Class UserManagerImpl
java.lang.Object
org.nuxeo.ecm.platform.usermanager.UserManagerImpl
- All Implemented Interfaces:
Serializable,AdministratorGroupsProvider,MultiTenantUserManager,UserManager,Authenticator,EventListener
- Direct Known Subclasses:
UserManagerWithComputedGroups
public class UserManagerImpl
extends Object
implements UserManager, MultiTenantUserManager, AdministratorGroupsProvider
Standard implementation of the Nuxeo UserManager.
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.nuxeo.ecm.platform.usermanager.UserManager
UserManager.MatchType -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringKey for the ancestor group names of a group in a core event context.protected VirtualUserprotected final CacheServicestatic final Stringprotected Stringprotected Stringprotected Stringprotected final DirectoryServiceprotected Booleanstatic final StringUsed by JaasCacheFlusher.protected GroupConfigstatic final Stringstatic final Stringprotected Stringprotected Stringprotected Stringprotected Stringprotected Stringstatic final Stringprotected Stringprotected Stringprotected Map<String,UserManager.MatchType> protected Stringprotected Stringstatic final StringKey for the id of a user or a group in a core event context.static final Stringstatic final Stringprotected Cacheprotected static final Stringstatic final StringPossible value for theDocumentEventContext.CATEGORY_PROPERTY_KEYkey of a core event context.static final Stringstatic final StringUsed by JaasCacheFlusher.protected UserConfigA structure used to inject field name configuration of users schema into a NuxeoPrincipalImpl instance.static final Stringstatic final Stringprotected Stringprotected Stringprotected Stringprotected Stringstatic final Stringstatic final Stringprotected Patternprotected Stringprotected Map<String,UserManager.MatchType> protected Stringstatic final Stringprotected final Map<String,VirtualUserDescriptor> -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidappendSubgroups(String groupId, Set<String> groups, DocumentModel context) Returns true is users referential is read only (ie : LDAP) -> can not add users -> can not delete users.Returns true is groups referential is read only (ie : LDAP) -> can not add groups -> can not delete groups.authenticate(String name, String password) Get a principal object for the given username if the username / password pair is valid, otherwise returns null.protected voidcheckGrouId(DocumentModel groupModel) protected voidcheckGroupsExistence(DocumentModel userModel, String schema, DocumentModel context) protected voidcheckPasswordValidity(DocumentModel userModel) protected voidcheckUserId(DocumentModel userModel) booleancheckUsernamePassword(String username, String password) Check the password for the given username.protected Map<String,Serializable> cloneMap(Map<String, Serializable> map) createGroup(DocumentModel groupModel) Creates a group from given modelcreateGroup(DocumentModel groupModel, DocumentModel context) Creates a group from given model with the given context.createUser(DocumentModel userModel) Creates user from given model.createUser(DocumentModel userModel, DocumentModel context) Creates user from given model into the given context document.voiddeleteGroup(String groupId) Deletes group with given id.voiddeleteGroup(String groupId, DocumentModel context) Deletes group with given id with the given context.voiddeleteGroup(DocumentModel groupModel) Deletes group represented by given model.voiddeleteGroup(DocumentModel groupModel, DocumentModel context) Deletes group represented by given model with the given context.voiddeleteUser(String userId) Deletes user with given id.voiddeleteUser(String userId, DocumentModel context) Deletes user with given id into the given context document.voiddeleteUser(DocumentModel userModel) Deletes user represented by given model.voiddeleteUser(DocumentModel userModel, DocumentModel context) Deletes user represented by given model into the given context document.static StringencodeDigestAuthPassword(String username, String realm, String password) Returns the list of administrators groups.getAncestorGroups(String groupId) Returns the ancestor groups of the group with the given id.Gets the anonymous user id.Returns a bare group model.Returns a bare user model.getDescendantGroups(String groupId) Returns the descendant groups of the group with the given id.Gets the Digest Auth directory.protected DocumentModelGets the Digest Auth realm.getDirectorySortMap(String descriptorSortField, String fallBackField) Returns the nuxeo group with given name or null if it does not exist.protected NuxeoGroupgetGroup(String groupName, DocumentModel context) Returns the contributedGroupConfig.Gets the group directory name.protected StringgetGroupId(DocumentModel groupModel) Returns the group directory id field.Returns the list of all groups ids.getGroupIds(DocumentModel context) Returns the list of all groups ids with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configurationReturns the group label