org.alfresco.service.cmr.security
Interface AuthorityService

All Known Implementing Classes:
AuthorityServiceImpl

public interface AuthorityService

The service that encapsulates authorities granted to users. This service will refuse to create any user authorities. These should be managed using the AuthenticationService and PersonServce. Methods that try to change alter users will throw an exception. A string key is used to identify the authority. These follow the contract defined in AuthorityType. If there are entities linked to these authorities this key should be used to find them, as userName is used link user and person.


Nested Class Summary
static interface AuthorityService.AuthorityFilter
           
 
Field Summary
static java.lang.String ZONE_APP_DEFAULT
          The default application zone.
static java.lang.String ZONE_APP_SHARE
          The SHARE application zone.
static java.lang.String ZONE_APP_WCM
          The WCM application zone.
static java.lang.String ZONE_AUTH_ALFRESCO
          Default authentication
static java.lang.String ZONE_AUTH_EXT_PREFIX
          Prefix for external auth ids
 
Method Summary
 void addAuthority(java.util.Collection parentNames, java.lang.String childName)
          Set a given child authority to be included by the given parent authorities.
 void addAuthority(java.lang.String parentName, java.lang.String childName)
          Set an authority to include another authority.
 void addAuthorityToZones(java.lang.String authorityName, java.util.Set zones)
          Add a zone to an authority.
 boolean authorityExists(java.lang.String name)
          Check if an authority exists.
 java.lang.String createAuthority(org.alfresco.service.cmr.security.AuthorityType type, java.lang.String shortName)
          Create an authority.
 java.lang.String createAuthority(org.alfresco.service.cmr.security.AuthorityType type, java.lang.String shortName, java.lang.String authorityDisplayName, java.util.Set authorityZones)
          Create an authority with a display name and zone.
 void deleteAuthority(java.lang.String name)
          Delete an authority and all its relationships.
 void deleteAuthority(java.lang.String name, boolean cascade)
          Delete an authority and all its relationships, optionally recursively deleting child authorities of the same type.
 java.util.Set findAuthorities(org.alfresco.service.cmr.security.AuthorityType type, java.lang.String parentAuthority, boolean immediate, java.lang.String displayNamePattern, java.lang.String zoneName)
          Search for authorities by pattern matching (* and ?) against the authority name.
 java.util.Set getAllAuthorities(org.alfresco.service.cmr.security.AuthorityType type)
          Get all authorities by type See also "getAuthorities" (paged) alternative
 java.util.Set getAllAuthoritiesInZone(java.lang.String zoneName, org.alfresco.service.cmr.security.AuthorityType type)
          Gets the names of all authorities in a zone, optionally filtered by type See also "getAuthorities" paged alternative (note: in that case, zone must exist)
 java.util.Set getAllRootAuthorities(org.alfresco.service.cmr.security.AuthorityType type)
          Get all root authorities by type.
 java.util.Set getAllRootAuthoritiesInZone(java.lang.String zoneName, org.alfresco.service.cmr.security.AuthorityType type)
          Gets the names of all root authorities in a zone, optionally filtered by type.
 java.util.Set getAuthorities()
          Get the authorities for the current user
 org.alfresco.query.PagingResults getAuthorities(org.alfresco.service.cmr.security.AuthorityType type, java.lang.String zoneName, java.lang.String displayNameFilter, boolean sortByDisplayName, boolean sortAscending, org.alfresco.query.PagingRequest pagingRequest)
          Get authorities by type and/or zone
 java.util.Set getAuthoritiesForUser(java.lang.String userName)
          Get the authorities for the given user
 java.lang.String getAuthorityDisplayName(java.lang.String name)
          Get the display name for the given authority.
 org.alfresco.service.cmr.repository.NodeRef getAuthorityNodeRef(java.lang.String name)
          Gets the authority node for the specified name
 java.util.Set getAuthorityZones(java.lang.String name)
          Gets the name of the zone containing the specified authority.
 java.util.Set getContainedAuthorities(org.alfresco.service.cmr.security.AuthorityType type, java.lang.String name, boolean immediate)
          Get all the authorities that are contained by the given authority.
 java.util.Set getContainingAuthorities(org.alfresco.service.cmr.security.AuthorityType type, java.lang.String name, boolean immediate)
          Get the authorities that contain the given authority, but use getAuthoritiesForUser(userName).contains(authority) rather than getContainingAuthorities(type, userName, false).contains(authority) or use #getContainingAuthoritiesInZone(AuthorityType, String, AuthorityService.ZONE_APP_DEFAULT) as they will be much faster.
 java.util.Set getContainingAuthoritiesInZone(org.alfresco.service.cmr.security.AuthorityType type, java.lang.String name, java.lang.String zoneName, AuthorityService.AuthorityFilter filter, int size)
          Get a set of authorities with varying filter criteria
 java.util.Set getDefaultZones()
          Get the name of the default zone.
 java.lang.String getName(org.alfresco.service.cmr.security.AuthorityType type, java.lang.String shortName)
          Create the full identifier for an authority given its short name and type.
 org.alfresco.service.cmr.repository.NodeRef getOrCreateZone(java.lang.String zoneName)
          Gets or creates an authority zone node with the specified name
 java.lang.String getShortName(java.lang.String name)
          Extract the short name of an authority from its full identifier.
 org.alfresco.service.cmr.repository.NodeRef getZone(java.lang.String zoneName)
          Gets an authority zone node with the specified name
 boolean hasAdminAuthority()
          Check of the current user has admin authority.
 boolean hasGuestAuthority()
          Check of the current user has guest authority.
 boolean isAdminAuthority(java.lang.String authorityName)
          Does the given authority have admin authority.
 boolean isGuestAuthority(java.lang.String authorityName)
          Does the given authority have guest authority.
 void removeAuthority(java.lang.String parentName, java.lang.String childName)
          Remove an authority as a member of another authority.
 void removeAuthorityFromZones(java.lang.String authorityName, java.util.Set zones)
          Remove a zone from an authority
 void setAuthorityDisplayName(java.lang.String authorityName, java.lang.String authorityDisplayName)
          Set the display name for the given authority.
 

