSchemaName
-
groupIdField
-
groupLabelField
-
groupMembersField
-
groupSubGroupsField
-
groupParentGroupsField
-
groupSortField
-
groupSearchFields
-
defaultGroup
-
administratorIds
-
administratorGroups
-
disableDefaultAdministratorsGroup
-
userSortField
-
userListingMode
-
groupListingMode
-
userPasswordPattern
-
anonymousUser
-
digestAuthDirectory
-
digestAuthRealm
-
virtualUsers
-
-
Constructor Details
-
UserManagerImpl
public UserManagerImpl()
-
-
Method Details
-
setConfiguration
Description copied from interface:UserManager
Sets the given configuration on the service.- Specified by:
setConfiguration
in interfaceUserManager
- Parameters:
descriptor
- the descriptor as parsed from xml, merged from the previous one if it exists.
-
setUserDirectoryName
-
getUserDirectoryName
Description copied from interface:UserManager
Gets the user directory name.- Specified by:
getUserDirectoryName
in interfaceUserManager
- Returns:
- the user directory name.
-
getUserIdField
Description copied from interface:UserManager
Returns the user directory id field.- Specified by:
getUserIdField
in interfaceUserManager
-
getUserSchemaName
Description copied from interface:UserManager
Returns the user directory schema name.- Specified by:
getUserSchemaName
in interfaceUserManager
-
getUserEmailField
Description copied from interface:UserManager
Gets the user email field.- Specified by:
getUserEmailField
in interfaceUserManager
- Returns:
- the user email field.
-
getUserSearchFields
Description copied from interface:UserManager
Gets the user search fields, the fields to use when a principal search is done.- Specified by:
getUserSearchFields
in interfaceUserManager
- Returns:
- the search fields.
-
getGroupSearchFields
Description copied from interface:UserManager
Gets the group search fields.- Specified by:
getGroupSearchFields
in interfaceUserManager
-
setGroupDirectoryName
-
getGroupDirectoryName
Description copied from interface:UserManager
Gets the group directory name.- Specified by:
getGroupDirectoryName
in interfaceUserManager
- Returns:
- the group directory name.
-
getGroupIdField
Description copied from interface:UserManager
Returns the group directory id field.- Specified by:
getGroupIdField
in interfaceUserManager
-
getGroupLabelField
Description copied from interface:UserManager
Returns the group label field.- Specified by:
getGroupLabelField
in interfaceUserManager
-
getGroupSchemaName
Description copied from interface:UserManager
Returns the group directory schema name.- Specified by:
getGroupSchemaName
in interfaceUserManager
-
getGroupMembersField
Description copied from interface:UserManager
Gets the group members field.- Specified by:
getGroupMembersField
in interfaceUserManager
- Returns:
- the group members field.
-
getGroupSubGroupsField
Description copied from interface:UserManager
Gets the group sub-groups field.- Specified by:
getGroupSubGroupsField
in interfaceUserManager
- Returns:
- the sub-groups field.
-
getGroupParentGroupsField
Description copied from interface:UserManager
Gets the group parent-groups field.- Specified by:
getGroupParentGroupsField
in interfaceUserManager
- Returns:
- the parent-groups field.
-
getUserListingMode
- Specified by:
getUserListingMode
in interfaceUserManager
-
getGroupListingMode
- Specified by:
getGroupListingMode
in interfaceUserManager
-
getDefaultGroup
- Specified by:
getDefaultGroup
in interfaceUserManager
-
getUserPasswordPattern
- Specified by:
getUserPasswordPattern
in interfaceUserManager
-
getAnonymousUserId
Description copied from interface:UserManager
Gets the anonymous user id.- Specified by:
getAnonymousUserId
in interfaceUserManager
- Returns:
- the anonymous user id, or the default one if none is defined.
