mirror of
				https://github.com/Alfresco/alfresco-community-repo.git
				synced 2025-10-22 15:12:38 +00:00 
			
		
		
		
	111834: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)
      111589: Merged V4.1-BUG-FIX (4.1.11) to V4.2-BUG-FIX (4.2.6)
         111531: MNT-13871: Count authorised users as those who've logged in, not total # of person objects
            -  Added small changes required for compilation of authorization module.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.1.N/root@111899 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
		
	
		
			
				
	
	
		
			1308 lines
		
	
	
		
			48 KiB
		
	
	
	
		
			Java
		
	
	
	
	
	
			
		
		
	
	
			1308 lines
		
	
	
		
			48 KiB
		
	
	
	
		
			Java
		
	
	
	
	
	
| /*
 | |
|  * Copyright (C) 2005-2015 Alfresco Software Limited.
 | |
|  *
 | |
|  * This file is part of Alfresco
 | |
|  *
 | |
|  * Alfresco is free software: you can redistribute it and/or modify
 | |
|  * it under the terms of the GNU Lesser General Public License as published by
 | |
|  * the Free Software Foundation, either version 3 of the License, or
 | |
|  * (at your option) any later version.
 | |
|  *
 | |
|  * Alfresco is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU Lesser General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU Lesser General Public License
 | |
|  * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
 | |
|  */
 | |
| package org.alfresco.repo.jscript;
 | |
| 
 | |
| import java.io.Serializable;
 | |
| import java.text.Collator;
 | |
| import java.util.ArrayList;
 | |
| import java.util.Collections;
 | |
| import java.util.Comparator;
 | |
| import java.util.HashMap;
 | |
| import java.util.List;
 | |
| import java.util.Map;
 | |
| import java.util.Set;
 | |
| 
 | |
| import org.alfresco.model.ContentModel;
 | |
| import org.alfresco.repo.security.authentication.AuthenticationException;
 | |
| import org.alfresco.repo.security.authentication.AuthenticationUtil;
 | |
| import org.alfresco.repo.security.authentication.UserNameGenerator;
 | |
| import org.alfresco.repo.security.authority.AuthorityDAO;
 | |
| import org.alfresco.repo.security.permissions.AccessDeniedException;
 | |
| import org.alfresco.repo.security.person.PersonServiceImpl;
 | |
| import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
 | |
| import org.alfresco.repo.tenant.TenantDomainMismatchException;
 | |
| import org.alfresco.repo.tenant.TenantService;
 | |
| import org.alfresco.service.ServiceRegistry;
 | |
| import org.alfresco.service.cmr.repository.NodeRef;
 | |
| import org.alfresco.service.cmr.repository.NodeService;
 | |
| import org.alfresco.service.cmr.repository.StoreRef;
 | |
| import org.alfresco.service.cmr.search.LimitBy;
 | |
| import org.alfresco.service.cmr.search.PermissionEvaluationMode;
 | |
| import org.alfresco.service.cmr.search.ResultSet;
 | |
| import org.alfresco.service.cmr.search.SearchParameters;
 | |
| import org.alfresco.service.cmr.search.SearchService;
 | |
| import org.alfresco.service.cmr.security.AuthorityService;
 | |
| import org.alfresco.service.cmr.security.AuthorityType;
 | |
| import org.alfresco.service.cmr.security.MutableAuthenticationService;
 | |
| import org.alfresco.service.cmr.security.PersonService;
 | |
| import org.alfresco.service.cmr.security.PersonService.PersonInfo;
 | |
| import org.alfresco.service.cmr.usage.ContentUsageService;
 | |
| import org.alfresco.service.namespace.QName;
 | |
| import org.alfresco.util.Pair;
 | |
| import org.alfresco.util.PropertyMap;
 | |
| import org.alfresco.util.ScriptPagingDetails;
 | |
| import org.alfresco.util.ValueDerivingMapFactory;
 | |
| import org.alfresco.util.ValueDerivingMapFactory.ValueDeriver;
 | |
| import org.apache.commons.logging.Log;
 | |
| import org.apache.commons.logging.LogFactory;
 | |
| import org.mozilla.javascript.Context;
 | |
| import org.mozilla.javascript.Scriptable;
 | |
| import org.springframework.beans.factory.InitializingBean;
 | |
| import org.springframework.extensions.surf.util.I18NUtil;
 | |
| import org.springframework.extensions.surf.util.ParameterCheck;
 | |
| 
 | |
| /**
 | |
|  * Scripted People service for describing and executing actions against People & Groups.
 | |
|  * 
 | |
|  * @author davidc
 | |
|  * @author kevinr
 | |
|  */
 | |
| public class People extends BaseScopableProcessorExtension implements InitializingBean
 | |
| {
 | |
|     private static Log logger = LogFactory.getLog(People.class);
 | |
|     
 | |
|     /** Repository Service Registry */
 | |
|     private ServiceRegistry services;
 | |
|     private AuthorityDAO authorityDAO;
 | |
|     private AuthorityService authorityService;
 | |
|     private PersonService personService;
 | |
|     private MutableAuthenticationService authenticationService;
 | |
|     private ContentUsageService contentUsageService;
 | |
|     private UserNameGenerator usernameGenerator;
 | |
|     private UserRegistrySynchronizer userRegistrySynchronizer;
 | |
|     protected TenantService tenantService;
 | |
|     
 | |
|     private StoreRef storeRef;
 | |
|     private ValueDerivingMapFactory<ScriptNode, String, Boolean> valueDerivingMapFactory;
 | |
|     private int numRetries = 10;
 | |
|     
 | |
|     private int defaultListMaxResults = 5000;
 | |
|     private boolean honorHintUseCQ = true;
 | |
|     
 | |
|     protected static final String HINT_CQ_SUFFIX = " [hint:useCQ]";
 | |
|     
 | |
|     public void afterPropertiesSet() throws Exception
 | |
|     {
 | |
|         Map <String, ValueDeriver<ScriptNode, Boolean>> capabilityTesters = new HashMap<String, ValueDeriver<ScriptNode, Boolean>>(5);
 | |
|         capabilityTesters.put("isAdmin", new ValueDeriver<ScriptNode, Boolean>()
 | |
|         {
 | |
|             public Boolean deriveValue(ScriptNode source)
 | |
|             {
 | |
|                 return isAdmin(source);
 | |
|             }
 | |
|         });
 | |
|         capabilityTesters.put("isGuest", new ValueDeriver<ScriptNode, Boolean>()
 | |
|         {
 | |
|             public Boolean deriveValue(ScriptNode source)
 | |
|             {
 | |
|                 return isGuest(source);
 | |
|             }
 | |
|         });
 | |
|         capabilityTesters.put("isMutable", new ValueDeriver<ScriptNode, Boolean>()
 | |
|         {
 | |
|             public Boolean deriveValue(ScriptNode source)
 | |
|             {
 | |
|                 // Check whether the account is mutable according to the authentication service
