mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-10-22 15:12:38 +00:00
6afb44e712
125606 rmunteanu: Merged 5.1.1 (5.1.1) to 5.1.N (5.1.2)
125515 slanglois: MNT-16155 Update source headers - add new Copyrights for Java and JSP source files + automatic check in the build
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@125788 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
1315 lines
50 KiB
Java
1315 lines
50 KiB
Java
/*
|
|
* #%L
|
|
* Alfresco Repository
|
|
* %%
|
|
* Copyright (C) 2005 - 2016 Alfresco Software Limited
|
|
* %%
|
|
* This file is part of the Alfresco software.
|
|
* If the software was purchased under a paid Alfresco license, the terms of
|
|
* the paid license agreement will prevail. Otherwise, the software is
|
|
* provided under the following open source license terms:
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
* #L%
|
|
*/
|
|
package org.alfresco.repo.jscript;
|
|
|
|
import java.io.Serializable;
|
|
import java.text.Collator;
|
|
import java.util.ArrayList;
|
|
import java.util.Collections;
|
|
import java.util.Comparator;
|
|
import java.util.HashMap;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.repo.security.authentication.AuthenticationException;
|
|
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
|
import org.alfresco.repo.security.authentication.UserNameGenerator;
|
|
import org.alfresco.repo.security.authority.AuthorityDAO;
|
|
import org.alfresco.repo.security.permissions.AccessDeniedException;
|
|
import org.alfresco.repo.security.person.PersonServiceImpl;
|
|
import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
|
|
import org.alfresco.repo.tenant.TenantDomainMismatchException;
|
|
import org.alfresco.repo.tenant.TenantService;
|
|
import org.alfresco.service.ServiceRegistry;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.NodeService;
|
|
import org.alfresco.service.cmr.repository.StoreRef;
|
|
import org.alfresco.service.cmr.search.LimitBy;
|
|
import org.alfresco.service.cmr.search.PermissionEvaluationMode;
|
|
import org.alfresco.service.cmr.search.ResultSet;
|
|
import org.alfresco.service.cmr.search.SearchParameters;
|
|
import org.alfresco.service.cmr.search.SearchService;
|
|
import org.alfresco.service.cmr.security.AuthorityService;
|
|
import org.alfresco.service.cmr.security.AuthorityType;
|
|
import org.alfresco.service.cmr.security.MutableAuthenticationService;
|
|
import org.alfresco.service.cmr.security.PersonService;
|
|
import org.alfresco.service.cmr.security.PersonService.PersonInfo;
|
|
import org.alfresco.service.cmr.usage.ContentUsageService;
|
|
import org.alfresco.service.namespace.QName;
|
|
import org.alfresco.util.Pair;
|
|
import org.alfresco.util.PropertyMap;
|
|
import org.alfresco.util.ScriptPagingDetails;
|
|
import org.alfresco.util.ValueDerivingMapFactory;
|
|
import org.alfresco.util.ValueDerivingMapFactory.ValueDeriver;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.mozilla.javascript.Context;
|
|
import org.mozilla.javascript.Scriptable;
|
|
import org.springframework.beans.factory.InitializingBean;
|
|
import org.springframework.extensions.surf.util.I18NUtil;
|
|
import org.springframework.extensions.surf.util.ParameterCheck;
|
|
|
|
/**
|
|
* Scripted People service for describing and executing actions against People & Groups.
|
|
*
|
|
* @author davidc
|
|
* @author kevinr
|
|
*/
|
|
public class People extends BaseScopableProcessorExtension implements InitializingBean
|
|
{
|
|
private static Log logger = LogFactory.getLog(People.class);
|
|
|
|
/** Repository Service Registry */
|
|
private ServiceRegistry services;
|
|
private AuthorityDAO authorityDAO;
|
|
private AuthorityService authorityService;
|
|
private PersonService personService;
|
|
private MutableAuthenticationService authenticationService;
|
|
private ContentUsageService contentUsageService;
|
|
private UserNameGenerator usernameGenerator;
|
|
private UserRegistrySynchronizer userRegistrySynchronizer;
|
|
protected TenantService tenantService;
|
|
|
|
private StoreRef storeRef;
|
|
private ValueDerivingMapFactory<ScriptNode, String, Boolean> valueDerivingMapFactory;
|
|
private int numRetries = 10;
|
|
|
|
private int defaultListMaxResults = 5000;
|
|
private boolean honorHintUseCQ = true;
|
|
|
|
protected static final String HINT_CQ_SUFFIX = " [hint:useCQ]";
|
|
|
|
public void afterPropertiesSet() throws Exception
|
|
{
|
|
Map <String, ValueDeriver<ScriptNode, Boolean>> capabilityTesters = new HashMap<String, ValueDeriver<ScriptNode, Boolean>>(5);
|
|
capabilityTesters.put("isAdmin", new ValueDeriver<ScriptNode, Boolean>()
|
|
{
|
|
public Boolean deriveValue(ScriptNode source)
|
|
{
|
|
return isAdmin(source);
|
|
}
|
|
});
|
|
capabilityTesters.put("isGuest", new ValueDeriver<ScriptNode, Boolean>()
|
|
{
|
|
public Boolean deriveValue(ScriptNode source)
|
|
{
|
|
return isGuest(source);
|
|
}
|
|
});
|
|
capabilityTesters.put("isMutable", new ValueDeriver<ScriptNode, Boolean>()
|
|
{
|
|
public Boolean deriveValue(ScriptNode source)
|
|
{
|
|
// Check whether the account is mutable according to the authentication service
|
|
String sourceUser = (String) source.getProperties().get(ContentModel.PROP_USERNAME);
|
|
if (!authenticationService.isAuthenticationMutable(sourceUser))
|
|
{
|
|
return false;
|
|
}
|
|
// Only allow non-admin users to mutate their own accounts
|
|
String currentUser = authenticationService.getCurrentUserName();
|
|
if (currentUser.equals(sourceUser) || authorityService.isAdminAuthority(currentUser))
|
|
{
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
});
|
|
this.valueDerivingMapFactory = new ValueDerivingMapFactory<ScriptNode, String, Boolean>(capabilityTesters);
|
|
}
|
|
|
|
/**
|
|
* Set the default store reference
|
|
*
|
|
* @param storeRef the default store reference
|
|
*/
|
|
public void setStoreUrl(String storeRef)
|
|
{
|
|
// ensure this is not set again by a script instance
|
|
if (this.storeRef != null)
|
|
{
|
|
throw new IllegalStateException("Default store URL can only be set once.");
|
|
}
|
|
this.storeRef = new StoreRef(storeRef);
|
|
}
|
|
|
|
/**
|
|
* Sets the authentication service.