-
setVirtualUsers
-
checkUsernamePassword
Description copied from interface:Authenticator
Check the password for the given username. Returns true if the username / password pair match, false otherwise.- Specified by:
checkUsernamePassword
in interfaceAuthenticator
- Specified by:
checkUsernamePassword
in interfaceUserManager
- Parameters:
username
- the usernamepassword
- the password to check- Returns:
- true is valid, false otherwise
-
syncDigestAuthPassword
-
getDigestAuthModel
-
encodeDigestAuthPassword
-
getDigestAuthDirectory
Description copied from interface:UserManager
Gets the Digest Auth directory.- Specified by:
getDigestAuthDirectory
in interfaceUserManager
-
getDigestAuthRealm
Description copied from interface:UserManager
Gets the Digest Auth realm.- Specified by:
getDigestAuthRealm
in interfaceUserManager
-
validatePassword
- Specified by:
validatePassword
in interfaceUserManager
-
makeAnonymousPrincipal
-
makeVirtualPrincipal
-
makeTransientPrincipal
-
makeVirtualUserEntry
-
makePrincipal
-
makePrincipal
protected NuxeoPrincipal makePrincipal(DocumentModel userEntry, boolean anonymous, List<String> groups) -
makePrincipal
protected NuxeoPrincipal makePrincipal(DocumentModel userEntry, boolean anonymous, boolean isTransient, List<String> groups) -
useCache
protected boolean useCache() -
getPrincipal
Description copied from interface:UserManager
Retrieves the principal with the given username or null if it does not exist.Can build principals for anonymous and virtual users as well as for users defined in the users directory.
- Specified by:
getPrincipal
in interfaceUserManager
- Parameters:
username
- is the name of the entry in the user directoryfetchReferences
- controls if the references (groups) of the user will be fetched
-
getPrincipalUsingCache
-
getUserModel
Description copied from interface:UserManager
Returns the document model representing user with given id or null if it does not exist.- Specified by:
getUserModel
in interfaceUserManager
-
getBareUserModel
Description copied from interface:UserManager
Returns a bare user model.Can be used for user creation/search screens.
- Specified by:
getBareUserModel
in interfaceUserManager
-
getGroup
Description copied from interface:UserManager
Returns the nuxeo group with given name or null if it does not exist.- Specified by:
getGroup
in interfaceUserManager
-
getGroup
-
getGroupModel
Description copied from interface:UserManager
Return the group document model with this id or null if group does not exist.- Specified by:
getGroupModel
in interfaceUserManager
- Parameters:
groupName
- the group identifier
-
makeGroup
-
getTopLevelGroups
Description copied from interface:UserManager
Returns the list of groups that are not members of other groups.- Specified by:
getTopLevelGroups
in interfaceUserManager
-
getGroupsInGroup
Description copied from interface:UserManager
Returns the list of groups that belong to this group.- Specified by:
getGroupsInGroup
in interfaceUserManager
- Parameters:
parentId
- the name of the parent group.
-
getUsersInGroup
Description copied from interface:UserManager
Returns the list of users that belong to this group.- Specified by:
getUsersInGroup
in interfaceUserManager
- Parameters:
groupId
- ID of the group
-
getUsersInGroupAndSubGroups
Description copied from interface:UserManager
Get users from a group and its subgroups.- Specified by:
getUsersInGroupAndSubGroups
in interfaceUserManager
- Parameters:
groupId
- ID of the group
-
appendSubgroups
-
isAnonymousMatching
-
isAnonymousMatching
-
searchPrincipals
- Specified by:
searchPrincipals
in interfaceUserManager
-
searchGroups
Description copied from interface:UserManager
Search matching groups through their defined search fields- Specified by:
searchGroups
in interfaceUserManager
-
getUserSortField
- Specified by:
getUserSortField
in interfaceUserManager
-
getUserSortMap
-
getUserOrderBy
-
getGroupSortMap
-
getGroupOrderBy
-
getDirectorySortMap
-
notifyCore
- Since:
- 8.2
-
notifyCore
- Since:
- 9.2
-
notifyRuntime
-
notifyUserChanged
Description copied from interface:UserManager
Notifies that the given user has changed with the given event:- At the runtime level so that the JaasCacheFlusher listener can make sure the principal cache is reset.
- At the core level, passing the
userName
as the"id"
property of the fired event.
- Specified by:
notifyUserChanged
in interfaceUserManager
-
invalidatePrincipal
-
notifyGroupChanged
Description copied from interface:UserManager
Notifies that the given group has changed with the given event:- At the runtime level so that the JaasCacheFlusher listener can make sure the principal cache is reset.
- At the core level, passing the
groupName
as the"id"
property of the fired event.