field.Gets the group members field.getGroupModel(String groupName) Return the group document model with this id or null if group does not exist.getGroupModel(String groupIdValue, DocumentModel context) Return the group document model with this id concatenated with the directory local config (if not null) or null if group does not exist.protected OrderByExprGets the group parent-groups field.Returns the group directory schema name.Gets the group search fields.getGroupsInGroup(String parentId) Returns the list of groups that belong to this group.getGroupsInGroup(String parentId, DocumentModel context) Returns the list of groups that belong to this group with the given context.Gets the group sub-groups field.getLeafPermissions(String perm) getPrincipal(String username, boolean fetchReferences) Retrieves the principal with the given username or null if it does not exist.getPrincipal(String username, DocumentModel context) Retrieves the principal with the given username or null if it does not exist into the given context document.protected NuxeoPrincipalgetPrincipal(String username, DocumentModel context, boolean fetchReferences) protected NuxeoPrincipalgetPrincipalUsingCache(String username) protected QueryBuildergetQueryForPattern(String pattern, String dirName, Map<String, UserManager.MatchType> searchFields, OrderByExpr orderBy) Returns the list of groups that are not members of other groups.getTopLevelGroups(DocumentModel context) Returns the list of groups that are not members of other groups with the given context.Gets the user directory name.Gets the user email field.protected StringgetUserId(DocumentModel userModel) Returns the user directory id field.Returns the list of all user ids.getUserIds(DocumentModel context) Returns the list of all user ids into the given context document.getUserModel(String userName) Returns the document model representing user with given id or null if it does not exist.getUserModel(String userName, DocumentModel context) Returns the document model representing user with given id or null if it does not exist into the given context document.protected DocumentModelgetUserModel(String userName, DocumentModel context, boolean fetchReferences) protected OrderByExprReturns the user directory schema name.Gets the user search fields, the fields to use when a principal search is done.String[]getUsersForPermission(String perm, ACP acp) For an ACP, get the list of user that has a permission.String[]getUsersForPermission(String perm, ACP acp, DocumentModel context) For an ACP, get the list of user that has a permission into the given context.getUsersInGroup(String groupId) Returns the list of users that belong to this group.getUsersInGroup(String groupId, DocumentModel context) Returns the list of users that belong to this group into the given contextgetUsersInGroupAndSubGroups(String groupId) Get users from a group and its subgroups.getUsersInGroupAndSubGroups(String groupId, DocumentModel context) Get users from a group and its subgroups into the given contextvoidhandleEvent(Event event) An event was received.protected voidprotected voidinvalidatePrincipal(String userName) protected booleanisAnonymousMatching(Map<String, Serializable> filter, Set<String> fulltext) protected booleanisAnonymousMatching(QueryBuilder queryBuilder, Directory dir) protected NuxeoPrincipalprotected NuxeoGroupmakeGroup(DocumentModel groupEntry) protected NuxeoPrincipalmakePrincipal(DocumentModel userEntry) protected NuxeoPrincipalmakePrincipal(DocumentModel userEntry, boolean anonymous, boolean isTransient, List<String> groups) protected NuxeoPrincipalmakePrincipal(DocumentModel userEntry, boolean anonymous, List<String> groups) protected NuxeoPrincipalmakeTransientPrincipal(String username) protected NuxeoPrincipalprotected DocumentModelmakeVirtualUserEntry(String id, VirtualUser user) protected voidnotifyCore(String userOrGroupId, String eventId) protected voidnotifyCore(String userOrGroupId, String eventId, List<String> ancestorGroupIds) voidnotifyGroupChanged(String groupName, String eventId, List<String> ancestorGroupNames) Notifies that the given group has changed with the given event: At the runtime level so that the JaasCacheFlusher listener can make sure the principal cache is reset. At the core level, passing thegroupNameas the"id"property of the fired event.protected voidnotifyRuntime(String userOrGroupName, String eventId) voidnotifyUserChanged(String userName, String eventId) Notifies that the given user has changed with the given event: At the runtime level so that the JaasCacheFlusher listener can make sure the principal cache is reset. At the core level, passing theuserNameas the"id"property of the fired event.protected voidpopulateAncestorGroups(String groupId, List<String> ancestorGroups) protected voidpopulateDescendantGroups(String groupId, List<String> descendantGroups) protected DocumentModelListqueryWithVirtualEntries(Session session, QueryBuilder queryBuilder, List<DocumentModel> virtualEntries) Executes a query then adds virtual entries (already supposed to match the query).protected voidremoveVirtualFilters(Map<String, Serializable> filter) searchGroups(String pattern) Search matching groups through their defined search fieldssearchGroups(String pattern, DocumentModel context) Search matching groups through their defined search fields into the given context document.searchGroups(Map<String, Serializable> filter, Set<String> fulltext) Returns groups matching given criteria.searchGroups(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context) Returns groups matching given criteria with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configurationsearchGroups(QueryBuilder queryBuilder) Returns groups matching the given query.searchGroups(QueryBuilder queryBuilder, DocumentModel context) Returns groups matching the given query, within the given context.searchPrincipals(String pattern) searchUsers(String pattern) Returns users matching given patternsearchUsers(String pattern, DocumentModel context) Returns users matching given pattern with the given context. if the Document Context have a directory local configuration, the service try to open the directory with directory suffix set into the local configurationsearchUsers(Map<String, Serializable> filter, Set<String> fulltext) Returns users matching given criteria.searchUsers(Map<String, Serializable> filter, Set<String> fulltext, Map<String, String> orderBy, DocumentModel context) MULTI-TENANT-IMPLEMENTATIONsearchUsers(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context) Returns users matching given criteria and with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configurationsearchUsers(QueryBuilder queryBuilder) Returns users matching the given query.searchUsers(QueryBuilder queryBuilder, DocumentModel context) Returns users matching the given query, within the given context.voidsetConfiguration(UserManagerDescriptor descriptor) Sets the given configuration on the service.protected voidsetGroupDirectoryName(String groupDirectoryName) protected voidsetUserDirectoryName(String userDirectoryName) protected voidsetVirtualUsers(Map<String, VirtualUserDescriptor> virtualUsers) protected voidsyncDigestAuthPassword(String username, String password) voidupdateGroup(DocumentModel groupModel) Updates group represented by given model.voidupdateGroup(DocumentModel groupModel, DocumentModel context) Updates group represented by given model with the given context.voidupdateUser(DocumentModel userModel) Updates user represented by given model.voidupdateUser(DocumentModel userModel, DocumentModel context) Updates user represented by given model into the given context document.protected booleanuseCache()protected booleanbooleanvalidatePassword(String password) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.nuxeo.ecm.platform.usermanager.UserManager
getPrincipal, notifyGroupChanged
-
Field Details
-
SEARCH_ESCAPE_COMPAT_PARAM
- Since:
- 11.1
- See Also:
-
USERMANAGER_TOPIC
- See Also:
-
USERCHANGED_EVENT_ID
Used by JaasCacheFlusher.- See Also:
-
USERCREATED_EVENT_ID
- See Also:
-
USERDELETED_EVENT_ID
- See Also:
-
USERMODIFIED_EVENT_ID
- See Also:
-
GROUPCHANGED_EVENT_ID
Used by JaasCacheFlusher.- See Also:
-
GROUPCREATED_EVENT_ID
- See Also:
-
GROUPDELETED_EVENT_ID
- See Also:
-
GROUPMODIFIED_EVENT_ID
- See Also:
-
DEFAULT_ANONYMOUS_USER_ID
- See Also:
-
VIRTUAL_FIELD_FILTER_PREFIX
- See Also:
-
INVALIDATE_PRINCIPAL_EVENT_ID
- See Also:
-
INVALIDATE_ALL_PRINCIPALS_EVENT_ID
- See Also:
-
USER_GROUP_CATEGORY
Possible value for theDocumentEventContext.CATEGORY_PROPERTY_KEYkey of a core event context.- Since:
- 9.2
- See Also:
-
ID_PROPERTY_KEY
Key for the id of a user or a group in a core event context.- Since:
- 9.2
- See Also:
-
ANCESTOR_GROUPS_PROPERTY_KEY
Key for the ancestor group names of a group in a core event context.- Since:
- 9.2
- See Also:
-
USER_HAS_PARTIAL_CONTENT
- Since:
- 11.4
- See Also:
-
dirService
-
cacheService
-
principalCache
-
multiTenantManagement
-
userConfig
A structure used to inject field name configuration of users schema into a NuxeoPrincipalImpl instance. TODO not all fields inside are configurable for now - they will use default values -
groupConfig
- Since:
- 9.3
-
userDirectoryName
-
userSchemaName
-
userIdField
-
userEmailField
-
userSearchFields
-
groupDirectoryName
-
groupSchemaName
-
groupIdField
-
groupLabelField
-
groupMembersField
-
groupSubGroupsField
-
groupParentGroupsField
-
groupSortField
-
groupSearchFields
-
defaultGroup
-
administratorIds
-
administratorGroups
-
disableDefaultAdministratorsGroup
-
userSortField
-
userListingMode
-
groupListingMode
-
userPasswordPattern
-
anonymousUser
-
digestAuthDirectory
-
digestAuthRealm
-
virtualUsers
-
-
Constructor Details
-
UserManagerImpl
public UserManagerImpl()
-
-
Method Details
-
setConfiguration
Description copied from interface:UserManagerSets the given configuration on the service.- Specified by:
setConfigurationin interfaceUserManager- Parameters:
descriptor- the descriptor as parsed from xml, merged from the previous one if it exists.
