/*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates.
 *  
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *  
 *    http://www.apache.org/licenses/LICENSE-2.0
 *  
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.uberfire.ext.security.management.api;

import java.util.Collection;

import org.jboss.errai.security.shared.api.identity.User;
import org.uberfire.ext.security.management.api.exception.SecurityManagementException;

/**
 * <p>The Users Manager.</p>
 * <p>The user manager provide additional methods to implement from the entity manager ones.</p>
 * @since 0.8.0
 */
public interface UserManager extends AbstractEntityManager<User, UserManagerSettings> {

    /**
     * <p>Assign a collection of groups to a user.</p>.
     * <p>All the groups given will be assigned to the user, the current existing assigned ones will be removed.</p>
     * <p>It's important to note that the inherited <code>create</code> and <code>update</code> methods should not assign groups, this operations must be done in this method,
     * as it's easier for mapping with the capabilities approach.</p>
     * @param username The user identifier.
     * @param groups The collection of groups identifiers to assign.
     * @throws SecurityManagementException
     */
    void assignGroups(String username,
                      Collection<String> groups) throws SecurityManagementException;

    /**
     * <p>Assign a collection of roles to a user.</p>.
     * <p>All the roles given will be assigned to the user, the current existing assigned ones will be removed.</p>
     * <p>It's important to note that the inherited <code>create</code> and <code>update</code> methods should not assign roles, this operations must be done in this method,
     * as it's easier for mapping with the capabilities approach.</p>
     * @param username The user identifier.
     * @param roles The collection of roles identifiers to assign.
     * @throws SecurityManagementException
     */
    void assignRoles(String username,
                     Collection<String> roles) throws SecurityManagementException;

    /**
     * <p>Changes the user's password.</p>
     * @param username The user identifier.
     * @param newPassword The new password.
     * @throws SecurityManagementException
     */
    void changePassword(String username,
                        String newPassword) throws SecurityManagementException;

    /**
     * <p>Description of a user attribute that is supported by the specific manager implementation.</p>
     */
    interface UserAttribute {

        /**
         * The attribute name.
         * @return The attribute name.
         */
        String getName();

        /**
         * Specifies if the attribute is required for creating a user or if it cannot be removed.
         * @return Is mandatory.
         */
        boolean isMandatory();

        /**
         * Specifies if the attribute can be modified.
         * @return Is editable.
         */
        boolean isEditable();

        /**
         * The default value for an attribute.
         * Used when creating a new user and setting mandatory attributes.
         * @return The default value for the attribute, if any.
         */
        String getDefaultValue();
    }
}