 | |
|                 String sourceUser = (String) source.getProperties().get(ContentModel.PROP_USERNAME);
 | |
|                 if (!authenticationService.isAuthenticationMutable(sourceUser))
 | |
|                 {
 | |
|                     return false;
 | |
|                 }
 | |
|                 // Only allow non-admin users to mutate their own accounts
 | |
|                 String currentUser = authenticationService.getCurrentUserName();
 | |
|                 if (currentUser.equals(sourceUser) || authorityService.isAdminAuthority(currentUser))
 | |
|                 {
 | |
|                     return true;
 | |
|                 }
 | |
|                 return false;
 | |
|             }
 | |
|         });
 | |
|         this.valueDerivingMapFactory = new ValueDerivingMapFactory<ScriptNode, String, Boolean>(capabilityTesters);
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Set the default store reference
 | |
|      * 
 | |
|      * @param   storeRef the default store reference
 | |
|      */
 | |
|     public void setStoreUrl(String storeRef)
 | |
|     {
 | |
|         // ensure this is not set again by a script instance
 | |
|         if (this.storeRef != null)
 | |
|         {
 | |
|             throw new IllegalStateException("Default store URL can only be set once.");
 | |
|         }
 | |
|         this.storeRef = new StoreRef(storeRef);
 | |
|     }    
 | |
| 
 | |
|     /**
 | |
|      * Sets the authentication service.
 | |
|      * 
 | |
|      * @param authenticationService
 | |
|      *            the authentication service
 | |
|      */
 | |
|     public void setAuthenticationService(MutableAuthenticationService authenticationService)
 | |
|     {
 | |
|         this.authenticationService = authenticationService;
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Set the service registry
 | |
|      * 
 | |
|      * @param serviceRegistry	the service registry
 | |
|      */
 | |
|     public void setServiceRegistry(ServiceRegistry serviceRegistry)
 | |
|     {
 | |
|     	this.services = serviceRegistry;
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Set the authority DAO
 | |
|      *
 | |
|      * @param authorityDAO  authority dao
 | |
|      */
 | |
|     public void setAuthorityDAO(AuthorityDAO authorityDAO)
 | |
|     {
 | |
|         this.authorityDAO = authorityDAO;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Set the authority service
 | |
|      * 
 | |
|      * @param authorityService The authorityService to set.
 | |
|      */
 | |
|     public void setAuthorityService(AuthorityService authorityService)
 | |
|     {
 | |
|         this.authorityService = authorityService;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Set the person service
 | |
|      * 
 | |
|      * @param personService The personService to set.
 | |
|      */
 | |
|     public void setPersonService(PersonService personService)
 | |
|     {
 | |
|         this.personService = personService;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * @param contentUsageService   the ContentUsageService to set
 | |
|      */
 | |
|     public void setContentUsageService(ContentUsageService contentUsageService)
 | |
|     {
 | |
|         this.contentUsageService = contentUsageService;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * @param tenantService   the tenantService to set
 | |
|      */
 | |
|     public void setTenantService(TenantService tenantService)
 | |
|     {
 | |
|         this.tenantService = tenantService;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Set the user name generator service
 | |
|      * 
 | |
|      * @param userNameGenerator the user name generator 
 | |
|      */
 | |
|     public void setUserNameGenerator(UserNameGenerator userNameGenerator)
 | |
|     {
 | |
|         this.usernameGenerator = userNameGenerator;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Set the UserRegistrySynchronizer
 | |
|      * 
 | |
|      * @param userRegistrySynchronizer UserRegistrySynchronizer
 | |
|      */
 | |
|     public void setUserRegistrySynchronizer(UserRegistrySynchronizer userRegistrySynchronizer)
 | |
|     {
 | |
|         this.userRegistrySynchronizer = userRegistrySynchronizer;
 | |
|     }
 | |
|     
 | |
|     public void setDefaultListMaxResults(int defaultListMaxResults)
 | |
|     {
 | |
|         this.defaultListMaxResults = defaultListMaxResults;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Allows customers to choose to use Solr or Lucene rather than a canned query in
 | |
|      * {@link #getPeople(String, int, String, boolean)} when
 | |
|      * {@code " [hint:useCQ]"} is appended to the search term (currently Share's
 | |
|      * User Console does this). The down side is that new users may not appear as they
 | |
|      * will not have been indexed. This is similar to what happened in 4.1.1 prior to
 | |
|      * MNT-7548 (4.1.2 and 4.1.1.1). The down side of using a canned query at the moment
 | |
|      * is that there is a bug, so that it is impossible to search for names such as
 | |
|      * {@code "Carlos Allende García"} where the first or last names may contain spaces.
 | |
|      * See MNT-9719 for more details. The alfresco global property
 | |
|      * {@code people.search.honor.hint.useCQ} is used to set this value (default is true).
 | |
|      */
 | |
|     public void setHonorHintUseCQ(boolean honorHintUseCQ)
 | |
|     {
 | |
|         this.honorHintUseCQ = honorHintUseCQ;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Delete a Person with the given username
 | |
|      * 
 | |
|      * @param username the username of the person to delete
 | |
|      */
 | |
|     public void deletePerson(String username)
 | |
|     {
 | |
|         personService.deletePerson(username);
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Create a Person with an optionally generated user name. 
 | |
|      * This version doesn't notify them.
 | |
|      * 
 | |
|      * @param userName userName or null for a generated user name
 | |
|      * @param firstName firstName
 | |
|      * @param lastName lastName
 | |
|      * @param emailAddress emailAddress
 | |
|      * @param password if not null creates a new authenticator with the given password.
 | |
|      * @param setAccountEnabled
 | |
|      *            set to 'true' to create enabled user account, or 'false' to
 | |
|      *            create disabled user account for created person.
 | |