Field Detail

ZONE_APP_DEFAULT

static final java.lang.String ZONE_APP_DEFAULT
The default application zone.

See Also:
Constant Field Values

ZONE_APP_WCM

static final java.lang.String ZONE_APP_WCM
The WCM application zone.

See Also:
Constant Field Values

ZONE_APP_SHARE

static final java.lang.String ZONE_APP_SHARE
The SHARE application zone.

See Also:
Constant Field Values

ZONE_AUTH_ALFRESCO

static final java.lang.String ZONE_AUTH_ALFRESCO
Default authentication

See Also:
Constant Field Values

ZONE_AUTH_EXT_PREFIX

static final java.lang.String ZONE_AUTH_EXT_PREFIX
Prefix for external auth ids

See Also:
Constant Field Values
Method Detail

hasAdminAuthority

@Auditable
boolean hasAdminAuthority()
Check of the current user has admin authority. There is no contract for who should have this authority, only that it can be tested here. It could be determined by group membership, role, authentication mechanism, ...

Returns:
true if the currently authenticated user has the admin authority

isAdminAuthority

@Auditable(parameters="authorityName")
boolean isAdminAuthority(java.lang.String authorityName)
Does the given authority have admin authority.

Parameters:
authorityName - The name of the authority.
Returns:
Whether the authority is an 'administrator'.

hasGuestAuthority

@Auditable
boolean hasGuestAuthority()
Check of the current user has guest authority. There is no contract for who should have this authority, only that it can be tested here. It could be determined by group membership, role, authentication mechanism, ...

Returns:
true if the currently authenticated user has the guest authority

isGuestAuthority

@Auditable(parameters="authorityName")
boolean isGuestAuthority(java.lang.String authorityName)
Does the given authority have guest authority.

