NuxeoPrincipal.java

/*
 * (C) Copyright 2006-2014 Nuxeo SA (http://nuxeo.com/) and others.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Contributors:
 *     Bogdan Stefanescu
 */
package org.nuxeo.ecm.core.api;

import java.io.Serializable;
import java.security.Principal;
import java.util.List;
import java.util.UUID;

/**
 * Class to represent a principal in Nuxeo. This class holds the list of roles and groups for this principal.
 */
public interface NuxeoPrincipal extends Principal, Serializable {

    String PREFIX = "user:";

    /**
     * @since 8.1
     */
    String TRANSIENT_USER_PREFIX = "transient/";

    /**
     * @since 8.1
     */
    String TRANSIENT_USER_FORMAT = TRANSIENT_USER_PREFIX + "%s/%s";

    /**
     * Gets the first name of this principal.
     *
     * @return the first name of this principal
     */
    String getFirstName();

    /**
     * Gets the last name of this principal.
     *
     * @return the last name of this principal
     */
    String getLastName();

    /**
     * Gets the password of this principal.
     * <p>
     * Note: Some APIs that return principals from the database intentionally do not fill this field
     *
     * @return the password of this principal
     */
    String getPassword();

    /**
     * Gets the company name of this principal.
     *
     * @return the company name
     */
    String getCompany();

    /**
     * Get the user email if any. Return null if not email was specified
     *
     * @return the user email or null if none
     */
    String getEmail();

    /**
     * Gets the groups this principal is directly member of.
     *
     * @return the list of the groups
     */
    List<String> getGroups();

    /**
     * Gets the groups this principal directly or undirectly is member of.
     *
     * @return the list of the groups
     */
    List<String> getAllGroups();

    /**
     * Recursively test if the user is member of this group.
     *
     * @param group The name of the group
     */
    boolean isMemberOf(String group);

    /**
     * Gets the roles for this principal.
     *
     * @return the list of the roles
     */
    List<String> getRoles();

    void setName(String name);

    void setFirstName(String firstName);

    void setLastName(String lastName);

    void setGroups(List<String> groups);

    void setRoles(List<String> roles);

    void setCompany(String company);

    void setPassword(String password);

    void setEmail(String email);

    /**
     * Returns a generated id that is unique for each principal instance.
     *
     * @return a unique string
     */
    String getPrincipalId();

    /**
     * Sets the principalId.
     *
     * @param principalId a new principalId for this instance
     */
    void setPrincipalId(String principalId);

    DocumentModel getModel();

    void setModel(DocumentModel model);

    /**
     * Returns true if the principal is an administrator.
     * <p>
     * Security checks still apply on the repository for administrator user. If user is a system user, this method will
     * return true.
     *
     * @return true if the principal is an administrator.
     */
    boolean isAdministrator();

    /**
     * Returns the {@code tenantId} of this {@NuxeoPrincipal}, or {@code null} if there is no
     * {@code tenantId}.
     *
     * @since 5.6
     */
    String getTenantId();

    /**
     * Checks if the principal is anonymous (guest user).
     *
     * @return true if the principal is anonymous.
     */
    boolean isAnonymous();

    /**
     * Gets the base user from which this principal was created, or {@code null} if this principal was not created from
     * another user.
     *
     * @return the originating user, or {@code null}
     */
    String getOriginatingUser();

    /**
     * Sets the originating user.
     *
     * @param originatingUser the originating user
     */
    void setOriginatingUser(String originatingUser);

    /**
     * Gets the acting user for this principal.
     * <p>
     * This is the originating user (usually when this principal is a system user), or if there is none this principal's
     * user.
     *
     * @return the acting user
     * @since 6.0
     */
    String getActingUser();

    /**
     * Returns true if the principal is a transient principal.
     *
     * @since 8.1
     */
    boolean isTransient();

    /**
     * Returns true if the given @{code username} is a transient username.
     *
     * @since 8.1
     */
    static boolean isTransientUsername(String username) {
        return username != null && username.startsWith(TRANSIENT_USER_PREFIX);
    }

    /**
     * Computes a unique transient username from the given {@code baseUsername}.
     *
     * @since 8.1
     */
    static String computeTransientUsername(String baseUsername) {
        if (baseUsername != null && !baseUsername.startsWith(TRANSIENT_USER_PREFIX)) {
            String uuid = UUID.randomUUID().toString();
            uuid = uuid.replaceAll("-", "").substring(0, 16);
            return String.format(TRANSIENT_USER_FORMAT, baseUsername, uuid);
        }
        return baseUsername;
    }

}