|      * @return the person node (type cm:person) created or null if the person
 | |
|      *         could not be created
 | |
|      */
 | |
|     public ScriptNode createPerson(String userName, String firstName, String lastName, String emailAddress, String password, boolean setAccountEnabled)
 | |
|     {
 | |
|         return createPerson(userName, firstName, lastName, emailAddress, password, setAccountEnabled, false);
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Create a Person with an optionally generated user name
 | |
|      * 
 | |
|      * @param userName userName or null for a generated user name
 | |
|      * @param firstName firstName
 | |
|      * @param lastName lastName
 | |
|      * @param emailAddress emailAddress
 | |
|      * @param password if not null creates a new authenticator with the given password.
 | |
|      * @param setAccountEnabled
 | |
|      *            set to 'true' to create enabled user account, or 'false' to
 | |
|      *            create disabled user account for created person.
 | |
|      * @param notifyByEmail
 | |
|      *            set to 'true' to have the new user emailed to let them know
 | |
|      *            their account details. Only applies if a username and 
 | |
|      *            password were supplied.
 | |
|      * @return the person node (type cm:person) created or null if the person
 | |
|      *         could not be created
 | |
|      */
 | |
|     public ScriptNode createPerson(String userName, String firstName, String lastName, String emailAddress, 
 | |
|             String password, boolean setAccountEnabled, boolean notifyByEmail)
 | |
|     {
 | |
|     	ParameterCheck.mandatory("firstName", firstName);
 | |
|     	ParameterCheck.mandatory("emailAddress", emailAddress);
 | |
|         
 | |
|         ScriptNode person = null;
 | |
|         
 | |
|         // generate user name if not supplied
 | |
|         if (userName == null)
 | |
|         {
 | |
|             for (int i=0; i < numRetries; i++)
 | |
|             {
 | |
|             	userName = usernameGenerator.generateUserName(firstName, lastName, emailAddress, i);
 | |
|             	
 | |
|             	// create person if user name does not already exist
 | |
|             	if (!personService.personExists(userName))
 | |
|             	{
 | |
|             	    break;
 | |
|             	}
 | |
|             }
 | |
|         }
 | |
|         
 | |
|         if (userName != null)
 | |
|         {
 | |
|             try
 | |
|             {
 | |
|                 userName = PersonServiceImpl.updateUsernameForTenancy(userName, tenantService);
 | |
|             }
 | |
|             catch (TenantDomainMismatchException re)
 | |
|             {
 | |
|                 throw new AuthenticationException("User must belong to same domain as admin: " + re.getTenantA());
 | |
|             }
 | |
|             
 | |
|             person = createPerson(userName, firstName, lastName, emailAddress);
 | |
|             
 | |
|     		if (person != null && password != null)
 | |
|     		{   			
 | |
|     			// create account for person with the userName and password
 | |
|     		    authenticationService.createAuthentication(userName, password.toCharArray());
 | |
|     		    authenticationService.setAuthenticationEnabled(userName, setAccountEnabled);
 | |
|     			
 | |
|     			person.save();
 | |
|     			
 | |
|     			if(notifyByEmail)
 | |
|     			{
 | |
|     			    personService.notifyPerson(userName, password);
 | |
|     			}
 | |
|     		}
 | |
|         }
 | |
|         
 | |
|         return person;
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Enable user account. Can only be called by an Admin authority.
 | |
|      * 
 | |
|      * @param userName      user name for which to enable user account
 | |
|      */
 | |
|     public void enableAccount(String userName)
 | |
|     {
 | |
|         if (this.authorityService.isAdminAuthority(AuthenticationUtil.getFullyAuthenticatedUser()))
 | |
|         {
 | |
|             this.authenticationService.setAuthenticationEnabled(userName, true);
 | |
|         }
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Disable user account. Can only be called by an Admin authority.
 | |
|      * 
 | |
|      * @param userName      user name for which to disable user account
 | |
|      */
 | |
|     public void disableAccount(String userName)
 | |
|     {
 | |
|         if (this.authorityService.isAdminAuthority(AuthenticationUtil.getFullyAuthenticatedUser()))
 | |
|         {
 | |
|             this.authenticationService.setAuthenticationEnabled(userName, false);
 | |
|         }
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Return true if the specified user account is enabled.
 | |
|      *  
 | |
|      * @param userName      user name to test account
 | |
|      * 
 | |
|      * @return true if account enabled, false if disabled
 | |
|      */
 | |
|     public boolean isAccountEnabled(String userName)
 | |
|     {
 | |
|         return this.authenticationService.getAuthenticationEnabled(userName);
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Change the password for the currently logged in user.
 | |
|      * Old password must be supplied.
 | |
|      *  
 | |
|      * @param oldPassword       Old user password
 | |
|      * @param newPassword       New user password
 | |
|      */
 | |
|     public void changePassword(String oldPassword, String newPassword)
 | |
|     {
 | |
|         ParameterCheck.mandatoryString("oldPassword", oldPassword);
 | |
|         ParameterCheck.mandatoryString("newPassword", newPassword);
 | |
|         
 | |
|         this.services.getAuthenticationService().updateAuthentication(
 | |
|                 AuthenticationUtil.getFullyAuthenticatedUser(), oldPassword.toCharArray(), newPassword.toCharArray());
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Set a password for the given user. Note that only an administrator
 | |
|      * can perform this action, otherwise it will be ignored.
 | |
|      * 
 | |
|      * @param userName          Username to change password for
 | |
|      * @param password          Password to set
 | |
|      */
 | |
|     public void setPassword(String userName, String password)
 | |
|     {
 | |
|         ParameterCheck.mandatoryString("userName", userName);
 | |
|         ParameterCheck.mandatoryString("password", password);
 | |
|         
 | |
|         MutableAuthenticationService authService = this.services.getAuthenticationService();