Parameters:
authorityName - The name of the authority.
Returns:
Whether the authority is a 'guest'.

getAuthorities

@Auditable
java.util.Set getAuthorities()
Get the authorities for the current user

Returns:
authorities for the current user

getAuthoritiesForUser

@Auditable(parameters="userName")
java.util.Set getAuthoritiesForUser(java.lang.String userName)
Get the authorities for the given user


getAllAuthorities

@Auditable(parameters="type")
java.util.Set getAllAuthorities(org.alfresco.service.cmr.security.AuthorityType type)
Get all authorities by type See also "getAuthorities" (paged) alternative

Parameters:
type - the type of authorities - cannot be null
Returns:
all authorities by type
See Also:
(paged)

getAuthorities

@Auditable(parameters={"type", "zoneName", "displayNameFilter", "sortByDisplayName", "sortAscending", "pagingRequest"})
org.alfresco.query.PagingResults getAuthorities(org.alfresco.service.cmr.security.AuthorityType type,
                                                          java.lang.String zoneName,
                                                          java.lang.String displayNameFilter,
                                                          boolean sortByDisplayName,
                                                          boolean sortAscending,
                                                          org.alfresco.query.PagingRequest pagingRequest)
Get authorities by type and/or zone

Parameters:
type - the type of authorities (note: mandatory if zoneName is null)
zoneName - the zoneName (note: mandatory if type is null)
displayNameFilter - optional filter (startsWith / ignoreCase) for authority display name (note: implied trailing "*")
sortByDisplayName - if true then sort (ignoring case) by the authority display name, if false then unsorted note: for users, displayName/shortName is equivalent to the userName, for groups if the display is null then use the short name
sortAscending - if true then sort ascending else sort descending (ignore if sortByDisplayName is false)
pagingRequest - the requested page (skipCount, maxItems, queryExectionId)
Throws:
UnknownAuthorityException - - if zoneName is not null and does not exist
Since:
4.0

getAllRootAuthorities

@Auditable(parameters="type")
java.util.Set getAllRootAuthorities(org.alfresco.service.cmr.security.AuthorityType type)
Get all root authorities by type. Root authorities are ones that were created without an authority as the parent authority;

Parameters:
type - - the type of the authority
Returns:
all root authorities by type.

createAuthority

@Auditable(parameters={"type", "shortName"})
java.lang.String createAuthority(org.alfresco.service.cmr.security.AuthorityType type,
                                           java.lang.String shortName)
Create an authority.

Parameters:
type - - the type of the authority
shortName - - the short name of the authority to create this will also be set as the default display name for the authority
Returns:
the name of the authority (this will be the prefix, if any associated with the type appended with the short name)

createAuthority

@Auditable(parameters={"type", "shortName", "authorityDisplayName", "authorityZones"})
java.lang.String createAuthority(org.alfresco.service.cmr.security.AuthorityType type,
                                           java.lang.String shortName,
                                           java.lang.String authorityDisplayName,
                                           java.util.Set authorityZones)
Create an authority with a display name and zone.

Parameters:
type - the type of the authority
shortName - the short name of the authority to create
authorityDisplayName - the display name for the authority
authorityZone - identifier for external user registry owning the authority or null if not applicable
Returns:
the full name of the authority (this will be the prefix, if any associated with the type appended with the short name)

addAuthority

@Auditable(parameters={"parentName", "childName"})
void addAuthority(java.lang.String parentName,
                            java.lang.String childName)
Set an authority to include another authority. For example, adding a group to a group or adding a user to a group.

Parameters:
parentName - - the full name string identifier for the parent.
childName - - the string identifier for the child.

addAuthority

@Auditable(parameters={"parentNames", "childName"})
void addAuthority(java.util.Collection parentNames,
                            java.lang.String childName)
Set a given child authority to be included by the given parent authorities. For example, adding a group to groups or adding a user to groups.