|
|
*
|
|
* @param authenticationService
|
|
* the authentication service
|
|
*/
|
|
public void setAuthenticationService(MutableAuthenticationService authenticationService)
|
|
{
|
|
this.authenticationService = authenticationService;
|
|
}
|
|
|
|
/**
|
|
* Set the service registry
|
|
*
|
|
* @param serviceRegistry the service registry
|
|
*/
|
|
public void setServiceRegistry(ServiceRegistry serviceRegistry)
|
|
{
|
|
this.services = serviceRegistry;
|
|
}
|
|
|
|
/**
|
|
* Set the authority DAO
|
|
*
|
|
* @param authorityDAO authority dao
|
|
*/
|
|
public void setAuthorityDAO(AuthorityDAO authorityDAO)
|
|
{
|
|
this.authorityDAO = authorityDAO;
|
|
}
|
|
|
|
/**
|
|
* Set the authority service
|
|
*
|
|
* @param authorityService The authorityService to set.
|
|
*/
|
|
public void setAuthorityService(AuthorityService authorityService)
|
|
{
|
|
this.authorityService = authorityService;
|
|
}
|
|
|
|
/**
|
|
* Set the person service
|
|
*
|
|
* @param personService The personService to set.
|
|
*/
|
|
public void setPersonService(PersonService personService)
|
|
{
|
|
this.personService = personService;
|
|
}
|
|
|
|
/**
|
|
* @param contentUsageService the ContentUsageService to set
|
|
*/
|
|
public void setContentUsageService(ContentUsageService contentUsageService)
|
|
{
|
|
this.contentUsageService = contentUsageService;
|
|
}
|
|
|
|
/**
|
|
* @param tenantService the tenantService to set
|
|
*/
|
|
public void setTenantService(TenantService tenantService)
|
|
{
|
|
this.tenantService = tenantService;
|
|
}
|
|
|
|
/**
|
|
* Set the user name generator service
|
|
*
|
|
* @param userNameGenerator the user name generator
|
|
*/
|
|
public void setUserNameGenerator(UserNameGenerator userNameGenerator)
|
|
{
|
|
this.usernameGenerator = userNameGenerator;
|
|
}
|
|
|
|
/**
|
|
* Set the UserRegistrySynchronizer
|
|
*
|
|
* @param userRegistrySynchronizer UserRegistrySynchronizer
|
|
*/
|
|
public void setUserRegistrySynchronizer(UserRegistrySynchronizer userRegistrySynchronizer)
|
|
{
|
|
this.userRegistrySynchronizer = userRegistrySynchronizer;
|
|
}
|
|
|
|
public void setDefaultListMaxResults(int defaultListMaxResults)
|
|
{
|
|
this.defaultListMaxResults = defaultListMaxResults;
|
|
}
|
|
|
|
/**
|
|
* Allows customers to choose to use Solr or Lucene rather than a canned query in
|
|
* {@link #getPeople(String, int, String, boolean)} when
|
|
* {@code " [hint:useCQ]"} is appended to the search term (currently Share's
|
|
* User Console does this). The down side is that new users may not appear as they
|
|
* will not have been indexed. This is similar to what happened in 4.1.1 prior to
|
|
* MNT-7548 (4.1.2 and 4.1.1.1). The down side of using a canned query at the moment
|
|
* is that there is a bug, so that it is impossible to search for names such as
|
|
* {@code "Carlos Allende García"} where the first or last names may contain spaces.
|
|
* See MNT-9719 for more details. The alfresco global property
|
|
* {@code people.search.honor.hint.useCQ} is used to set this value (default is true).
|
|
*/
|
|
public void setHonorHintUseCQ(boolean honorHintUseCQ)
|
|
{
|
|
this.honorHintUseCQ = honorHintUseCQ;
|
|
}
|
|
|
|
/**
|
|
* Delete a Person with the given username
|
|
*
|
|
* @param username the username of the person to delete
|
|
*/
|
|
public void deletePerson(String username)
|
|
{
|
|
personService.deletePerson(username);
|
|
}
|
|
|
|
/**
|
|
* Create a Person with an optionally generated user name.
|
|
* This version doesn't notify them.
|
|
*
|
|
* @param userName userName or null for a generated user name
|
|
* @param firstName firstName
|
|
* @param lastName lastName
|
|
* @param emailAddress emailAddress
|
|
* @param password if not null creates a new authenticator with the given password.
|
|
* @param setAccountEnabled
|
|
* set to 'true' to create enabled user account, or 'false' to
|
|
* create disabled user account for created person.
|
|
* @return the person node (type cm:person) created or null if the person
|
|
* could not be created
|
|
*/
|
|
public ScriptNode createPerson(String userName, String firstName, String lastName, String emailAddress, String password, boolean setAccountEnabled)
|
|
{
|
|
return createPerson(userName, firstName, lastName, emailAddress, password, setAccountEnabled, false);
|
|
}
|
|
|
|
/**
|
|
* Create a Person with an optionally generated user name
|
|
*
|
|
* @param userName userName or null for a generated user name
|
|
* @param firstName firstName
|
|
* @param lastName lastName
|
|
* @param emailAddress emailAddress
|
|
* @param password if not null creates a new authenticator with the given password.
|
|
* @param setAccountEnabled
|
|
* set to 'true' to create enabled user account, or 'false' to
|
|
* create disabled user account for created person.
|
|
* @param notifyByEmail
|
|
* set to 'true' to have the new user emailed to let them know
|
|
* their account details. Only applies if a username and
|
|
* password were supplied.