 | |
|         if (this.authorityService.hasAdminAuthority() && (userName.equalsIgnoreCase(authService.getCurrentUserName()) == false))
 | |
|         {
 | |
|             authService.setAuthentication(userName, password.toCharArray());
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Create a Person with the given user name
 | |
|      * 
 | |
|      * @param userName the user name of the person to create
 | |
|      * @return the person node (type cm:person) created or null if the user name already exists
 | |
|      */
 | |
|     public ScriptNode createPerson(String userName)
 | |
|     {
 | |
|         ParameterCheck.mandatoryString("userName", userName);
 | |
|         
 | |
|         ScriptNode person = null;
 | |
|         
 | |
|         PropertyMap properties = new PropertyMap();
 | |
|         properties.put(ContentModel.PROP_USERNAME, userName);
 | |
|         
 | |
|         if (!personService.personExists(userName))
 | |
|         {
 | |
|             NodeRef personRef = personService.createPerson(properties); 
 | |
|             person = new ScriptNode(personRef, services, getScope()); 
 | |
|         }
 | |
|         
 | |
|         return person;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Create a Person with the given user name, firstName, lastName and emailAddress
 | |
|      * 
 | |
|      * @param userName the user name of the person to create
 | |
|      * @return the person node (type cm:person) created or null if the user name already exists
 | |
|      */
 | |
|     public ScriptNode createPerson(String userName, String firstName, String lastName, String emailAddress)
 | |
|     {
 | |
|         ParameterCheck.mandatoryString("userName", userName);
 | |
|         ParameterCheck.mandatoryString("firstName", firstName);
 | |
|         ParameterCheck.mandatoryString("emailAddress", emailAddress);
 | |
|         
 | |
|         ScriptNode person = null;
 | |
|         
 | |
|         PropertyMap properties = new PropertyMap();
 | |
|         properties.put(ContentModel.PROP_USERNAME, userName);
 | |
|         properties.put(ContentModel.PROP_FIRSTNAME, firstName);
 | |
|         properties.put(ContentModel.PROP_LASTNAME, lastName);
 | |
|         properties.put(ContentModel.PROP_EMAIL, emailAddress);
 | |
|         
 | |
|         if (!personService.personExists(userName))
 | |
|         {
 | |
|             NodeRef personRef = personService.createPerson(properties);
 | |
|             person = new ScriptNode(personRef, services, getScope()); 
 | |
|         }
 | |
|         
 | |
|         return person;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Set the content quota in bytes for a person.
 | |
|      * Only the admin authority can set this value.
 | |
|      * 
 | |
|      * @param person    Person to set quota against.
 | |
|      * @param quota     As a string, in bytes, a value of "-1" means no quota is set
 | |
|      */
 | |
|     public void setQuota(ScriptNode person, String quota)
 | |
|     {
 | |
|         if (this.authorityService.isAdminAuthority(AuthenticationUtil.getFullyAuthenticatedUser()))
 | |
|         {
 | |
|             this.contentUsageService.setUserQuota((String)person.getProperties().get(ContentModel.PROP_USERNAME), Long.parseLong(quota));
 | |
|         }
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Get the collection of people stored in the repository.
 | |
|      * An optional filter query may be provided by which to filter the people collection.
 | |
|      * Space separate the query terms i.e. "john bob" will find all users who's first or
 | |
|      * second names contain the strings "john" or "bob".
 | |
|      * 
 | |
|      * @param filter filter query string by which to filter the collection of people.
 | |
|      *          If <pre>null</pre> then all people stored in the repository are returned
 | |
|      *          
 | |
|      * @deprecated recated see getPeople(filter, maxResults)
 | |
|      *          
 | |
|      * @return people collection as a JavaScript array
 | |
|      */
 | |
|     public Scriptable getPeople(String filter)
 | |
|     {
 | |
|         return getPeople(filter, 0);
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Get the collection of people stored in the repository.
 | |
|      * An optional filter query may be provided by which to filter the people collection.
 | |
|      * Space separate the query terms i.e. "john bob" will find all users who's first or
 | |
|      * second names contain the strings "john" or "bob".
 | |
|      * 
 | |
|      * @param filter filter query string by which to filter the collection of people.
 | |
|      *          If <pre>null</pre> then all people stored in the repository are returned
 | |
|      * @param maxResults maximum results to return or all if <= 0
 | |
|      * 
 | |
|      * @return people collection as a JavaScript array
 | |
|      */
 | |
|     public Scriptable getPeople(String filter, int maxResults)
 | |
|     {
 | |
|         return getPeople(filter, maxResults, null, true);
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Get the collection of people stored in the repository.
 | |
|      * An optional filter query may be provided by which to filter the people collection.
 | |
|      * Space separate the query terms i.e. "john bob" will find all users who's first or
 | |
|      * second names contain the strings "john" or "bob".
 | |
|      * Method supports sorting by specifying sortBy and sortAsc params.
 | |
|      * 
 | |
|      * @param filter filter query string by which to filter the collection of people.
 | |
|      *          If <pre>null</pre> then all people stored in the repository are returned
 | |
|      * @param maxResults maximum results to return or all if <= 0
 | |
|      * @param sortBy field for sorting
 | |
|      * @param sortAsc sort ascending or not
 | |
|      * 
 | |
|      * @return people collection as a JavaScript array
 | |
|      */
 | |
|     public Scriptable getPeople(String filter, int maxResults, String sortBy, boolean sortAsc)
 | |
|     {
 | |
|         return getPeoplePaging(filter, new ScriptPagingDetails(maxResults, 0), sortBy, Boolean.valueOf(sortAsc));
 | |
|     }
 | |
|     
 | |
|     public Scriptable getPeoplePaging(String filter, ScriptPagingDetails pagingRequest, String sortBy, Boolean sortAsc)
 | |
|     {
 | |
|         List<PersonInfo> persons = getPeopleImpl(filter, pagingRequest, sortBy, sortAsc);
 | |
|         