Parameters:
parentNames - - the full name string identifier for the parents.
childName - - the string identifier for the child.

removeAuthority

@Auditable(parameters={"parentName", "childName"})
void removeAuthority(java.lang.String parentName,
                               java.lang.String childName)
Remove an authority as a member of another authority. The child authority will still exist. If the child authority was not created as a root authority and you remove its creation link, it will be moved to a root authority. If you want rid of it, use delete.

Parameters:
parentName - - the string identifier for the parent.
childName - - the string identifier for the child.

deleteAuthority

@Auditable(parameters="name")
void deleteAuthority(java.lang.String name)
Delete an authority and all its relationships. Note child authorities are not deleted.

Parameters:
name -

deleteAuthority

@Auditable(parameters={"name", "cascade"})
void deleteAuthority(java.lang.String name,
                               boolean cascade)
Delete an authority and all its relationships, optionally recursively deleting child authorities of the same type.

Parameters:
name - the authority long name
cascade - should the delete be cascaded to child authorities of the same type?

getContainedAuthorities

@Auditable(parameters={"type", "name", "immediate"})
java.util.Set getContainedAuthorities(org.alfresco.service.cmr.security.AuthorityType type,
                                                java.lang.String name,
                                                boolean immediate)
Get all the authorities that are contained by the given authority. For a group you could get all the authorities it contains, just the users it contains or just the other groups it includes.

Parameters:
type - - if not null, limit to the type of authority specified
name - - the name of the containing authority
immediate - - if true, limit the depth to just immediate child, if false find authorities at any depth
Returns:

getContainingAuthorities

@Auditable(parameters={"type", "name", "immediate"})
java.util.Set getContainingAuthorities(org.alfresco.service.cmr.security.AuthorityType type,
                                                 java.lang.String name,
                                                 boolean immediate)
Get the authorities that contain the given authority, but use getAuthoritiesForUser(userName).contains(authority) rather than getContainingAuthorities(type, userName, false).contains(authority) or use #getContainingAuthoritiesInZone(AuthorityType, String, AuthorityService.ZONE_APP_DEFAULT) as they will be much faster. For example, this method can be used find out all the authorities that contain a group.

Parameters:
type - - if not null, limit to the type of authority specified
name - - the name of the authority for which the containing authorities are required.
immediate - - limit to immediate parents or any ancestor.
Returns:

getContainingAuthoritiesInZone

@Auditable(parameters={"type", "name", "zoneName", "filter", "size"})
java.util.Set getContainingAuthoritiesInZone(org.alfresco.service.cmr.security.AuthorityType type,
                                                       java.lang.String name,
                                                       java.lang.String zoneName,
                                                       AuthorityService.AuthorityFilter filter,
                                                       int size)
Get a set of authorities with varying filter criteria

Parameters:
type - authority type or null for all types
name - if non-null, only return those authorities who contain this authority
zoneName - if non-null, only include authorities in the named zone
filter - optional callback to apply further filter criteria or null
size - if greater than zero, the maximum results to return. The search strategy used is varied depending on this number.
Returns:
a set of authorities

getShortName

@Auditable(parameters="name")
java.lang.String getShortName(java.lang.String name)
Extract the short name of an authority from its full identifier.

Parameters:
name -
Returns:

getName

@Auditable(parameters={"type", "shortName"})
java.lang.String getName(org.alfresco.service.cmr.security.AuthorityType type,
                                   java.lang.String shortName)
Create the full identifier for an authority given its short name and type.

Parameters:
type -
shortName -
Returns:

authorityExists

@Auditable(parameters="name")
boolean authorityExists(java.lang.String name)
Check if an authority exists.

Parameters:
name - (the long name).
Returns:
true, the authority exists.

getAuthorityDisplayName

@Auditable(parameters="name")
java.lang.String getAuthorityDisplayName(java.lang.String name)
Get the display name for the given authority.