|
|
* @return the person node (type cm:person) created or null if the person
|
|
* could not be created
|
|
*/
|
|
public ScriptNode createPerson(String userName, String firstName, String lastName, String emailAddress,
|
|
String password, boolean setAccountEnabled, boolean notifyByEmail)
|
|
{
|
|
ParameterCheck.mandatory("firstName", firstName);
|
|
ParameterCheck.mandatory("emailAddress", emailAddress);
|
|
|
|
ScriptNode person = null;
|
|
|
|
// generate user name if not supplied
|
|
if (userName == null)
|
|
{
|
|
for (int i=0; i < numRetries; i++)
|
|
{
|
|
userName = usernameGenerator.generateUserName(firstName, lastName, emailAddress, i);
|
|
|
|
// create person if user name does not already exist
|
|
if (!personService.personExists(userName))
|
|
{
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (userName != null)
|
|
{
|
|
try
|
|
{
|
|
userName = PersonServiceImpl.updateUsernameForTenancy(userName, tenantService);
|
|
}
|
|
catch (TenantDomainMismatchException re)
|
|
{
|
|
throw new AuthenticationException("User must belong to same domain as admin: " + re.getTenantA());
|
|
}
|
|
|
|
person = createPerson(userName, firstName, lastName, emailAddress);
|
|
|
|
if (person != null && password != null)
|
|
{
|
|
// create account for person with the userName and password
|
|
authenticationService.createAuthentication(userName, password.toCharArray());
|
|
authenticationService.setAuthenticationEnabled(userName, setAccountEnabled);
|
|
|
|
person.save();
|
|
|
|
if(notifyByEmail)
|
|
{
|
|
personService.notifyPerson(userName, password);
|
|
}
|
|
}
|
|
}
|
|
|
|
return person;
|
|
}
|
|
|
|
/**
|
|
* Enable user account. Can only be called by an Admin authority.
|
|
*
|
|
* @param userName user name for which to enable user account
|
|
*/
|
|
public void enableAccount(String userName)
|
|
{
|
|
if (this.authorityService.isAdminAuthority(AuthenticationUtil.getFullyAuthenticatedUser()))
|
|
{
|
|
this.authenticationService.setAuthenticationEnabled(userName, true);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Disable user account. Can only be called by an Admin authority.
|
|
*
|
|
* @param userName user name for which to disable user account
|
|
*/
|
|
public void disableAccount(String userName)
|
|
{
|
|
if (this.authorityService.isAdminAuthority(AuthenticationUtil.getFullyAuthenticatedUser()))
|
|
{
|
|
this.authenticationService.setAuthenticationEnabled(userName, false);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Return true if the specified user account is enabled.
|
|
*
|
|
* @param userName user name to test account
|
|
*
|
|
* @return true if account enabled, false if disabled
|
|
*/
|
|
public boolean isAccountEnabled(String userName)
|
|
{
|
|
return this.authenticationService.getAuthenticationEnabled(userName);
|
|
}
|
|
|
|
/**
|
|
* Change the password for the currently logged in user.
|
|
* Old password must be supplied.
|
|
*
|
|
* @param oldPassword Old user password
|
|
* @param newPassword New user password
|
|
*/
|
|
public void changePassword(String oldPassword, String newPassword)
|
|
{
|
|
ParameterCheck.mandatoryString("oldPassword", oldPassword);
|
|
ParameterCheck.mandatoryString("newPassword", newPassword);
|
|
|
|
this.services.getAuthenticationService().updateAuthentication(
|
|
AuthenticationUtil.getFullyAuthenticatedUser(), oldPassword.toCharArray(), newPassword.toCharArray());
|
|
}
|
|
|
|
/**
|
|
* Set a password for the given user. Note that only an administrator
|
|
* can perform this action, otherwise it will be ignored.
|
|
*
|
|
* @param userName Username to change password for
|
|
* @param password Password to set
|
|
*/
|
|
public void setPassword(String userName, String password)
|
|
{
|
|
ParameterCheck.mandatoryString("userName", userName);
|
|
ParameterCheck.mandatoryString("password", password);
|
|
|
|
MutableAuthenticationService authService = this.services.getAuthenticationService();
|
|
if (this.authorityService.hasAdminAuthority() && (userName.equalsIgnoreCase(authService.getCurrentUserName()) == false))
|
|
{
|
|
authService.setAuthentication(userName, password.toCharArray());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Create a Person with the given user name
|
|
*
|
|
* @param userName the user name of the person to create
|
|
* @return the person node (type cm:person) created or null if the user name already exists
|
|
*/
|
|
public ScriptNode createPerson(String userName)
|
|
{
|
|
ParameterCheck.mandatoryString("userName", userName);
|
|
|
|
ScriptNode person = null;
|
|
|
|
PropertyMap properties = new PropertyMap();
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
|
|
if (!personService.personExists(userName))
|
|
{
|
|
NodeRef personRef = personService.createPerson(properties);
|
|
person = new ScriptNode(personRef, services, getScope());
|
|
}
|
|
|
|
return person;
|
|
}
|
|
|
|
/**
|
|
* Create a Person with the given user name, firstName, lastName and emailAddress
|
|
*
|
|
* @param userName the user name of the person to create
|
|
* @return the person node (type cm:person) created or null if the user name already exists
|
|
*/
|
|
public ScriptNode createPerson(String userName, String firstName, String lastName, String emailAddress)
|
|
{
|
|
ParameterCheck.mandatoryString("userName", userName);
|
|
ParameterCheck.mandatoryString("firstName", firstName);
|
|
ParameterCheck.mandatoryString("emailAddress", emailAddress);
|
|
|
|
ScriptNode person = null;
|
|
|
|
PropertyMap properties = new PropertyMap();
|
|
properties.put(ContentModel.PROP_USERNAME, userName);
|
|
properties.put(ContentModel.PROP_FIRSTNAME, firstName);
|
|
properties.put(ContentModel.PROP_LASTNAME, lastName);
|
|
properties.put(ContentModel.PROP_EMAIL, emailAddress);
|
|
|
|
if (!personService.personExists(userName))
|
|
{
|
|
NodeRef personRef = personService.createPerson(properties);
|
|
person = new ScriptNode(personRef, services, getScope());
|
|
}
|
|
|
|
return person;
|
|
}
|
|
|
|
/**
|
|
* Set the content quota in bytes for a person.
|
|
* Only the admin authority can set this value.
|
|
*
|
|
* @param person Person to set quota against.