 | |
|         Object[] peopleRefs = new Object[persons.size()];
 | |
|         for (int i = 0; i < peopleRefs.length; i++)
 | |
|         {
 | |
|             peopleRefs[i] = persons.get(i).getNodeRef();
 | |
|         }
 | |
|         
 | |
|         return Context.getCurrentContext().newArray(getScope(), peopleRefs);
 | |
|     }
 | |
|     
 | |
|     protected List<PersonInfo> getPeopleImpl(String filter, ScriptPagingDetails pagingRequest, String sortBy, Boolean sortAsc)
 | |
|     {
 | |
|         ParameterCheck.mandatory("pagingRequest", pagingRequest);
 | |
|         
 | |
|         boolean useCQ = false;
 | |
|         if (filter != null)
 | |
|         {
 | |
|             if (filter.endsWith(HINT_CQ_SUFFIX))
 | |
|             {
 | |
|                 useCQ = honorHintUseCQ;
 | |
|                 filter = filter.substring(0, filter.length()-HINT_CQ_SUFFIX.length());
 | |
|             }
 | |
|         }
 | |
|         else
 | |
|         {
 | |
|             filter = "*";
 | |
|         }
 | |
|         
 | |
|         List<PersonInfo> persons = null;
 | |
|         
 | |
|         int maxResults = pagingRequest.getMaxItems();
 | |
|         if ((maxResults <= 0) || (maxResults > defaultListMaxResults))
 | |
|         {
 | |
|             // remove open-ended query (eg cutoff at default/configurable max, eg. 5000 people)
 | |
|             maxResults = defaultListMaxResults;
 | |
|             pagingRequest.setMaxItems(maxResults);
 | |
|         }
 | |
|         
 | |
|         // In order to use a SOLR/Lucene search, we must have a non-empty filter string - see ALF-18876
 | |
|         if ((filter == null || filter.trim().isEmpty()) || useCQ)
 | |
|         {
 | |
|             persons = getPeopleImplDB(filter, pagingRequest, sortBy, sortAsc);
 | |
|         }
 | |
|         else
 | |
|         {
 | |
|             filter = filter.trim();
 | |
|             
 | |
|             String term = filter.replace("\"", "");
 | |
|             String[] tokens = term.split("(?<!\\\\) ");
 | |
|             int propIndex = term.lastIndexOf(':');
 | |
|             int wildPosition = term.indexOf('*');
 | |
|             
 | |
|             // simple filter - can use CQ if search fails
 | |
|             useCQ = ((tokens.length == 1) && (propIndex == -1) && ((wildPosition == -1) || (wildPosition == (term.length() - 1))));
 | |
|             
 | |
|             try
 | |
|             {
 | |
|                 // FTS
 | |
|                 List<NodeRef> personRefs = getPeopleImplSearch(term, tokens, pagingRequest, sortBy, sortAsc);
 | |
|                 
 | |
|                 if (personRefs != null)
 | |
|                 {
 | |
|                     persons = new ArrayList<PersonInfo>(personRefs.size());
 | |
|                     for (NodeRef personRef : personRefs)
 | |
|                     {
 | |
|                         persons.add(personService.getPerson(personRef));
 | |
|                     }
 | |
|                 }
 | |
|             }
 | |
|             catch (Throwable err)
 | |
|             {
 | |
|                 if (useCQ)
 | |
|                 {
 | |
|                     // search unavailable and/or parser exception - try CQ instead
 | |
|                     // simple non-FTS filter: firstname or lastname or username starting with term (ignoring case)
 | |
|                     persons = getPeopleImplDB(filter, pagingRequest, sortBy, sortAsc);
 | |
|                 }
 | |
|             }
 | |
|         }
 | |
|         
 | |
|         return (persons != null ? persons : new ArrayList<PersonInfo>(0));
 | |
|     }
 | |
|     
 | |
|     // canned query
 | |
|     protected List<PersonInfo> getPeopleImplDB(String filter, ScriptPagingDetails pagingRequest, String sortBy, Boolean sortAsc)
 | |
|     {
 | |
|         List<QName> filterProps = null;
 | |
|         
 | |
|         if ((filter != null) && (filter.length() > 0))
 | |
|         {
 | |
|             filter = filter.trim();
 | |
|             if (! filter.equals("*"))
 | |
|             {
 | |
|                 filter = filter.replace("\\", "").replace("\"", "");
 | |
|                 
 | |
|                 // simple non-FTS filter: firstname or lastname or username starting with term (ignoring case)
 | |
|                 
 | |
|                 filterProps = new ArrayList<QName>(3);
 | |
|                 filterProps.add(ContentModel.PROP_FIRSTNAME);
 | |
|                 filterProps.add(ContentModel.PROP_LASTNAME);
 | |
|                 filterProps.add(ContentModel.PROP_USERNAME);
 | |
|             }
 | |
|         }
 | |
|         
 | |
|         // Build the sorting. The user controls the primary sort, we supply
 | |
|         // additional ones automatically
 | |
|         List<Pair<QName,Boolean>> sort = new ArrayList<Pair<QName,Boolean>>();
 | |
|         if ("lastName".equals(sortBy))
 | |
|         {
 | |
|            sort.add(new Pair<QName, Boolean>(ContentModel.PROP_LASTNAME, sortAsc));
 | |
|            sort.add(new Pair<QName, Boolean>(ContentModel.PROP_FIRSTNAME, sortAsc));
 | |
|            sort.add(new Pair<QName, Boolean>(ContentModel.PROP_USERNAME, sortAsc));
 | |
|         }
 | |
|         else if ("firstName".equals(sortBy))
 | |
|         {
 | |
|            sort.add(new Pair<QName, Boolean>(ContentModel.PROP_FIRSTNAME, sortAsc));
 | |
|            sort.add(new Pair<QName, Boolean>(ContentModel.PROP_LASTNAME, sortAsc));
 | |
|            sort.add(new Pair<QName, Boolean>(ContentModel.PROP_USERNAME, sortAsc));
 | |
|         }
 | |
|         else
 | |
|         {
 | |
|            sort.add(new Pair<QName, Boolean>(ContentModel.PROP_USERNAME, sortAsc));
 | |
|            sort.add(new Pair<QName, Boolean>(ContentModel.PROP_FIRSTNAME, sortAsc));
 | |
|            sort.add(new Pair<QName, Boolean>(ContentModel.PROP_LASTNAME, sortAsc));
 | |
|         }
 | |
|         
 | |
|         return personService.getPeople(filter, filterProps, sort, pagingRequest).getPage();
 | |
|     }
 | |
|     
 | |
|     // search query
 | |
|     protected List<NodeRef> getPeopleImplSearch(String term, String[] tokens, ScriptPagingDetails pagingRequest, String sortBy, Boolean sortAsc) throws Throwable
 | |
|     {
 | |
|         List<NodeRef> personRefs = null;
 | |
|         
 | |
|         Long start = (logger.isDebugEnabled() ? System.currentTimeMillis() : null);
 | |
|         
 | |
|         int propIndex = term.indexOf(':');
 | |
|         
 | |
