Package org.alfresco.service.cmr.security

Interface AuthorityService

All Known Implementing Classes:
AuthorityServiceImpl
@AlfrescoPublicApi public interface AuthorityService
The service that encapsulates authorities granted to users. This service will refuse to create any user authorities. These should be managed using the AuthenticationService and PersonServce. Methods that try to change alter users will throw an exception. A string key is used to identify the authority. These follow the contract defined in AuthorityType. If there are entities linked to these authorities this key should be used to find them, as userName is used link user and person.
Author:
Andy Hind

  • Field Details

  • Method Details

    • hasAdminAuthority

      @Auditable boolean hasAdminAuthority()
      Check of the current user has admin authority. There is no contract for who should have this authority, only that it can be tested here. It could be determined by group membership, role, authentication mechanism, ...
      Returns:
      true if the currently authenticated user has the admin authority

    • isAdminAuthority

      @Auditable(parameters="authorityName") boolean isAdminAuthority(String authorityName)
      Does the given authority have admin authority.
      Parameters:
      authorityName - The name of the authority.
      Returns:
      Whether the authority is an 'administrator'.

    • hasGuestAuthority

      @Auditable boolean hasGuestAuthority()
      Check of the current user has guest authority. There is no contract for who should have this authority, only that it can be tested here. It could be determined by group membership, role, authentication mechanism, ...
      Returns:
      true if the currently authenticated user has the guest authority

    • isGuestAuthority

      @Auditable(parameters="authorityName") boolean isGuestAuthority(String authorityName)
      Does the given authority have guest authority.
      Parameters:
      authorityName - The name of the authority.
      Returns:
      Whether the authority is a 'guest'.

    • countUsers

      @Auditable long countUsers()
      Count the number of groups
      Returns:
      Returns the number of groups

    • countGroups

      @Auditable long countGroups()
      Count the number of users (not groups)
      Returns:
      Returns the number of usrs

    • getAuthorities

      @Auditable Set<String> getAuthorities()
      Get the authorities for the current user
      Returns:
      authorities for the current user

    • getAuthoritiesForUser

      @Auditable(parameters="userName") Set<String> getAuthoritiesForUser(String userName)
      Get the authorities for the given user

    • getAllAuthorities

      @Auditable(parameters="type") @Deprecated Set<String> getAllAuthorities(AuthorityType type)
      Deprecated.
      use getAuthorities(AuthorityType, String, String, boolean, boolean, PagingRequest) at least
      Get all authorities by type See also "getAuthorities" (paged) alternative
      Parameters:
      type - the type of authorities - cannot be null
      Returns:
      all authorities by type
      See Also:

    • getAuthoritiesInfo

      @Auditable(parameters={"type","zoneName","displayNameFilter","sortByDisplayName","sortAscending","pagingRequest"}) org.alfresco.query.PagingResults<AuthorityInfo> getAuthoritiesInfo(AuthorityType type, String zoneName, String displayNameFilter, String sortBy, boolean sortAscending, org.alfresco.query.PagingRequest pagingRequest)
      Get authorities by type and/or zone
      Parameters:
      type - the type of authorities (note: mandatory if zoneName is null)
      zoneName - the zoneName (note: mandatory if type is null)
      displayNameFilter - optional filter (startsWith / ignoreCase) for authority display name (note: implied trailing "*")
      sortBy - either "displayName", "shortName", "authorityName" or null if no sorting. note: for users, displayName/shortName is equivalent to the userName, for groups if the display is null then use the short name
      sortAscending - if true then sort ascending else sort descending (ignore if sortByDisplayName is false)
      pagingRequest - the requested page (skipCount, maxItems, queryExectionId)
      Throws:
      UnknownAuthorityException - - if zoneName is not null and does not exist