|
|
* @param quota As a string, in bytes, a value of "-1" means no quota is set
|
|
*/
|
|
public void setQuota(ScriptNode person, String quota)
|
|
{
|
|
if (this.authorityService.isAdminAuthority(AuthenticationUtil.getFullyAuthenticatedUser()))
|
|
{
|
|
this.contentUsageService.setUserQuota((String)person.getProperties().get(ContentModel.PROP_USERNAME), Long.parseLong(quota));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get the collection of people stored in the repository.
|
|
* An optional filter query may be provided by which to filter the people collection.
|
|
* Space separate the query terms i.e. "john bob" will find all users who's first or
|
|
* second names contain the strings "john" or "bob".
|
|
*
|
|
* @param filter filter query string by which to filter the collection of people.
|
|
* If <pre>null</pre> then all people stored in the repository are returned
|
|
*
|
|
* @deprecated recated see getPeople(filter, maxResults)
|
|
*
|
|
* @return people collection as a JavaScript array
|
|
*/
|
|
public Scriptable getPeople(String filter)
|
|
{
|
|
return getPeople(filter, 0);
|
|
}
|
|
|
|
/**
|
|
* Get the collection of people stored in the repository.
|
|
* An optional filter query may be provided by which to filter the people collection.
|
|
* Space separate the query terms i.e. "john bob" will find all users who's first or
|
|
* second names contain the strings "john" or "bob".
|
|
*
|
|
* @param filter filter query string by which to filter the collection of people.
|
|
* If <pre>null</pre> then all people stored in the repository are returned
|
|
* @param maxResults maximum results to return or all if <= 0
|
|
*
|
|
* @return people collection as a JavaScript array
|
|
*/
|
|
public Scriptable getPeople(String filter, int maxResults)
|
|
{
|
|
return getPeople(filter, maxResults, null, true);
|
|
}
|
|
|
|
/**
|
|
* Get the collection of people stored in the repository.
|
|
* An optional filter query may be provided by which to filter the people collection.
|
|
* Space separate the query terms i.e. "john bob" will find all users who's first or
|
|
* second names contain the strings "john" or "bob".
|
|
* Method supports sorting by specifying sortBy and sortAsc params.
|
|
*
|
|
* @param filter filter query string by which to filter the collection of people.
|
|
* If <pre>null</pre> then all people stored in the repository are returned
|
|
* @param maxResults maximum results to return or all if <= 0
|
|
* @param sortBy field for sorting
|
|
* @param sortAsc sort ascending or not
|
|
*
|
|
* @return people collection as a JavaScript array
|
|
*/
|
|
public Scriptable getPeople(String filter, int maxResults, String sortBy, boolean sortAsc)
|
|
{
|
|
return getPeoplePaging(filter, new ScriptPagingDetails(maxResults, 0), sortBy, Boolean.valueOf(sortAsc));
|
|
}
|
|
|
|
public Scriptable getPeoplePaging(String filter, ScriptPagingDetails pagingRequest, String sortBy, Boolean sortAsc)
|
|
{
|
|
List<PersonInfo> persons = getPeopleImpl(filter, pagingRequest, sortBy, sortAsc);
|
|
|
|
Object[] peopleRefs = new Object[persons.size()];
|
|
for (int i = 0; i < peopleRefs.length; i++)
|
|
{
|
|
peopleRefs[i] = persons.get(i).getNodeRef();
|
|
}
|
|
|
|
return Context.getCurrentContext().newArray(getScope(), peopleRefs);
|
|
}
|
|
|
|
protected List<PersonInfo> getPeopleImpl(String filter, ScriptPagingDetails pagingRequest, String sortBy, Boolean sortAsc)
|
|
{
|
|
ParameterCheck.mandatory("pagingRequest", pagingRequest);
|
|
|
|
boolean useCQ = false;
|
|
if (filter != null)
|
|
{
|
|
if (filter.endsWith(HINT_CQ_SUFFIX))
|
|
{
|
|
useCQ = honorHintUseCQ;
|
|
filter = filter.substring(0, filter.length()-HINT_CQ_SUFFIX.length());
|
|
}
|
|
}
|
|
else
|
|
{
|
|
filter = "*";
|
|
}
|
|
|
|
List<PersonInfo> persons = null;
|
|
|
|
int maxResults = pagingRequest.getMaxItems();
|
|
if ((maxResults <= 0) || (maxResults > defaultListMaxResults))
|
|
{
|
|
// remove open-ended query (eg cutoff at default/configurable max, eg. 5000 people)
|
|
maxResults = defaultListMaxResults;
|
|
pagingRequest.setMaxItems(maxResults);
|
|
}
|
|
|
|
// In order to use a SOLR/Lucene search, we must have a non-empty filter string - see ALF-18876
|
|
if ((filter == null || filter.trim().isEmpty()) || useCQ)
|
|
{
|
|
persons = getPeopleImplDB(filter, pagingRequest, sortBy, sortAsc);
|
|
}
|
|
else
|
|
{
|
|
filter = filter.trim();
|
|
|
|
String term = filter.replace("\"", "");
|
|
String[] tokens = term.split("(?<!\\\\) ");
|
|
int propIndex = term.lastIndexOf(':');
|
|
int wildPosition = term.indexOf('*');
|
|
|
|
// simple filter - can use CQ if search fails
|
|
useCQ = ((tokens.length == 1) && (propIndex == -1) && ((wildPosition == -1) || (wildPosition == (term.length() - 1))));
|
|
|
|
try
|
|
{
|
|
// FTS
|
|
List<NodeRef> personRefs = getPeopleImplSearch(term, tokens, pagingRequest, sortBy, sortAsc);
|
|
|
|
if (personRefs != null)
|
|
{
|
|
persons = new ArrayList<PersonInfo>(personRefs.size());
|
|
for (NodeRef personRef : personRefs)
|
|
{
|
|
persons.add(personService.getPerson(personRef));
|
|
}
|
|
}
|
|
}
|
|
catch (Throwable err)
|
|
{
|
|
if (useCQ)
|
|
{
|
|
// search unavailable and/or parser exception - try CQ instead
|
|