The
ancestorGroupNames
list must contain the ancestor groups of the given group. It can be computed by callingUserManager.getAncestorGroups(String)
. It will be passed as the"ancestorGroups"
property of the fired core event.- Specified by:
notifyGroupChanged
in interfaceUserManager
-
invalidateAllPrincipals
protected void invalidateAllPrincipals() -
areGroupsReadOnly
Description copied from interface:UserManager
Returns true is users referential is read only (ie : LDAP) -> can not add users -> can not delete users.- Specified by:
areGroupsReadOnly
in interfaceMultiTenantUserManager
- Specified by:
areGroupsReadOnly
in interfaceUserManager
-
areUsersReadOnly
Description copied from interface:UserManager
Returns true is groups referential is read only (ie : LDAP) -> can not add groups -> can not delete groups.- Specified by:
areUsersReadOnly
in interfaceMultiTenantUserManager
- Specified by:
areUsersReadOnly
in interfaceUserManager
-
checkGrouId
-
getGroupId
-
checkUserId
-
getUserId
-
createGroup
Description copied from interface:UserManager
Creates a group from given model- Specified by:
createGroup
in interfaceUserManager
- Returns:
- the created group model
-
createUser
Description copied from interface:UserManager
Creates user from given model.- Specified by:
createUser
in interfaceUserManager
-
deleteGroup
Description copied from interface:UserManager
Deletes group with given id.- Specified by:
deleteGroup
in interfaceUserManager
-
deleteGroup
Description copied from interface:UserManager
Deletes group represented by given model.- Specified by:
deleteGroup
in interfaceUserManager
-
deleteUser
Description copied from interface:UserManager
Deletes user with given id.- Specified by:
deleteUser
in interfaceUserManager
-
deleteUser
Description copied from interface:UserManager
Deletes user represented by given model.- Specified by:
deleteUser
in interfaceUserManager
-
getGroupIds
Description copied from interface:UserManager
Returns the list of all groups ids.- Specified by:
getGroupIds
in interfaceUserManager
-
getUserIds
Description copied from interface:UserManager
Returns the list of all user ids.- Specified by:
getUserIds
in interfaceUserManager
-
removeVirtualFilters
-
getQueryForPattern
protected QueryBuilder getQueryForPattern(String pattern, String dirName, Map<String, UserManager.MatchType> searchFields, OrderByExpr orderBy) -
searchGroups
Description copied from interface:UserManager
Returns groups matching given criteria.- Specified by:
searchGroups
in interfaceUserManager
- Parameters:
filter
- filter with field names as keysfulltext
- field names used for fulltext match
-
searchGroups
Description copied from interface:UserManager
Returns groups matching the given query.- Specified by:
searchGroups
in interfaceUserManager
- Parameters:
queryBuilder
- the query to use, including limit, offset, ordering and countTotal
-
searchUsers
Description copied from interface:UserManager
Returns users matching given patternPattern is used to fill a filter and fulltext map according to users search fields configuration. Search is performed on each of these fields (OR).
- Specified by:
searchUsers
in interfaceUserManager
-
searchUsers
Description copied from interface:UserManager
Returns users matching given criteria.- Specified by:
searchUsers
in interfaceUserManager
- Parameters:
filter
- filter with field names as keysfulltext
- field names used for fulltext match
-
searchUsers
Description copied from interface:UserManager
Returns users matching the given query.- Specified by:
searchUsers
in interfaceUserManager
- Parameters:
queryBuilder
- the query to use, including limit, offset, ordering and countTotal
-
updateGroup
Description copied from interface:UserManager
Updates group represented by given model.- Specified by:
updateGroup
in interfaceUserManager
-
updateUser
Description copied from interface:UserManager
Updates user represented by given model.- Specified by:
updateUser
in interfaceUserManager
-
getBareGroupModel
Description copied from interface:UserManager
Returns a bare group model.Can be used for group creation/search screens.
- Specified by:
getBareGroupModel
in interfaceUserManager
-
getAdministratorsGroups
Description copied from interface:UserManager
Returns the list of administrators groups.- Specified by:
getAdministratorsGroups
in interfaceAdministratorGroupsProvider
- Specified by:
getAdministratorsGroups
in interfaceUserManager
-
getLeafPermissions
-
getUsersForPermission
Description copied from interface:UserManager
For an ACP, get the list of user that has a permission. This method should be use with care as it can cause performance issues while getting the list of users.- Specified by:
getUsersForPermission
in interfaceUserManager
- Parameters:
perm
- the permissionacp
- The access control policy of the document- Returns:
- the list of user ids
-
authenticate
Description copied from interface:Authenticator
Get a principal object for the given username if the username / password pair is valid, otherwise returns null.This method is doing the authentication of the given username / password pair and returns the corresponding principal object if authentication succeeded otherwise returns null.