      author janv
      Since:
      4.0

    • getAuthorities

      @Auditable(parameters={"type","zoneName","displayNameFilter","sortByDisplayName","sortAscending","pagingRequest"}) org.alfresco.query.PagingResults<String> getAuthorities(AuthorityType type, String zoneName, String displayNameFilter, boolean sortByDisplayName, boolean sortAscending, org.alfresco.query.PagingRequest pagingRequest)
      Get authorities by type and/or zone
      Parameters:
      type - the type of authorities (note: mandatory if zoneName is null)
      zoneName - the zoneName (note: mandatory if type is null)
      displayNameFilter - optional filter (startsWith / ignoreCase) for authority display name (note: implied trailing "*")
      sortByDisplayName - if true then sort (ignoring case) by the authority display name, if false then unsorted note: for users, displayName/shortName is equivalent to the userName, for groups if the display is null then use the short name
      sortAscending - if true then sort ascending else sort descending (ignore if sortByDisplayName is false)
      pagingRequest - the requested page (skipCount, maxItems, queryExectionId)
      Throws:
      UnknownAuthorityException - - if zoneName is not null and does not exist

      author janv
      Since:
      4.0

    • getAllRootAuthorities

      @Auditable(parameters="type") Set<String> getAllRootAuthorities(AuthorityType type)
      Get all root authorities by type. Root authorities are ones that were created without an authority as the parent authority;
      Parameters:
      type - - the type of the authority
      Returns:
      all root authorities by type.

    • createAuthority

      @Auditable(parameters={"type","shortName"}) String createAuthority(AuthorityType type, String shortName)
      Create an authority.
      Parameters:
      type - - the type of the authority
      shortName - - the short name of the authority to create this will also be set as the default display name for the authority
      Returns:
      the name of the authority (this will be the prefix, if any associated with the type appended with the short name)

    • createAuthority

      @Auditable(parameters={"type","shortName"}) String createAuthority(AuthorityType type, String shortName, Map<QName,Serializable> properties)
      Create an authority with properties.
      Parameters:
      type - - the type of the authority
      shortName - - the short name of the authority to create this will also be set as the default display name for the authority
      properties - - properties that will be added to authority
      Returns:
      the name of the authority (this will be the prefix, if any associated with the type appended with the short name)

    • createAuthority

      @Auditable(parameters={"type","shortName","authorityDisplayName","authorityZones"}) String createAuthority(AuthorityType type, String shortName, String authorityDisplayName, Set<String> authorityZones)
      Create an authority with a display name and zone.
      Parameters:
      type - the type of the authority
      shortName - the short name of the authority to create
      authorityDisplayName - the display name for the authority
      authorityZones - identifier for external user registry owning the authority or null if not applicable
      Returns:
      the full name of the authority (this will be the prefix, if any associated with the type appended with the short name)

    • createAuthority

      @Auditable(parameters={"type","shortName","authorityDisplayName","authorityZones"}) String createAuthority(AuthorityType type, String shortName, String authorityDisplayName, Set<String> authorityZones, Map<QName,Serializable> properties)
      Create an authority with a display name and zone.
      Parameters:
      type - the type of the authority
      shortName - the short name of the authority to create
      authorityDisplayName - the display name for the authority
      authorityZones - identifier for external user registry owning the authority or null if not applicable
      properties - - properties that will be added to authority
      Returns:
      the full name of the authority (this will be the prefix, if any associated with the type appended with the short name)

    • addAuthority

      @Auditable(parameters={"parentName","childName"}) void addAuthority(String parentName, String childName)
      Set an authority to include another authority. For example, adding a group to a group or adding a user to a group.
      Parameters:
      parentName - - the full name string identifier for the parent.
      childName - - the string identifier for the child.

    • addAuthority

      @Auditable(parameters={"parentNames","childName"}) void addAuthority(Collection<String> parentNames, String childName)
      Set a given child authority to be included by the given parent authorities. For example, adding a group to groups or adding a user to groups.
      Parameters:
      parentNames - - the full name string identifier for the parents.
      childName - - the string identifier for the child.