// simple non-FTS filter: firstname or lastname or username starting with term (ignoring case)
|
|
persons = getPeopleImplDB(filter, pagingRequest, sortBy, sortAsc);
|
|
}
|
|
}
|
|
}
|
|
|
|
return (persons != null ? persons : new ArrayList<PersonInfo>(0));
|
|
}
|
|
|
|
// canned query
|
|
protected List<PersonInfo> getPeopleImplDB(String filter, ScriptPagingDetails pagingRequest, String sortBy, Boolean sortAsc)
|
|
{
|
|
List<QName> filterProps = null;
|
|
|
|
if ((filter != null) && (filter.length() > 0))
|
|
{
|
|
filter = filter.trim();
|
|
if (! filter.equals("*"))
|
|
{
|
|
filter = filter.replace("\\", "").replace("\"", "");
|
|
|
|
// simple non-FTS filter: firstname or lastname or username starting with term (ignoring case)
|
|
|
|
filterProps = new ArrayList<QName>(3);
|
|
filterProps.add(ContentModel.PROP_FIRSTNAME);
|
|
filterProps.add(ContentModel.PROP_LASTNAME);
|
|
filterProps.add(ContentModel.PROP_USERNAME);
|
|
}
|
|
}
|
|
|
|
// Build the sorting. The user controls the primary sort, we supply
|
|
// additional ones automatically
|
|
List<Pair<QName,Boolean>> sort = new ArrayList<Pair<QName,Boolean>>();
|
|
if ("lastName".equals(sortBy))
|
|
{
|
|
sort.add(new Pair<QName, Boolean>(ContentModel.PROP_LASTNAME, sortAsc));
|
|
sort.add(new Pair<QName, Boolean>(ContentModel.PROP_FIRSTNAME, sortAsc));
|
|
sort.add(new Pair<QName, Boolean>(ContentModel.PROP_USERNAME, sortAsc));
|
|
}
|
|
else if ("firstName".equals(sortBy))
|
|
{
|
|
sort.add(new Pair<QName, Boolean>(ContentModel.PROP_FIRSTNAME, sortAsc));
|
|
sort.add(new Pair<QName, Boolean>(ContentModel.PROP_LASTNAME, sortAsc));
|
|
sort.add(new Pair<QName, Boolean>(ContentModel.PROP_USERNAME, sortAsc));
|
|
}
|
|
else
|
|
{
|
|
sort.add(new Pair<QName, Boolean>(ContentModel.PROP_USERNAME, sortAsc));
|
|
sort.add(new Pair<QName, Boolean>(ContentModel.PROP_FIRSTNAME, sortAsc));
|
|
sort.add(new Pair<QName, Boolean>(ContentModel.PROP_LASTNAME, sortAsc));
|
|
}
|
|
|
|
return personService.getPeople(filter, filterProps, sort, pagingRequest).getPage();
|
|
}
|
|
|
|
// search query
|
|
protected List<NodeRef> getPeopleImplSearch(String term, String[] tokens, ScriptPagingDetails pagingRequest, String sortBy, Boolean sortAsc) throws Throwable
|
|
{
|
|
List<NodeRef> personRefs = null;
|
|
|
|
Long start = (logger.isDebugEnabled() ? System.currentTimeMillis() : null);
|
|
|
|
int propIndex = term.indexOf(':');
|
|
|
|
int maxResults = pagingRequest.getMaxItems();
|
|
int skipCount = pagingRequest.getSkipCount();
|
|
|
|
SearchParameters params = new SearchParameters();
|
|
params.addQueryTemplate("_PERSON", "|%firstName OR |%lastName OR |%userName");
|
|
params.setDefaultFieldName("_PERSON");
|
|
params.setExcludeTenantFilter(getExcludeTenantFilter());
|
|
params.setPermissionEvaluation(getPermissionEvaluationMode());
|
|
|
|
StringBuilder query = new StringBuilder(256);
|
|
|
|
query.append("TYPE:\"").append(ContentModel.TYPE_PERSON).append("\" AND (");
|
|
|
|
if (tokens.length == 1)
|
|
{
|
|
// single word with no field will go against _PERSON and expand
|
|
|
|
// fts-alfresco property search i.e. location:"maidenhead"
|
|
query.append(term.substring(0, propIndex + 1)).append('"');
|
|
if (propIndex < 0)
|
|
{
|
|
query.append('*');
|
|
}
|
|
query.append(term.substring(propIndex + 1));
|
|
if (propIndex > 0)
|
|
{
|
|
query.append('"');
|
|
}
|
|
else
|
|
{
|
|
query.append("*\"");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// scan for non-fts-alfresco property search tokens
|
|
int nonFtsTokens = 0;
|
|
for (String token : tokens)
|
|
{
|
|
if (token.indexOf(':') == -1) nonFtsTokens++;
|
|
}
|
|
tokens = term.split("(?<!\\\\) ");
|
|
|
|
// multiple terms supplied - look for first and second name etc.
|
|
// also allow fts-alfresco property search to reduce results
|
|
params.setDefaultOperator(SearchParameters.Operator.AND);
|
|
boolean propertySearch = false;
|
|
StringBuilder multiPartNames = new StringBuilder(tokens.length);
|
|
boolean firstToken = true;
|
|
for (String token : tokens)
|
|
{
|
|
if (!propertySearch && token.indexOf(':') == -1)
|
|
{
|
|
if (nonFtsTokens == 1)
|
|
{
|
|
// simple search: first name, last name and username
|
|
// starting with term
|
|
query.append("_PERSON:\"*");
|
|
query.append(token);
|
|
query.append("*\" ");
|
|
}
|
|
else
|
|
{
|
|
// ALF-11311, in order to support multi-part firstNames/lastNames,
|
|
// we need to use the whole tokenized term for both
|
|
// firstName and lastName
|
|
if (token.endsWith("*"))
|
|
{
|
|
token = token.substring(0, token.lastIndexOf("*"));
|
|
}
|
|
multiPartNames.append("\"*");
|
|
multiPartNames.append(token);
|
|
multiPartNames.append("*\"");
|
|
if (firstToken)
|
|
{
|
|
multiPartNames.append(' ');
|
|
}
|
|
firstToken = false;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// fts-alfresco property search i.e. "location:maidenhead"
|
|
propIndex = token.lastIndexOf(':');
|
|
query.append(token.substring(0, propIndex + 1)).append('"')
|
|
.append(token.substring(propIndex + 1)).append('"').append(' ');
|
|
|
|
propertySearch = true;
|
|
}
|
|
}
|
|
// ALF-11311, in order to support multi-part firstNames/lastNames,
|
|
// we need to use the whole tokenized term for both firstName and lastName.