|         int maxResults = pagingRequest.getMaxItems();
 | |
|         int skipCount = pagingRequest.getSkipCount();
 | |
|         
 | |
|         SearchParameters params = new SearchParameters();
 | |
|         params.addQueryTemplate("_PERSON", "|%firstName OR |%lastName OR |%userName");
 | |
|         params.setDefaultFieldName("_PERSON");
 | |
|         params.setExcludeTenantFilter(getExcludeTenantFilter());
 | |
|         params.setPermissionEvaluation(getPermissionEvaluationMode());
 | |
|         
 | |
|         StringBuilder query = new StringBuilder(256);
 | |
|         
 | |
|         query.append("TYPE:\"").append(ContentModel.TYPE_PERSON).append("\" AND (");
 | |
|         
 | |
|         if (tokens.length == 1)
 | |
|         {
 | |
|             // single word with no field will go against _PERSON and expand
 | |
| 
 | |
|             // fts-alfresco property search i.e. location:"maidenhead"
 | |
|             query.append(term.substring(0, propIndex + 1)).append('"');
 | |
|             if (propIndex < 0)
 | |
|             {
 | |
|                 query.append('*');
 | |
|             }
 | |
|             query.append(term.substring(propIndex + 1));
 | |
|             if (propIndex > 0)
 | |
|             {
 | |
|                 query.append('"');
 | |
|             }
 | |
|             else
 | |
|             {
 | |
|                 query.append("*\"");
 | |
|             }
 | |
|         }
 | |
|         else
 | |
|         {
 | |
|             // scan for non-fts-alfresco property search tokens
 | |
|             int nonFtsTokens = 0;
 | |
|             for (String token : tokens)
 | |
|             {
 | |
|                 if (token.indexOf(':') == -1) nonFtsTokens++;
 | |
|             }
 | |
|             tokens = term.split("(?<!\\\\) ");
 | |
| 
 | |
|             // multiple terms supplied - look for first and second name etc.
 | |
|             // also allow fts-alfresco property search to reduce results
 | |
|             params.setDefaultOperator(SearchParameters.Operator.AND);
 | |
|             boolean propertySearch = false;
 | |
|             StringBuilder multiPartNames = new StringBuilder(tokens.length);
 | |
|             boolean firstToken = true;
 | |
|             for (String token : tokens)
 | |
|             {
 | |
|                 if (!propertySearch && token.indexOf(':') == -1)
 | |
|                 {
 | |
|                     if (nonFtsTokens == 1)
 | |
|                     {
 | |
|                         // simple search: first name, last name and username
 | |
|                         // starting with term
 | |
|                         query.append("_PERSON:\"*");
 | |
|                         query.append(token);
 | |
|                         query.append("*\" ");
 | |
|                     }
 | |
|                     else
 | |
|                     {
 | |
|                         // ALF-11311, in order to support multi-part firstNames/lastNames,
 | |
|                         // we need to use the whole tokenized term for both
 | |
|                         // firstName and lastName
 | |
|                         if (token.endsWith("*"))
 | |
|                         {
 | |
|                             token = token.substring(0, token.lastIndexOf("*"));
 | |
|                         }
 | |
|                         multiPartNames.append("\"*");
 | |
|                         multiPartNames.append(token);
 | |
|                         multiPartNames.append("*\"");
 | |
|                         if (firstToken)
 | |
|                         {
 | |
|                             multiPartNames.append(' ');
 | |
|                         }
 | |
|                         firstToken = false;
 | |
|                     }
 | |
|                 }
 | |
|                 else
 | |
|                 {
 | |
|                     // fts-alfresco property search i.e. "location:maidenhead"
 | |
|                     propIndex = token.lastIndexOf(':');
 | |
|                     query.append(token.substring(0, propIndex + 1)).append('"')
 | |
|                                 .append(token.substring(propIndex + 1)).append('"').append(' ');
 | |
| 
 | |
|                     propertySearch = true;
 | |
|                 }
 | |
|             }
 | |
|             // ALF-11311, in order to support multi-part firstNames/lastNames,
 | |
|             // we need to use the whole tokenized term for both firstName and lastName.
 | |
|             // e.g. "john junior lewis martinez", where "john junior" is the first
 | |
|             // name and "lewis martinez" is the last name.
 | |
|             if (multiPartNames.length() > 0)
 | |
|             {
 | |
|                 query.append("firstName:");
 | |
|                 query.append(multiPartNames);
 | |
|                 query.append(" OR lastName:");
 | |
|                 query.append(multiPartNames);
 | |
|             }
 | |
|         }
 | |
|         query.append(")");
 | |
|        
 | |
|        // define the search parameters
 | |
|        params.setLanguage(SearchService.LANGUAGE_FTS_ALFRESCO);
 | |
|        params.addStore(this.storeRef);
 | |
|        params.setQuery(query.toString());
 | |
|        
 | |
|        if (logger.isDebugEnabled())
 | |
|        {
 | |
|            if ((sortBy != null) && (! sortBy.isEmpty()))
 | |
|            {
 | |
|                logger.debug("getPeopleImplSearch: ignoring sortBy ("+sortBy+")- not yet supported by model for search");
 | |
|            }
 | |
|        }
 | |
|        
 | |
|        /* not yet supported (default property index tokenisation mode = true)
 | |
|        if ("lastName".equals(sortBy))
 | |
|        {
 | |
|            params.addSort("@{http://www.alfresco.org/model/content/1.0}lastName", sortAsc);
 | |
|            params.addSort("@{http://www.alfresco.org/model/content/1.0}firstName", sortAsc);
 | |
|            params.addSort("@{http://www.alfresco.org/model/content/1.0}userName", sortAsc);
 | |
|        }
 | |
|        else if ("firstName".equals(sortBy))
 | |
|        {
 | |
|            params.addSort("@{http://www.alfresco.org/model/content/1.0}firstName", sortAsc);
 | |
|            params.addSort("@{http://www.alfresco.org/model/content/1.0}lastName", sortAsc);
 | |
|            params.addSort("@{http://www.alfresco.org/model/content/1.0}userName", sortAsc);
 | |
|        }
 | |
|        else
 | |
|        {
 | |
|            params.addSort("@{http://www.alfresco.org/model/content/1.0}userName", sortAsc);
 | |