    • removeAuthority

      @Auditable(parameters={"parentName","childName"}) void removeAuthority(String parentName, String childName)
      Remove an authority as a member of another authority. The child authority will still exist. If the child authority was not created as a root authority and you remove its creation link, it will be moved to a root authority. If you want rid of it, use delete.
      Parameters:
      parentName - - the string identifier for the parent.
      childName - - the string identifier for the child.

    • deleteAuthority

      @Auditable(parameters="name") void deleteAuthority(String name)
      Delete an authority and all its relationships. Note child authorities are not deleted.
      Parameters:
      name - String

    • deleteAuthority

      @Auditable(parameters={"name","cascade"}) void deleteAuthority(String name, boolean cascade)
      Delete an authority and all its relationships, optionally recursively deleting child authorities of the same type.
      Parameters:
      name - the authority long name
      cascade - should the delete be cascaded to child authorities of the same type?

    • getContainedAuthorities

      @Auditable(parameters={"type","name","immediate"}) Set<String> getContainedAuthorities(AuthorityType type, String name, boolean immediate)
      Get all the authorities that are contained by the given authority. For a group you could get all the authorities it contains, just the users it contains or just the other groups it includes.
      Parameters:
      type - - if not null, limit to the type of authority specified
      name - - the name of the containing authority
      immediate - - if true, limit the depth to just immediate child, if false find authorities at any depth

    • getContainingAuthorities

      @Auditable(parameters={"type","name","immediate"}) Set<String> getContainingAuthorities(AuthorityType type, String name, boolean immediate)
      Get the authorities that contain the given authority, but use getAuthoritiesForUser(userName).contains(authority) rather than getContainingAuthorities(type, userName, false).contains(authority) or use getContainingAuthoritiesInZone(AuthorityType, String, String, AuthorityFilter, int) as they will be much faster. For example, this method can be used find out all the authorities that contain a group.
      Parameters:
      type - - if not null, limit to the type of authority specified
      name - - the name of the authority for which the containing authorities are required.
      immediate - - limit to immediate parents or any ancestor.

    • getContainingAuthoritiesInZone

      @Auditable(parameters={"type","name","zoneName","filter","size"}) Set<String> getContainingAuthoritiesInZone(AuthorityType type, String name, String zoneName, AuthorityService.AuthorityFilter filter, int size)
      Get a set of authorities with varying filter criteria
      Parameters:
      type - authority type or null for all types
      name - if non-null, only return those authorities who contain this authority
      zoneName - if non-null, only include authorities in the named zone
      filter - optional callback to apply further filter criteria or null
      size - if greater than zero, the maximum results to return. The search strategy used is varied depending on this number.
      Returns:
      a set of authorities

    • getShortName

      @Auditable(parameters="name") String getShortName(String name)
      Extract the short name of an authority from its full identifier.
      Parameters:
      name - String
      Returns:
      String

    • getName

      @Auditable(parameters={"type","shortName"}) String getName(AuthorityType type, String shortName)
      Create the full identifier for an authority given its short name and type.
      Parameters:
      type - AuthorityType
      shortName - String
      Returns:
      String

    • authorityExists

      @Auditable(parameters="name") boolean authorityExists(String name)
      Check if an authority exists.
      Parameters:
      name - (the long name).
      Returns:
      true, the authority exists.

    • getAuthorityDisplayName

      @Auditable(parameters="name") String getAuthorityDisplayName(String name)
      Get the display name for the given authority.
      Parameters:
      name - - the full authority string including any prefix (e.g. GROUP_woof)
      Returns:
      - the display name

    • getAuthorityDisplayNameAndDescription

      @Auditable(parameters="name") Pair<String,String> getAuthorityDisplayNameAndDescription(String name)
      Get the display name and description for the given authority.
      Parameters:
      name - - the full authority string including any prefix (e.g. GROUP_woof)
      Returns:
      - pair containing display name and description

    • setAuthorityDisplayName

      @Auditable(parameters={"authorityName","authorityDisplayName"}) void setAuthorityDisplayName(String authorityName, String authorityDisplayName)
      Set the display name for the given authority. Setting the display name is only supported for authorities of type group
      Parameters:
      authorityName - String
      authorityDisplayName - String