|
|
// e.g. "john junior lewis martinez", where "john junior" is the first
|
|
// name and "lewis martinez" is the last name.
|
|
if (multiPartNames.length() > 0)
|
|
{
|
|
query.append("firstName:");
|
|
query.append(multiPartNames);
|
|
query.append(" OR lastName:");
|
|
query.append(multiPartNames);
|
|
}
|
|
}
|
|
query.append(")");
|
|
|
|
// define the search parameters
|
|
params.setLanguage(SearchService.LANGUAGE_FTS_ALFRESCO);
|
|
params.addStore(this.storeRef);
|
|
params.setQuery(query.toString());
|
|
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
if ((sortBy != null) && (! sortBy.isEmpty()))
|
|
{
|
|
logger.debug("getPeopleImplSearch: ignoring sortBy ("+sortBy+")- not yet supported by model for search");
|
|
}
|
|
}
|
|
|
|
/* not yet supported (default property index tokenisation mode = true)
|
|
if ("lastName".equals(sortBy))
|
|
{
|
|
params.addSort("@{http://www.alfresco.org/model/content/1.0}lastName", sortAsc);
|
|
params.addSort("@{http://www.alfresco.org/model/content/1.0}firstName", sortAsc);
|
|
params.addSort("@{http://www.alfresco.org/model/content/1.0}userName", sortAsc);
|
|
}
|
|
else if ("firstName".equals(sortBy))
|
|
{
|
|
params.addSort("@{http://www.alfresco.org/model/content/1.0}firstName", sortAsc);
|
|
params.addSort("@{http://www.alfresco.org/model/content/1.0}lastName", sortAsc);
|
|
params.addSort("@{http://www.alfresco.org/model/content/1.0}userName", sortAsc);
|
|
}
|
|
else
|
|
{
|
|
params.addSort("@{http://www.alfresco.org/model/content/1.0}userName", sortAsc);
|
|
params.addSort("@{http://www.alfresco.org/model/content/1.0}firstName", sortAsc);
|
|
params.addSort("@{http://www.alfresco.org/model/content/1.0}userName", sortAsc);
|
|
}
|
|
*/
|
|
|
|
if (maxResults > 0)
|
|
{
|
|
params.setLimitBy(LimitBy.FINAL_SIZE);
|
|
params.setLimit(maxResults);
|
|
}
|
|
|
|
if (skipCount > 0)
|
|
{
|
|
params.setSkipCount(skipCount);
|
|
}
|
|
|
|
ResultSet results = null;
|
|
try
|
|
{
|
|
results = services.getSearchService().query(params);
|
|
|
|
personRefs = getSortedPeopleObjects(results.getNodeRefs(), sortBy, sortAsc);
|
|
|
|
if (start != null)
|
|
{
|
|
logger.debug("getPeople: search - "+personRefs.size()+" items (in "+(System.currentTimeMillis()-start)+" msecs)");
|
|
}
|
|
}
|
|
catch (Throwable err)
|
|
{
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("Failed to execute people search: " + query.toString(), err);
|
|
}
|
|
|
|
throw err;
|
|
}
|
|
finally
|
|
{
|
|
if (results != null)
|
|
{
|
|
results.close();
|
|
}
|
|
}
|
|
|
|
return personRefs;
|
|
}
|
|
|
|
private List<NodeRef> getSortedPeopleObjects(List<NodeRef> peopleRefs, final String sortBy, Boolean sortAsc)
|
|
{
|
|
if (sortBy == null)
|
|
{
|
|
return peopleRefs;
|
|
}
|
|
|
|
//make copy of peopleRefs because it can be unmodifiable list.
|
|
List<NodeRef> sortedPeopleRefs = new ArrayList<NodeRef>(peopleRefs);
|
|
final Collator col = Collator.getInstance(I18NUtil.getLocale());
|
|
final NodeService nodeService = services.getNodeService();
|
|
final int orderMultiplicator = ((sortAsc == null) || sortAsc) ? 1 : -1;
|
|
Collections.sort(sortedPeopleRefs, new Comparator<NodeRef>()
|
|
{
|
|
@Override
|
|
public int compare(NodeRef n1, NodeRef n2)
|
|
{
|
|
Serializable p1 = getProperty(n1);
|
|
Serializable p2 = getProperty(n2);
|
|
|
|
if ((p1 instanceof Long) && (p2 instanceof Long))
|
|
{
|
|
return Long.compare((Long)p1, (Long)p2) * orderMultiplicator;
|
|
}
|
|
|
|
return col.compare(p1.toString(), p2) * orderMultiplicator;
|
|
}
|
|
|
|
public Serializable getProperty(NodeRef nodeRef)
|
|
{
|
|
Serializable result;
|
|
|
|
if ("fullName".equalsIgnoreCase(sortBy))
|
|
{
|
|
String firstName = (String)nodeService.getProperty(nodeRef, ContentModel.PROP_FIRSTNAME);
|
|
String lastName = (String)nodeService.getProperty(nodeRef, ContentModel.PROP_LASTNAME);
|
|
String fullName = firstName;
|
|
if (lastName != null && lastName.length() > 0)
|
|
{
|
|
fullName = fullName + " " + lastName;
|
|
}
|
|
|
|
result = fullName;
|
|
}
|
|
else if ("jobtitle".equalsIgnoreCase(sortBy))
|
|
{
|
|
result = nodeService.getProperty(nodeRef, ContentModel.PROP_JOBTITLE);
|
|
}
|
|
else if ("email".equalsIgnoreCase(sortBy))
|
|
{
|
|
result = nodeService.getProperty(nodeRef, ContentModel.PROP_EMAIL);
|
|
}
|
|
else if ("usage".equalsIgnoreCase(sortBy))
|
|
{
|
|
result = nodeService.getProperty(nodeRef, ContentModel.PROP_SIZE_CURRENT);
|
|
}
|
|
else if ("quota".equalsIgnoreCase(sortBy))
|
|
{
|
|
result = nodeService.getProperty(nodeRef, ContentModel.PROP_SIZE_QUOTA);
|
|
}
|
|
else
|
|
{
|
|
// Default
|
|
result = nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
|
|
}
|
|
|
|
if (result == null)
|
|
{
|
|
result = "";
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
});
|
|
|
|
return sortedPeopleRefs;
|
|
}
|
|
|
|
/**
|
|
* Gets the Person given the username
|
|
*
|
|
* @param username the username of the person to get
|
|
* @return the person node (type cm:person) or null if no such person exists
|
|
*/
|
|
public ScriptNode getPerson(final String username)
|
|
{
|
|
NodeRef personRef = null;
|
|
|
|
ParameterCheck.mandatory("Username", username);
|
|
try
|
|
{
|
|
personRef = personService.getPersonOrNull(username);
|
|
}
|
|
catch(AccessDeniedException e)
|
|
{
|
|
// ok, just return null to indicate not found
|
|
}
|
|
|
|
return personRef == null ? null : new ScriptNode(personRef, services, getScope());
|
|
}
|
|
|
|
/**
|
|
* Faster helper when the script just wants to build the Full name for a person.