|            params.addSort("@{http://www.alfresco.org/model/content/1.0}firstName", sortAsc);
 | |
|            params.addSort("@{http://www.alfresco.org/model/content/1.0}userName", sortAsc);
 | |
|        }
 | |
|        */
 | |
|        
 | |
|        if (maxResults > 0)
 | |
|        {
 | |
|            params.setLimitBy(LimitBy.FINAL_SIZE);
 | |
|            params.setLimit(maxResults);
 | |
|        }
 | |
|        
 | |
|        if (skipCount > 0)
 | |
|        {
 | |
|            params.setSkipCount(skipCount);
 | |
|        }
 | |
|        
 | |
|        ResultSet results = null;
 | |
|        try
 | |
|        {
 | |
|            results = services.getSearchService().query(params);
 | |
|            
 | |
|            personRefs = getSortedPeopleObjects(results.getNodeRefs(), sortBy, sortAsc);
 | |
|            
 | |
|            if (start != null)
 | |
|            {
 | |
|                logger.debug("getPeople: search - "+personRefs.size()+" items (in "+(System.currentTimeMillis()-start)+" msecs)");
 | |
|            }
 | |
|        }
 | |
|        catch (Throwable err)
 | |
|        {
 | |
|            if (logger.isDebugEnabled())
 | |
|            {
 | |
|                logger.debug("Failed to execute people search: " + query.toString(), err);
 | |
|            }
 | |
|            
 | |
|            throw err;
 | |
|        }
 | |
|        finally
 | |
|        {
 | |
|            if (results != null)
 | |
|            {
 | |
|                results.close();
 | |
|            }
 | |
|        }
 | |
|        
 | |
|        return personRefs;
 | |
|     }
 | |
|     
 | |
|     private List<NodeRef> getSortedPeopleObjects(List<NodeRef> peopleRefs, final String sortBy, Boolean sortAsc)
 | |
|     {
 | |
|         if (sortBy == null)
 | |
|         {
 | |
|             return peopleRefs;
 | |
|         }
 | |
|         
 | |
|         //make copy of peopleRefs because it can be unmodifiable list.
 | |
|         List<NodeRef> sortedPeopleRefs = new ArrayList<NodeRef>(peopleRefs);
 | |
|         final Collator col = Collator.getInstance(I18NUtil.getLocale());
 | |
|         final NodeService nodeService = services.getNodeService();
 | |
|         final int orderMultiplicator = ((sortAsc == null) || sortAsc)  ? 1 : -1;
 | |
|         Collections.sort(sortedPeopleRefs, new Comparator<NodeRef>()
 | |
|         {
 | |
|             @Override
 | |
|             public int compare(NodeRef n1, NodeRef n2)
 | |
|             {
 | |
|                 Serializable  p1 = getProperty(n1);
 | |
|                 Serializable  p2 = getProperty(n2);
 | |
| 
 | |
|                 if ((p1 instanceof Long) && (p2 instanceof Long))
 | |
|                 {
 | |
|                     return Long.compare((Long)p1, (Long)p2) * orderMultiplicator;
 | |
|                 }
 | |
| 
 | |
|                 return col.compare(p1.toString(), p2) * orderMultiplicator;
 | |
|             }
 | |
| 
 | |
|             public Serializable getProperty(NodeRef nodeRef)
 | |
|             {
 | |
|                 Serializable result;
 | |
| 
 | |
|                 if ("fullName".equalsIgnoreCase(sortBy))
 | |
|                 {
 | |
|                     String firstName = nodeService.getProperty(nodeRef, ContentModel.PROP_FIRSTNAME).toString();
 | |
|                     String lastName = nodeService.getProperty(nodeRef, ContentModel.PROP_LASTNAME).toString();
 | |
|                     String fullName = firstName;
 | |
|                     if (lastName != null && lastName.length() > 0)
 | |
|                     {
 | |
|                         fullName = fullName + " " + lastName;
 | |
|                     }
 | |
| 
 | |
|                     result = fullName;
 | |
|                 }
 | |
|                 else if ("jobtitle".equalsIgnoreCase(sortBy))
 | |
|                 {
 | |
|                     result = nodeService.getProperty(nodeRef, ContentModel.PROP_JOBTITLE);
 | |
|                 }
 | |
|                 else if ("email".equalsIgnoreCase(sortBy))
 | |
|                 {
 | |
|                     result = nodeService.getProperty(nodeRef, ContentModel.PROP_EMAIL);
 | |
|                 }
 | |
|                 else if ("usage".equalsIgnoreCase(sortBy))
 | |
|                 {
 | |
|                     result = nodeService.getProperty(nodeRef, ContentModel.PROP_SIZE_CURRENT);
 | |
|                 }
 | |
|                 else if ("quota".equalsIgnoreCase(sortBy))
 | |
|                 {
 | |
|                     result = nodeService.getProperty(nodeRef, ContentModel.PROP_SIZE_QUOTA);
 | |
|                 }
 | |
|                 else
 | |
|                 {
 | |
|                     // Default
 | |
|                     result = nodeService.getProperty(nodeRef, ContentModel.PROP_USERNAME);
 | |
|                 }
 | |
| 
 | |
|                 if (result == null)
 | |
|                 {
 | |
|                     result = "";
 | |
|                 }
 | |
| 
 | |
|                 return result;
 | |
|             }
 | |
| 
 | |
|         });
 | |
|         
 | |
|         return sortedPeopleRefs;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Gets the Person given the username
 | |
|      * 
 | |
|      * @param username  the username of the person to get
 | |
|      * @return the person node (type cm:person) or null if no such person exists 
 | |
|      */
 | |
|     public ScriptNode getPerson(final String username)
 | |
|     {
 | |
|     	NodeRef personRef = null;
 | |
| 
 | |
|         ParameterCheck.mandatory("Username", username);
 | |
|         try
 | |
|         {
 | |
| 	        personRef = personService.getPersonOrNull(username);
 | |
|         }
 | |
|         catch(AccessDeniedException e)
 | |
|         {
 | |
|         	// ok, just return null to indicate not found
 | |
|         }
 | |
| 
 | |
|         return personRef == null ? null : new ScriptNode(personRef, services, getScope());
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Faster helper when the script just wants to build the Full name for a person.
 | |
|      * Avoids complete getProperties() retrieval for a cm:person.
 | |
|      * 
 | |
|      * @param username  the username of the person to get Full name for
 | |
|      * @return full name for a person or null if the user does not exist in the system.
 | |
|      */
 | |
|     public String getPersonFullName(final String username)
 | |
|     {
 | |
|         String name = null;
 | |
|         ParameterCheck.mandatoryString("Username", username);