    • setAuthorityDisplayNameAndDescription

      @Auditable(parameters={"authorityName","authorityDisplayName","description"}) void setAuthorityDisplayNameAndDescription(String authorityName, String authorityDisplayName, String description)
      Set the display name and description for the given authority. Setting the display name is only supported for authorities of type group
      Parameters:
      authorityName - String
      authorityDisplayName - String
      description - String

    • getAuthorityNodeRef

      @Auditable(parameters="name") NodeRef getAuthorityNodeRef(String name)
      Gets the authority node for the specified name
      Parameters:
      name - The authority name
      Returns:
      the reference to the authority node

    • getOrCreateZone

      @Auditable(parameters="zoneName") NodeRef getOrCreateZone(String zoneName)
      Gets or creates an authority zone node with the specified name
      Parameters:
      zoneName - the zone name
      Returns:
      reference to the zone node

    • getZone

      @Auditable(parameters="zoneName") NodeRef getZone(String zoneName)
      Gets an authority zone node with the specified name
      Parameters:
      zoneName - the zone name
      Returns:
      reference to the zone node or null

    • getAuthorityZones

      @Auditable(parameters="name") Set<String> getAuthorityZones(String name)
      Gets the name of the zone containing the specified authority.
      Parameters:
      name - the authority long name
      Returns:
      the the name of the zone containing the specified authority, ZONE_APP_DEFAULT if the authority exists but has no zone, or null if the authority does not exist.

    • getAllAuthoritiesInZone

      @Auditable(parameters={"zoneName","type"}) Set<String> getAllAuthoritiesInZone(String zoneName, AuthorityType type)
      Gets the names of all authorities in a zone, optionally filtered by type See also "getAuthorities" paged alternative (note: in that case, zone must exist)
      Parameters:
      zoneName - the zone name - note: if zone does not exist then will currently return empty set
      type - the authority type to filter by or null for all authority types
      Returns:
      the names of all authorities in a zone, optionally filtered by type
      See Also:

    • getAllRootAuthoritiesInZone

      @Auditable(parameters={"zoneName","type"}) Set<String> getAllRootAuthoritiesInZone(String zoneName, AuthorityType type)
      Gets the names of all root authorities in a zone, optionally filtered by type.
      Parameters:
      zoneName - the zone name
      type - the authority type to filter by or null for all authority types
      Returns:
      the names of all root authorities in a zone, optionally filtered by type

    • addAuthorityToZones

      @Auditable(parameters={"authorityName","zones"}) void addAuthorityToZones(String authorityName, Set<String> zones)
      Add a zone to an authority.
      Parameters:
      authorityName - String

    • removeAuthorityFromZones

      @Auditable(parameters={"authorityName","zones"}) void removeAuthorityFromZones(String authorityName, Set<String> zones)
      Remove a zone from an authority
      Parameters:
      authorityName - String

    • getDefaultZones

      @NotAuditable Set<String> getDefaultZones()
      Get the name of the default zone.
      Returns:
      the default zone

    • findAuthorities

      @Auditable(parameters="type") Set<String> findAuthorities(AuthorityType type, String parentAuthority, boolean immediate, String displayNamePattern, String zoneName)
      Search for authorities by pattern matching (* and ?) against the authority name. Note: This will use a search index to find the results (eg. via Lucene / SOLR).
      Parameters:
      type - AuthorityType
      parentAuthority - if non-null, will look only for authorities who are a child of the named parent
      immediate - if true then only search root groups if parentAuthority is null, or immediate children of parentAuthority if it is non-null.
      displayNamePattern - String
      zoneName - - may be null to indicate all zones

    • hasSysAdminAuthority

      @Auditable default boolean hasSysAdminAuthority()
      Check the current user has system administration authority.
      Returns:
      true if the currently authenticated user has the system administration authority, otherwise false
      Throws:
      UnsupportedOperationException - if the implementing class (i.e. external clients) doesn't provide an implementation for the hasSysAdminAuthority operation
      Since:
      7.1