-
setUserDirectoryName
-
getUserDirectoryName
Description copied from interface:UserManagerGets the user directory name.- Specified by:
getUserDirectoryNamein interfaceUserManager- Returns:
- the user directory name.
-
getUserIdField
Description copied from interface:UserManagerReturns the user directory id field.- Specified by:
getUserIdFieldin interfaceUserManager
-
getUserSchemaName
Description copied from interface:UserManagerReturns the user directory schema name.- Specified by:
getUserSchemaNamein interfaceUserManager
-
getUserEmailField
Description copied from interface:UserManagerGets the user email field.- Specified by:
getUserEmailFieldin interfaceUserManager- Returns:
- the user email field.
-
getUserSearchFields
Description copied from interface:UserManagerGets the user search fields, the fields to use when a principal search is done.- Specified by:
getUserSearchFieldsin interfaceUserManager- Returns:
- the search fields.
-
getGroupSearchFields
Description copied from interface:UserManagerGets the group search fields.- Specified by:
getGroupSearchFieldsin interfaceUserManager
-
setGroupDirectoryName
-
getGroupDirectoryName
Description copied from interface:UserManagerGets the group directory name.- Specified by:
getGroupDirectoryNamein interfaceUserManager- Returns:
- the group directory name.
-
getGroupIdField
Description copied from interface:UserManagerReturns the group directory id field.- Specified by:
getGroupIdFieldin interfaceUserManager
-
getGroupLabelField
Description copied from interface:UserManagerReturns the group label field.- Specified by:
getGroupLabelFieldin interfaceUserManager
-
getGroupSchemaName
Description copied from interface:UserManagerReturns the group directory schema name.- Specified by:
getGroupSchemaNamein interfaceUserManager
-
getGroupMembersField
Description copied from interface:UserManagerGets the group members field.- Specified by:
getGroupMembersFieldin interfaceUserManager- Returns:
- the group members field.
-
getGroupSubGroupsField
Description copied from interface:UserManagerGets the group sub-groups field.- Specified by:
getGroupSubGroupsFieldin interfaceUserManager- Returns:
- the sub-groups field.
-
getGroupParentGroupsField
Description copied from interface:UserManagerGets the group parent-groups field.- Specified by:
getGroupParentGroupsFieldin interfaceUserManager- Returns:
- the parent-groups field.
-
getUserListingMode
- Specified by:
getUserListingModein interfaceUserManager
-
getGroupListingMode
- Specified by:
getGroupListingModein interfaceUserManager
-
getDefaultGroup
- Specified by:
getDefaultGroupin interfaceUserManager
-
getUserPasswordPattern
- Specified by:
getUserPasswordPatternin interfaceUserManager
-
getAnonymousUserId
Description copied from interface:UserManagerGets the anonymous user id.- Specified by:
getAnonymousUserIdin interfaceUserManager- Returns:
- the anonymous user id, or the default one if none is defined.