Parameters:
name - - the full authority string including any prefix (e.g. GROUP_woof)
Returns:
- the display name

setAuthorityDisplayName

@Auditable(parameters={"authorityName", "authorityDisplayName"})
void setAuthorityDisplayName(java.lang.String authorityName,
                                       java.lang.String authorityDisplayName)
Set the display name for the given authority. Setting the display name is only supported for authorities of type group

Parameters:
authorityName -
authorityDisplayName -

getAuthorityNodeRef

@Auditable(parameters="name")
org.alfresco.service.cmr.repository.NodeRef getAuthorityNodeRef(java.lang.String name)
Gets the authority node for the specified name

Parameters:
name - The authority name
Returns:
the reference to the authority node

getOrCreateZone

@Auditable(parameters="zoneName")
org.alfresco.service.cmr.repository.NodeRef getOrCreateZone(java.lang.String zoneName)
Gets or creates an authority zone node with the specified name

Parameters:
zoneName - the zone name
Returns:
reference to the zone node

getZone

@Auditable(parameters="zoneName")
org.alfresco.service.cmr.repository.NodeRef getZone(java.lang.String zoneName)
Gets an authority zone node with the specified name

Parameters:
zoneName - the zone name
Returns:
reference to the zone node or null

getAuthorityZones

@Auditable(parameters="name")
java.util.Set getAuthorityZones(java.lang.String name)
Gets the name of the zone containing the specified authority.

Parameters:
name - the authority long name
Returns:
the the name of the zone containing the specified authority, AuthorityService#DEFAULT_ZONE if the authority exists but has no zone, or null if the authority does not exist.

getAllAuthoritiesInZone

@Auditable(parameters={"zoneName", "type"})
java.util.Set getAllAuthoritiesInZone(java.lang.String zoneName,
                                                org.alfresco.service.cmr.security.AuthorityType type)
Gets the names of all authorities in a zone, optionally filtered by type See also "getAuthorities" paged alternative (note: in that case, zone must exist)

Parameters:
zoneName - the zone name - note: if zone does not exist then will currently return empty set
type - the authority type to filter by or null for all authority types
Returns:
the names of all authorities in a zone, optionally filtered by type
See Also:
(paged)

getAllRootAuthoritiesInZone

@Auditable(parameters={"zoneName", "type"})
java.util.Set getAllRootAuthoritiesInZone(java.lang.String zoneName,
                                                    org.alfresco.service.cmr.security.AuthorityType type)
Gets the names of all root authorities in a zone, optionally filtered by type.

Parameters:
zoneName - the zone name
type - the authority type to filter by or null for all authority types
Returns:
the names of all root authorities in a zone, optionally filtered by type

addAuthorityToZones

@Auditable(parameters={"authorityName", "zones"})
void addAuthorityToZones(java.lang.String authorityName,
                                   java.util.Set zones)
Add a zone to an authority.

Parameters:
authorityName -
zone -

removeAuthorityFromZones

@Auditable(parameters={"authorityName", "zones"})
void removeAuthorityFromZones(java.lang.String authorityName,
                                        java.util.Set zones)
Remove a zone from an authority

Parameters:
authorityName -
zone -

getDefaultZones

@NotAuditable
java.util.Set getDefaultZones()
Get the name of the default zone.

Returns:
the default zone

findAuthorities

@Auditable(parameters="type")
java.util.Set findAuthorities(org.alfresco.service.cmr.security.AuthorityType type,
                                        java.lang.String parentAuthority,
                                        boolean immediate,
                                        java.lang.String displayNamePattern,
                                        java.lang.String zoneName)
Search for authorities by pattern matching (* and ?) against the authority name. Note: This will use a search index to find the results (eg. via Lucene / SOLR).

Parameters:
type -
parentAuthority - if non-null, will look only for authorities who are a child of the named parent
immediate - if true then only search root groups if parentAuthority is null, or immediate children of parentAuthority if it is non-null.
displayNamePattern -
zoneName - - may be null to indicate all zones
Returns:


Copyright © 2005 - 2010 Alfresco Software, Inc. All Rights Reserved.