- Specified by:
authenticate
in interfaceAuthenticator
- Returns:
- the authenticated principal if authentication succeded otherwise null
-
searchUsers
public DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext, Map<String, String> orderBy, DocumentModel context) MULTI-TENANT-IMPLEMENTATION -
getUsersInGroup
Description copied from interface:MultiTenantUserManager
Returns the list of users that belong to this group into the given context- Specified by:
getUsersInGroup
in interfaceMultiTenantUserManager
- Parameters:
groupId
- ID of the group
-
searchUsers
Description copied from interface:MultiTenantUserManager
Returns users matching given pattern with the given context. if the Document Context have a directory local configuration, the service try to open the directory with directory suffix set into the local configurationPattern is used to fill a filter and fulltext map according to users search fields configuration. Search is performed on each of these fields (OR).
- Specified by:
searchUsers
in interfaceMultiTenantUserManager
-
searchUsers
Description copied from interface:MultiTenantUserManager
Returns users matching the given query, within the given context.- Specified by:
searchUsers
in interfaceMultiTenantUserManager
- Parameters:
queryBuilder
- the query to use, including limit, offset, ordering and countTotalcontext
- the context for the tenant, ornull
-
queryWithVirtualEntries
protected DocumentModelList queryWithVirtualEntries(Session session, QueryBuilder queryBuilder, List<DocumentModel> virtualEntries) Executes a query then adds virtual entries (already supposed to match the query). Then does limit/offset/order/countTotal.- Since:
- 10.3
-
searchUsers
public DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context) Description copied from interface:MultiTenantUserManager
Returns users matching given criteria and with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configuration- Specified by:
searchUsers
in interfaceMultiTenantUserManager
- Parameters:
filter
- filter with field names as keysfulltext
- field names used for fulltext match
-
getGroupIds
Description copied from interface:MultiTenantUserManager
Returns the list of all groups ids with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configuration- Specified by:
getGroupIds
in interfaceMultiTenantUserManager
-
searchGroups
public DocumentModelList searchGroups(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context) Description copied from interface:MultiTenantUserManager
Returns groups matching given criteria with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configuration- Specified by:
searchGroups
in interfaceMultiTenantUserManager
- Parameters:
filter
- filter with field names as keysfulltext
- field names used for fulltext match
-
searchGroups
Description copied from interface:MultiTenantUserManager
Returns groups matching the given query, within the given context.- Specified by:
searchGroups
in interfaceMultiTenantUserManager
- Parameters:
queryBuilder
- the query to use, including limit, offset, ordering and countTotalcontext
- the context for the tenant, ornull
-
createGroup
public DocumentModel createGroup(DocumentModel groupModel, DocumentModel context) throws GroupAlreadyExistsException Description copied from interface:MultiTenantUserManager
Creates a group from given model with the given context. If the Document Context have a directory local configuration, the service will append at the end of the groupname the directory suffix set into the local configuration of the context document.- Specified by:
createGroup
in interfaceMultiTenantUserManager
- Returns:
- the created group model
- Throws:
GroupAlreadyExistsException
-
getGroupModel
Description copied from interface:MultiTenantUserManager
Return the group document model with this id concatenated with the directory local config (if not null) or null if group does not exist.- Specified by:
getGroupModel
in interfaceMultiTenantUserManager
- Parameters:
groupIdValue
- the group identifier
-
getUserModel
Description copied from interface:MultiTenantUserManager
Returns the document model representing user with given id or null if it does not exist into the given context document. The context document must be contained into the tenant.- Specified by:
getUserModel
in interfaceMultiTenantUserManager
-
getUserModel
protected DocumentModel getUserModel(String userName, DocumentModel context, boolean fetchReferences) -
cloneMap
-
cloneSet
-
getPrincipal
Description copied from interface:MultiTenantUserManager
Retrieves the principal with the given username or null if it does not exist into the given context document. The context document must be contained into the tenantCan build principals for anonymous and virtual users as well as for users defined in the users directory.