|
|
* Avoids complete getProperties() retrieval for a cm:person.
|
|
*
|
|
* @param username the username of the person to get Full name for
|
|
* @return full name for a person or null if the user does not exist in the system.
|
|
*/
|
|
public String getPersonFullName(final String username)
|
|
{
|
|
String name = null;
|
|
ParameterCheck.mandatoryString("Username", username);
|
|
final NodeRef personRef = personService.getPersonOrNull(username);
|
|
if (personRef != null)
|
|
{
|
|
final NodeService nodeService = services.getNodeService();
|
|
final String firstName = (String)nodeService.getProperty(personRef, ContentModel.PROP_FIRSTNAME);
|
|
final String lastName = (String)nodeService.getProperty(personRef, ContentModel.PROP_LASTNAME);
|
|
name = (firstName != null ? firstName + " " : "") + (lastName != null ? lastName : "");
|
|
}
|
|
return name;
|
|
}
|
|
|
|
/**
|
|
* Gets the Group given the group name
|
|
*
|
|
* @param groupName name of group to get
|
|
* @return the group node (type usr:authorityContainer) or null if no such group exists
|
|
*/
|
|
public ScriptNode getGroup(String groupName)
|
|
{
|
|
ParameterCheck.mandatoryString("GroupName", groupName);
|
|
ScriptNode group = null;
|
|
NodeRef groupRef = authorityDAO.getAuthorityNodeRefOrNull(groupName);
|
|
if (groupRef != null)
|
|
{
|
|
group = new ScriptNode(groupRef, services, getScope());
|
|
}
|
|
return group;
|
|
}
|
|
|
|
/**
|
|
* Deletes a group from the system.
|
|
*
|
|
* @param group The group to delete
|
|
*/
|
|
public void deleteGroup(ScriptNode group)
|
|
{
|
|
ParameterCheck.mandatory("Group", group);
|
|
if (group.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
String groupName = (String)group.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
authorityService.deleteAuthority(groupName);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Create a new root level group with the specified unique name
|
|
*
|
|
* @param groupName The unique group name to create - NOTE: do not prefix with "GROUP_"
|
|
*
|
|
* @return the group reference if successful or null if failed
|
|
*/
|
|
public ScriptNode createGroup(String groupName)
|
|
{
|
|
return createGroup(null, groupName);
|
|
}
|
|
|
|
/**
|
|
* Create a new group with the specified unique name
|
|
*
|
|
* @param parentGroup The parent group node - can be null for a root level group
|
|
* @param groupName The unique group name to create - NOTE: do not prefix with "GROUP_"
|
|
*
|
|
* @return the group reference if successful or null if failed
|
|
*/
|
|
public ScriptNode createGroup(ScriptNode parentGroup, String groupName)
|
|
{
|
|
ParameterCheck.mandatoryString("GroupName", groupName);
|
|
|
|
ScriptNode group = null;
|
|
|
|
String actualName = services.getAuthorityService().getName(AuthorityType.GROUP, groupName);
|
|
if (authorityService.authorityExists(actualName) == false)
|
|
{
|
|
String result = authorityService.createAuthority(AuthorityType.GROUP, groupName);
|
|
if (parentGroup != null)
|
|
{
|
|
String parentGroupName = (String)parentGroup.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
if (parentGroupName != null)
|
|
{
|
|
authorityService.addAuthority(parentGroupName, actualName);
|
|
}
|
|
}
|
|
group = getGroup(result);
|
|
}
|
|
|
|
return group;
|
|
}
|
|
|
|
/**
|
|
* Add an authority (a user or group) to a group container as a new child
|
|
*
|
|
* @param parentGroup The parent container group
|
|
* @param authority The authority (user or group) to add
|
|
*/
|
|
public void addAuthority(ScriptNode parentGroup, ScriptNode authority)
|
|
{
|
|
ParameterCheck.mandatory("Authority", authority);
|
|
ParameterCheck.mandatory("ParentGroup", parentGroup);
|
|
if (parentGroup.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
String parentGroupName = (String)parentGroup.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
String authorityName;
|
|
if (authority.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
authorityName = (String)authority.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
}
|
|
else
|
|
{
|
|
authorityName = (String)authority.getProperties().get(ContentModel.PROP_USERNAME);
|
|
}
|
|
authorityService.addAuthority(parentGroupName, authorityName);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Remove an authority (a user or group) from a group
|
|
*
|
|
* @param parentGroup The parent container group
|
|
* @param authority The authority (user or group) to remove
|
|
*/
|
|
public void removeAuthority(ScriptNode parentGroup, ScriptNode authority)
|
|
{
|
|
ParameterCheck.mandatory("Authority", authority);
|
|
ParameterCheck.mandatory("ParentGroup", parentGroup);
|
|
if (parentGroup.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
String parentGroupName = (String)parentGroup.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
String authorityName;
|
|
if (authority.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
authorityName = (String)authority.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
}
|
|
else
|
|
{
|
|
authorityName = (String)authority.getProperties().get(ContentModel.PROP_USERNAME);
|
|
}
|
|
authorityService.removeAuthority(parentGroupName, authorityName);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Gets the members (people) of a group (including all sub-groups)