-
setVirtualUsers
-
checkUsernamePassword
Description copied from interface:AuthenticatorCheck the password for the given username. Returns true if the username / password pair match, false otherwise.- Specified by:
checkUsernamePasswordin interfaceAuthenticator- Specified by:
checkUsernamePasswordin interfaceUserManager- Parameters:
username- the usernamepassword- the password to check- Returns:
- true is valid, false otherwise
-
syncDigestAuthPassword
-
getDigestAuthModel
-
encodeDigestAuthPassword
-
getDigestAuthDirectory
Description copied from interface:UserManagerGets the Digest Auth directory.- Specified by:
getDigestAuthDirectoryin interfaceUserManager
-
getDigestAuthRealm
Description copied from interface:UserManagerGets the Digest Auth realm.- Specified by:
getDigestAuthRealmin interfaceUserManager
-
validatePassword
- Specified by:
validatePasswordin interfaceUserManager
-
makeAnonymousPrincipal
-
makeVirtualPrincipal
-
makeTransientPrincipal
-
makeVirtualUserEntry
-
makePrincipal
-
makePrincipal
protected NuxeoPrincipal makePrincipal(DocumentModel userEntry, boolean anonymous, List<String> groups) -
makePrincipal
protected NuxeoPrincipal makePrincipal(DocumentModel userEntry, boolean anonymous, boolean isTransient, List<String> groups) -
useCache
protected boolean useCache() -
getPrincipal
Description copied from interface:UserManagerRetrieves the principal with the given username or null if it does not exist.Can build principals for anonymous and virtual users as well as for users defined in the users directory.
- Specified by:
getPrincipalin interfaceUserManager- Parameters:
username- is the name of the entry in the user directoryfetchReferences- controls if the references (groups) of the user will be fetched
-
getPrincipalUsingCache
-
getUserModel
Description copied from interface:UserManagerReturns the document model representing user with given id or null if it does not exist.- Specified by:
getUserModelin interfaceUserManager
-
getBareUserModel
Description copied from interface:UserManagerReturns a bare user model.Can be used for user creation/search screens.
- Specified by:
getBareUserModelin interfaceUserManager
-
getGroup
Description copied from interface:UserManagerReturns the nuxeo group with given name or null if it does not exist.- Specified by:
getGroupin interfaceUserManager
-
getGroup
-
getGroupModel
Description copied from interface:UserManagerReturn the group document model with this id or null if group does not exist.- Specified by:
getGroupModelin interfaceUserManager- Parameters:
groupName- the group identifier
-
makeGroup
-
getTopLevelGroups
Description copied from interface:UserManagerReturns the list of groups that are not members of other groups.- Specified by:
getTopLevelGroupsin interfaceUserManager
-
getGroupsInGroup
Description copied from interface:UserManagerReturns the list of groups that belong to this group.- Specified by:
getGroupsInGroupin interfaceUserManager- Parameters:
parentId- the name of the parent group.
-
getUsersInGroup
Description copied from interface:UserManagerReturns the list of users that belong to this group.- Specified by:
getUsersInGroupin interfaceUserManager- Parameters:
groupId- ID of the group
-
getUsersInGroupAndSubGroups
Description copied from interface:UserManagerGet users from a group and its subgroups.- Specified by:
getUsersInGroupAndSubGroupsin interfaceUserManager- Parameters:
groupId- ID of the group
-
appendSubgroups
-
isAnonymousMatching
-
isAnonymousMatching
-
searchPrincipals
- Specified by:
searchPrincipalsin interfaceUserManager
-
searchGroups
Description copied from interface:UserManagerSearch matching groups through their defined search fields- Specified by:
searchGroupsin interfaceUserManager
-
getUserSortField
- Specified by:
getUserSortFieldin interfaceUserManager
-
getUserSortMap
-
getUserOrderBy
-
getGroupSortMap
-
getGroupOrderBy
-
getDirectorySortMap
-
notifyCore
- Since:
- 8.2
-
notifyCore
- Since:
- 9.2
-
notifyRuntime
-
notifyUserChanged
Description copied from interface:UserManagerNotifies that the given user has changed with the given event:- At the runtime level so that the JaasCacheFlusher listener can make sure the principal cache is reset.
- At the core level, passing the
userNameas the"id"property of the fired event.
- Specified by:
notifyUserChangedin interfaceUserManager
-
invalidatePrincipal
-
notifyGroupChanged
Description copied from interface:UserManagerNotifies that the given group has changed with the given event:- At the runtime level so that the JaasCacheFlusher listener can make sure the principal cache is reset.
- At the core level, passing the
groupNameas the"id"property of the fired event.