- Specified by:
getPrincipal
in interfaceMultiTenantUserManager
-
getPrincipal
protected NuxeoPrincipal getPrincipal(String username, DocumentModel context, boolean fetchReferences) -
searchGroups
Description copied from interface:MultiTenantUserManager
Search matching groups through their defined search fields into the given context document. The context document must be contained into the tenant.- Specified by:
searchGroups
in interfaceMultiTenantUserManager
-
getUserIds
Description copied from interface:MultiTenantUserManager
Returns the list of all user ids into the given context document. The context document must be contained into the tenant.- Specified by:
getUserIds
in interfaceMultiTenantUserManager
-
createUser
public DocumentModel createUser(DocumentModel userModel, DocumentModel context) throws UserAlreadyExistsException Description copied from interface:MultiTenantUserManager
Creates user from given model into the given context document. The context document must be contained into the tenant.- Specified by:
createUser
in interfaceMultiTenantUserManager
- Throws:
UserAlreadyExistsException
-
checkGroupsExistence
-
checkPasswordValidity
- Throws:
InvalidPasswordException
-
updateUser
Description copied from interface:MultiTenantUserManager
Updates user represented by given model into the given context document. The context document must be contained into the tenant.- Specified by:
updateUser
in interfaceMultiTenantUserManager
-
useSearchEscapeCompat
protected boolean useSearchEscapeCompat() -
deleteUser
Description copied from interface:MultiTenantUserManager
Deletes user represented by given model into the given context document. The context document must be contained into the tenant.- Specified by:
deleteUser
in interfaceMultiTenantUserManager
-
deleteUser
Description copied from interface:MultiTenantUserManager
Deletes user with given id into the given context document. The context document must be contained into the tenant.- Specified by:
deleteUser
in interfaceMultiTenantUserManager
-
updateGroup
Description copied from interface:MultiTenantUserManager
Updates group represented by given model with the given context. If the Document Context have a directory local configuration, the service will append at the end of the groupname the directory suffix set into the local configuration of the context document.- Specified by:
updateGroup
in interfaceMultiTenantUserManager
-
deleteGroup
Description copied from interface:MultiTenantUserManager
Deletes group represented by given model with the given context. If the Document Context have a directory local configuration, the service will append at the end of the groupname the directory suffix set into the local configuration of the context document.- Specified by:
deleteGroup
in interfaceMultiTenantUserManager
-
deleteGroup
Description copied from interface:MultiTenantUserManager
Deletes group with given id with the given context. If the Document Context have a directory local configuration, the service will append at the end of the groupname the directory suffix set into the local configuration of the context document.- Specified by:
deleteGroup
in interfaceMultiTenantUserManager
-
getGroupsInGroup
Description copied from interface:MultiTenantUserManager
Returns the list of groups that belong to this group with the given context. If the Document Context have a directory local configuration, the service will append at the end of the groupname the directory suffix set into the local configuration of the context document.- Specified by:
getGroupsInGroup
in interfaceMultiTenantUserManager
- Parameters:
parentId
- the name of the parent group.
-
getTopLevelGroups
Description copied from interface:MultiTenantUserManager
Returns the list of groups that are not members of other groups with the given context.- Specified by:
getTopLevelGroups
in interfaceMultiTenantUserManager
-
getUsersInGroupAndSubGroups
Description copied from interface:MultiTenantUserManager
Get users from a group and its subgroups into the given context- Specified by:
getUsersInGroupAndSubGroups
in interfaceMultiTenantUserManager
- Parameters:
groupId
- ID of the group
-
getUsersForPermission
Description copied from interface:MultiTenantUserManager
For an ACP, get the list of user that has a permission into the given context. This method should be use with care as it can cause performance issues while getting the list of users.- Specified by:
getUsersForPermission
in interfaceMultiTenantUserManager
- Parameters:
perm
- the permissionacp
- The access control policy of the document- Returns:
- the list of user ids
-
getAncestorGroups
Description copied from interface:UserManager
Returns the ancestor groups of the group with the given id.- Specified by:
getAncestorGroups
in interfaceUserManager
-
populateAncestorGroups
-
getDescendantGroups
Description copied from interface:UserManager
Returns the descendant groups of the group with the given id.- Specified by:
getDescendantGroups
in interfaceUserManager
-
populateDescendantGroups
-
getGroupConfig
Description copied from interface:UserManager
Returns the contributedGroupConfig
.- Specified by:
getGroupConfig
in interfaceUserManager
-
handleEvent
Description copied from interface:EventListener
An event was received.- Specified by:
handleEvent
in interfaceEventListener
-