|
|
*
|
|
* @param group the group to retrieve members for
|
|
*
|
|
* @return members of the group as a JavaScript array
|
|
*/
|
|
public Scriptable getMembers(ScriptNode group)
|
|
{
|
|
ParameterCheck.mandatory("Group", group);
|
|
Object[] members = getContainedAuthorities(group, AuthorityType.USER, true);
|
|
return Context.getCurrentContext().newArray(getScope(), members);
|
|
}
|
|
|
|
/**
|
|
* Gets the members (people) of a group
|
|
*
|
|
* @param group the group to retrieve members for
|
|
* @param recurse recurse into sub-groups
|
|
*
|
|
* @return the members of the group as a JavaScript array
|
|
*/
|
|
public Scriptable getMembers(ScriptNode group, boolean recurse)
|
|
{
|
|
ParameterCheck.mandatory("Group", group);
|
|
Object[] members = getContainedAuthorities(group, AuthorityType.USER, recurse);
|
|
return Context.getCurrentContext().newArray(getScope(), members);
|
|
}
|
|
|
|
/**
|
|
* Gets the groups that contain the specified authority
|
|
*
|
|
* @param person the user (cm:person) to get the containing groups for
|
|
*
|
|
* @return the containing groups as a JavaScript array
|
|
*/
|
|
public Scriptable getContainerGroups(ScriptNode person)
|
|
{
|
|
ParameterCheck.mandatory("Person", person);
|
|
Object[] parents = null;
|
|
Set<String> authorities = this.authorityService.getContainingAuthoritiesInZone(
|
|
AuthorityType.GROUP,
|
|
(String)person.getProperties().get(ContentModel.PROP_USERNAME),
|
|
AuthorityService.ZONE_APP_DEFAULT, null, 1000);
|
|
parents = new Object[authorities.size()];
|
|
int i = 0;
|
|
for (String authority : authorities)
|
|
{
|
|
ScriptNode group = getGroup(authority);
|
|
if (group != null)
|
|
{
|
|
parents[i++] = group;
|
|
}
|
|
}
|
|
return Context.getCurrentContext().newArray(getScope(), parents);
|
|
}
|
|
|
|
/**
|
|
* Return true if the specified user is an Administrator authority.
|
|
*
|
|
* @param person to test
|
|
*
|
|
* @return true if an admin, false otherwise
|
|
*/
|
|
public boolean isAdmin(ScriptNode person)
|
|
{
|
|
ParameterCheck.mandatory("Person", person);
|
|
return this.authorityService.isAdminAuthority((String)person.getProperties().get(ContentModel.PROP_USERNAME));
|
|
}
|
|
|
|
/**
|
|
* Return true if the specified user is an guest authority.
|
|
*
|
|
* @param person to test
|
|
*
|
|
* @return true if an admin, false otherwise
|
|
*/
|
|
public boolean isGuest(ScriptNode person)
|
|
{
|
|
ParameterCheck.mandatory("Person", person);
|
|
return this.authorityService.isGuestAuthority((String) person.getProperties().get(ContentModel.PROP_USERNAME));
|
|
}
|
|
|
|
/**
|
|
* Gets a map of capabilities (boolean assertions) for the given person.
|
|
*
|
|
* @param person
|
|
* the person
|
|
* @return the capability map
|
|
*/
|
|
public Map<String, Boolean> getCapabilities(final ScriptNode person)
|
|
{
|
|
ParameterCheck.mandatory("Person", person);
|
|
Map<String,Boolean> retVal = new ScriptableHashMap<String, Boolean>();
|
|
retVal.putAll(this.valueDerivingMapFactory.getMap(person));
|
|
return retVal;
|
|
}
|
|
|
|
/**
|
|
* Return a map of the Person properties that are marked as immutable for the given user.
|
|
* This enables a script to interogate which properties are dealt with by an external
|
|
* system such as LDAP and should not be mutable in any client UI.
|
|
*
|
|
* @param username String
|
|
*
|
|
* @return ScriptableHashMap
|
|
*/
|
|
public ScriptableHashMap getImmutableProperties(String username)
|
|
{
|
|
Set<QName> props = userRegistrySynchronizer.getPersonMappedProperties(username);
|
|
ScriptableHashMap propMap = new ScriptableHashMap();
|
|
for (QName prop : props)
|
|
{
|
|
propMap.put(prop.toString(), Boolean.TRUE);
|
|
}
|
|
return propMap;
|
|
}
|
|
|
|
/**
|
|
* Get Contained Authorities
|
|
*
|
|
* @param container authority containers
|
|
* @param type authority type to filter by
|
|
* @param recurse recurse into sub-containers
|
|
*
|
|
* @return contained authorities
|
|
*/
|
|
private Object[] getContainedAuthorities(ScriptNode container, AuthorityType type, boolean recurse)
|
|
{
|
|
Object[] members = null;
|
|
|
|
if (container.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
|
|
{
|
|
String groupName = (String)container.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
|
|
Set<String> authorities = authorityService.getContainedAuthorities(type, groupName, !recurse);
|
|
members = new Object[authorities.size()];
|
|
int i = 0;
|
|
for (String authority : authorities)
|
|
{
|
|
AuthorityType authorityType = AuthorityType.getAuthorityType(authority);
|
|
if (authorityType.equals(AuthorityType.GROUP))
|
|
{
|
|
ScriptNode group = getGroup(authority);
|
|
if (group != null)
|
|
{
|
|
members[i++] = group;
|
|
}
|
|
}
|
|
else if (authorityType.equals(AuthorityType.USER))
|
|
{
|
|
ScriptNode person = getPerson(authority);
|
|
if (person != null)
|
|
{
|
|
members[i++] = person;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return members != null ? members : new Object[0];
|
|
}
|
|
|
|
public boolean getExcludeTenantFilter()
|
|
{
|
|
return false;
|
|
}
|
|
|
|
public PermissionEvaluationMode getPermissionEvaluationMode()
|
|
{
|
|
return PermissionEvaluationMode.EAGER;
|
|
}
|
|
}
|