The
ancestorGroupNameslist must contain the ancestor groups of the given group. It can be computed by callingUserManager.getAncestorGroups(String). It will be passed as the"ancestorGroups"property of the fired core event.- Specified by:
notifyGroupChangedin interfaceUserManager
-
invalidateAllPrincipals
protected void invalidateAllPrincipals() -
areGroupsReadOnly
Description copied from interface:UserManagerReturns true is users referential is read only (ie : LDAP) -> can not add users -> can not delete users.- Specified by:
areGroupsReadOnlyin interfaceMultiTenantUserManager- Specified by:
areGroupsReadOnlyin interfaceUserManager
-
areUsersReadOnly
Description copied from interface:UserManagerReturns true is groups referential is read only (ie : LDAP) -> can not add groups -> can not delete groups.- Specified by:
areUsersReadOnlyin interfaceMultiTenantUserManager- Specified by:
areUsersReadOnlyin interfaceUserManager
-
checkGrouId
-
getGroupId
-
checkUserId
-
getUserId
-
createGroup
Description copied from interface:UserManagerCreates a group from given model- Specified by:
createGroupin interfaceUserManager- Returns:
- the created group model
-
createUser
Description copied from interface:UserManagerCreates user from given model.- Specified by:
createUserin interfaceUserManager
-
deleteGroup
Description copied from interface:UserManagerDeletes group with given id.- Specified by:
deleteGroupin interfaceUserManager
-
deleteGroup
Description copied from interface:UserManagerDeletes group represented by given model.- Specified by:
deleteGroupin interfaceUserManager
-
deleteUser
Description copied from interface:UserManagerDeletes user with given id.- Specified by:
deleteUserin interfaceUserManager
-
deleteUser
Description copied from interface:UserManagerDeletes user represented by given model.- Specified by:
deleteUserin interfaceUserManager
-
getGroupIds
Description copied from interface:UserManagerReturns the list of all groups ids.- Specified by:
getGroupIdsin interfaceUserManager
-
getUserIds
Description copied from interface:UserManagerReturns the list of all user ids.- Specified by:
getUserIdsin interfaceUserManager
-
removeVirtualFilters
-
getQueryForPattern
protected QueryBuilder getQueryForPattern(String pattern, String dirName, Map<String, UserManager.MatchType> searchFields, OrderByExpr orderBy) -
searchGroups
Description copied from interface:UserManagerReturns groups matching given criteria.- Specified by:
searchGroupsin interfaceUserManager- Parameters:
filter- filter with field names as keysfulltext- field names used for fulltext match
-
searchGroups
Description copied from interface:UserManagerReturns groups matching the given query.- Specified by:
searchGroupsin interfaceUserManager- Parameters:
queryBuilder- the query to use, including limit, offset, ordering and countTotal
-
searchUsers
Description copied from interface:UserManagerReturns users matching given patternPattern is used to fill a filter and fulltext map according to users search fields configuration. Search is performed on each of these fields (OR).
- Specified by:
searchUsersin interfaceUserManager
-
searchUsers
Description copied from interface:UserManagerReturns users matching given criteria.- Specified by:
searchUsersin interfaceUserManager- Parameters:
filter- filter with field names as keysfulltext- field names used for fulltext match
-
searchUsers
Description copied from interface:UserManagerReturns users matching the given query.- Specified by:
searchUsersin interfaceUserManager- Parameters:
queryBuilder- the query to use, including limit, offset, ordering and countTotal
-
updateGroup
Description copied from interface:UserManagerUpdates group represented by given model.- Specified by:
updateGroupin interfaceUserManager
-
updateUser
Description copied from interface:UserManagerUpdates user represented by given model.- Specified by:
updateUserin interfaceUserManager
-
getBareGroupModel
Description copied from interface:UserManagerReturns a bare group model.Can be used for group creation/search screens.
- Specified by:
getBareGroupModelin interfaceUserManager
-
getAdministratorsGroups
Description copied from interface:UserManagerReturns the list of administrators groups.- Specified by:
getAdministratorsGroupsin interfaceAdministratorGroupsProvider- Specified by:
getAdministratorsGroupsin interfaceUserManager
-
getLeafPermissions
-
getUsersForPermission
Description copied from interface:UserManagerFor an ACP, get the list of user that has a permission. This method should be use with care as it can cause performance issues while getting the list of users.- Specified by:
getUsersForPermissionin interfaceUserManager- Parameters:
perm- the permissionacp- The access control policy of the document- Returns:
- the list of user ids
-
authenticate
Description copied from interface:AuthenticatorGet a principal object for the given username if the username / password pair is valid, otherwise returns null.This method is doing the authentication of the given username / password pair and returns the corresponding principal object if authentication succeeded otherwise returns null.
- Specified by:
authenticatein interfaceAuthenticator- Returns:
- the authenticated principal if authentication succeded otherwise null
-
searchUsers
public DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext, Map<String, String> orderBy, DocumentModel context) MULTI-TENANT-IMPLEMENTATION -
getUsersInGroup
Description copied from interface:MultiTenantUserManagerReturns the list of users that belong to this group into the given context- Specified by:
getUsersInGroupin interfaceMultiTenantUserManager- Parameters:
groupId- ID of the group
-
searchUsers
Description copied from interface:MultiTenantUserManagerReturns users matching given pattern with the given context. if the Document Context have a directory local configuration, the service try to open the directory with directory suffix set into the local configurationPattern is used to fill a filter and fulltext map according to users search fields configuration. Search is performed on each of these fields (OR).
- Specified by:
searchUsersin interfaceMultiTenantUserManager
-
searchUsers
Description copied from interface:MultiTenantUserManagerReturns users matching the given query, within the given context.- Specified by:
searchUsersin interfaceMultiTenantUserManager- Parameters:
queryBuilder- the query to use, including limit, offset, ordering and countTotalcontext- the context for the tenant, ornull
-
queryWithVirtualEntries
protected DocumentModelList queryWithVirtualEntries(Session session, QueryBuilder queryBuilder, List<DocumentModel> virtualEntries) Executes a query then adds virtual entries (already supposed to match the query). Then does limit/offset/order/countTotal.- Since:
- 10.3
-
searchUsers
public DocumentModelList searchUsers(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context) Description copied from interface:MultiTenantUserManagerReturns users matching given criteria and with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configuration- Specified by:
searchUsersin interfaceMultiTenantUserManager- Parameters:
filter- filter with field names as keysfulltext- field names used for fulltext match
-
getGroupIds
Description copied from interface:MultiTenantUserManagerReturns the list of all groups ids with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configuration- Specified by:
getGroupIdsin interfaceMultiTenantUserManager
-
searchGroups
public DocumentModelList searchGroups(Map<String, Serializable> filter, Set<String> fulltext, DocumentModel context) Description copied from interface:MultiTenantUserManagerReturns groups matching given criteria with the given context. if the Document Context have a directory local configuration, the service try to open the user directory with directory suffix set into the local configuration- Specified by:
searchGroupsin interfaceMultiTenantUserManager- Parameters:
filter- filter with field names as keysfulltext- field names used for fulltext match
-
searchGroups
Description copied from interface:MultiTenantUserManagerReturns groups matching the given query, within the given context.- Specified by:
searchGroupsin interfaceMultiTenantUserManager- Parameters:
queryBuilder- the query to use, including limit, offset, ordering and countTotalcontext- the context for the tenant, ornull
-
createGroup
public DocumentModel createGroup(DocumentModel groupModel, DocumentModel context) throws GroupAlreadyExistsException Description copied from interface:MultiTenantUserManagerCreates a group from given model with the given context. If the Document Context have a directory local configuration, the service will append at the end of the groupname the directory suffix set into the local configuration of the context document.- Specified by:
createGroupin interfaceMultiTenantUserManager- Returns:
- the created group model
- Throws:
GroupAlreadyExistsException
-
getGroupModel
Description copied from interface:MultiTenantUserManagerReturn the group document model with this id concatenated with the directory local config (if not null) or null if group does not exist.- Specified by:
getGroupModelin interfaceMultiTenantUserManager- Parameters:
groupIdValue- the group identifier
-
getUserModel
Description copied from interface:MultiTenantUserManagerReturns the document model representing user with given id or null if it does not exist into the given context document. The context document must be contained into the tenant.- Specified by:
getUserModelin interfaceMultiTenantUserManager
-
getUserModel
protected DocumentModel getUserModel(String userName, DocumentModel context, boolean fetchReferences) -
cloneMap
-
cloneSet
-
getPrincipal
Description copied from interface:MultiTenantUserManagerRetrieves the principal with the given username or null if it does not exist into the given context document. The context document must be contained into the tenantCan build principals for anonymous and virtual users as well as for users defined in the users directory.
- Specified by:
getPrincipalin interfaceMultiTenantUserManager
-
getPrincipal
protected NuxeoPrincipal getPrincipal(String username, DocumentModel context, boolean fetchReferences) -
searchGroups
Description copied from interface:MultiTenantUserManagerSearch matching groups through their defined search fields into the given context document. The context document must be contained into the tenant.- Specified by:
searchGroupsin interfaceMultiTenantUserManager
-
getUserIds
Description copied from interface:MultiTenantUserManagerReturns the list of all user ids into the given context document. The context document must be contained into the tenant.- Specified by:
getUserIdsin interfaceMultiTenantUserManager
-
createUser
public DocumentModel createUser(DocumentModel userModel, DocumentModel context) throws UserAlreadyExistsException Description copied from interface:MultiTenantUserManagerCreates user from given model into the given context document. The context document must be contained into the tenant.- Specified by:
createUserin interfaceMultiTenantUserManager- Throws:
UserAlreadyExistsException
-
checkGroupsExistence
-
checkPasswordValidity
- Throws:
InvalidPasswordException
-
updateUser
Description copied from interface:MultiTenantUserManagerUpdates user represented by given model into the given context document. The context document must be contained into the tenant.- Specified by:
updateUserin interfaceMultiTenantUserManager
-
useSearchEscapeCompat
protected boolean useSearchEscapeCompat() -
deleteUser
Description copied from interface:MultiTenantUserManagerDeletes user represented by given model into the given context document. The context document must be contained into the tenant.- Specified by:
deleteUserin interfaceMultiTenantUserManager
-
deleteUser
Description copied from interface:MultiTenantUserManagerDeletes user with given id into the given context document. The context document must be contained into the tenant.- Specified by:
deleteUserin interfaceMultiTenantUserManager
-
updateGroup
Description copied from interface:MultiTenantUserManagerUpdates group represented by given model with the given context. If the Document Context have a directory local configuration, the service will append at the end of the groupname the directory suffix set into the local configuration of the context document.- Specified by:
updateGroupin interfaceMultiTenantUserManager
-
deleteGroup
Description copied from interface:MultiTenantUserManagerDeletes group represented by given model with the given context. If the Document Context have a directory local configuration, the service will append at the end of the groupname the directory suffix set into the local configuration of the context document.- Specified by:
deleteGroupin interfaceMultiTenantUserManager
-
deleteGroup
Description copied from interface:MultiTenantUserManagerDeletes group with given id with the given context. If the Document Context have a directory local configuration, the service will append at the end of the groupname the directory suffix set into the local configuration of the context document.- Specified by:
deleteGroupin interfaceMultiTenantUserManager
-
getGroupsInGroup
Description copied from interface:MultiTenantUserManagerReturns the list of groups that belong to this group with the given context. If the Document Context have a directory local configuration, the service will append at the end of the groupname the directory suffix set into the local configuration of the context document.- Specified by:
getGroupsInGroupin interfaceMultiTenantUserManager- Parameters:
parentId- the name of the parent group.
-
getTopLevelGroups
Description copied from interface:MultiTenantUserManagerReturns the list of groups that are not members of other groups with the given context.- Specified by:
getTopLevelGroupsin interfaceMultiTenantUserManager
-
getUsersInGroupAndSubGroups
Description copied from interface:MultiTenantUserManagerGet users from a group and its subgroups into the given context- Specified by:
getUsersInGroupAndSubGroupsin interfaceMultiTenantUserManager- Parameters:
groupId- ID of the group
-
getUsersForPermission
Description copied from interface:MultiTenantUserManagerFor an ACP, get the list of user that has a permission into the given context. This method should be use with care as it can cause performance issues while getting the list of users.- Specified by:
getUsersForPermissionin interfaceMultiTenantUserManager- Parameters:
perm- the permissionacp- The access control policy of the document- Returns:
- the list of user ids
-
getAncestorGroups
Description copied from interface:UserManagerReturns the ancestor groups of the group with the given id.- Specified by:
getAncestorGroupsin interfaceUserManager
-
populateAncestorGroups
-
getDescendantGroups
Description copied from interface:UserManagerReturns the descendant groups of the group with the given id.- Specified by:
getDescendantGroupsin interfaceUserManager
-
populateDescendantGroups
-
getGroupConfig
Description copied from interface:UserManagerReturns the contributedGroupConfig.- Specified by:
getGroupConfigin interfaceUserManager
-
handleEvent
Description copied from interface:EventListenerAn event was received.- Specified by:
handleEventin interfaceEventListener
-