 | |
|         final NodeRef personRef = personService.getPersonOrNull(username);
 | |
|         if (personRef != null)
 | |
|         {
 | |
|             final NodeService nodeService = services.getNodeService();
 | |
|             final String firstName = (String)nodeService.getProperty(personRef, ContentModel.PROP_FIRSTNAME);
 | |
|             final String lastName = (String)nodeService.getProperty(personRef, ContentModel.PROP_LASTNAME);
 | |
|             name = (firstName != null ? firstName + " " : "") + (lastName != null ? lastName : "");
 | |
|         }
 | |
|         return name;
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Gets the Group given the group name
 | |
|      * 
 | |
|      * @param groupName  name of group to get
 | |
|      * @return  the group node (type usr:authorityContainer) or null if no such group exists
 | |
|      */
 | |
|     public ScriptNode getGroup(String groupName)
 | |
|     {
 | |
|         ParameterCheck.mandatoryString("GroupName", groupName);
 | |
|         ScriptNode group = null;
 | |
|         NodeRef groupRef = authorityDAO.getAuthorityNodeRefOrNull(groupName);
 | |
|         if (groupRef != null)
 | |
|         {
 | |
|             group = new ScriptNode(groupRef, services, getScope());
 | |
|         }
 | |
|         return group;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Deletes a group from the system.
 | |
|      * 
 | |
|      * @param group     The group to delete
 | |
|      */
 | |
|     public void deleteGroup(ScriptNode group)
 | |
|     {
 | |
|         ParameterCheck.mandatory("Group", group);
 | |
|         if (group.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
 | |
|         {
 | |
|             String groupName = (String)group.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
 | |
|             authorityService.deleteAuthority(groupName);
 | |
|         }
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Create a new root level group with the specified unique name
 | |
|      * 
 | |
|      * @param groupName     The unique group name to create - NOTE: do not prefix with "GROUP_"
 | |
|      * 
 | |
|      * @return the group reference if successful or null if failed
 | |
|      */
 | |
|     public ScriptNode createGroup(String groupName)
 | |
|     {
 | |
|         return createGroup(null, groupName);
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Create a new group with the specified unique name
 | |
|      * 
 | |
|      * @param parentGroup   The parent group node - can be null for a root level group
 | |
|      * @param groupName     The unique group name to create - NOTE: do not prefix with "GROUP_"
 | |
|      * 
 | |
|      * @return the group reference if successful or null if failed
 | |
|      */
 | |
|     public ScriptNode createGroup(ScriptNode parentGroup, String groupName)
 | |
|     {
 | |
|         ParameterCheck.mandatoryString("GroupName", groupName);
 | |
|         
 | |
|         ScriptNode group = null;
 | |
|         
 | |
|         String actualName = services.getAuthorityService().getName(AuthorityType.GROUP, groupName);
 | |
|         if (authorityService.authorityExists(actualName) == false)
 | |
|         {
 | |
|             String result = authorityService.createAuthority(AuthorityType.GROUP, groupName);
 | |
|             if (parentGroup != null)
 | |
|             {
 | |
|                 String parentGroupName = (String)parentGroup.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
 | |
|                 if (parentGroupName != null)
 | |
|                 {
 | |
|                     authorityService.addAuthority(parentGroupName, actualName);
 | |
|                 }
 | |
|             }
 | |
|             group = getGroup(result);
 | |
|         }
 | |
|         
 | |
|         return group;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Add an authority (a user or group) to a group container as a new child
 | |
|      * 
 | |
|      * @param parentGroup   The parent container group
 | |
|      * @param authority     The authority (user or group) to add
 | |
|      */
 | |
|     public void addAuthority(ScriptNode parentGroup, ScriptNode authority)
 | |
|     {
 | |
|         ParameterCheck.mandatory("Authority", authority);
 | |
|         ParameterCheck.mandatory("ParentGroup", parentGroup);
 | |
|         if (parentGroup.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
 | |
|         {
 | |
|             String parentGroupName = (String)parentGroup.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
 | |
|             String authorityName;
 | |
|             if (authority.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
 | |
|             {
 | |
|                 authorityName = (String)authority.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
 | |
|             }
 | |
|             else
 | |
|             {
 | |
|                 authorityName = (String)authority.getProperties().get(ContentModel.PROP_USERNAME);
 | |
|             }
 | |
|             authorityService.addAuthority(parentGroupName, authorityName);
 | |
|         }
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Remove an authority (a user or group) from a group
 | |
|      * 
 | |
|      * @param parentGroup   The parent container group
 | |
|      * @param authority     The authority (user or group) to remove
 | |
|      */
 | |
|     public void removeAuthority(ScriptNode parentGroup, ScriptNode authority)
 | |
|     {
 | |
|         ParameterCheck.mandatory("Authority", authority);
 | |
|         ParameterCheck.mandatory("ParentGroup", parentGroup);
 | |
|         if (parentGroup.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
 | |
|         {
 | |
|             String parentGroupName = (String)parentGroup.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
 | |
|             String authorityName;
 | |
|             if (authority.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
 | |
|             {
 | |
|                 authorityName = (String)authority.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
 | |
|             }
 | |
|             else
 | |
|             {
 | |
|                 authorityName = (String)authority.getProperties().get(ContentModel.PROP_USERNAME);
 | |
|             }
 | |
|             authorityService.removeAuthority(parentGroupName, authorityName);
 | |
|         }
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Gets the members (people) of a group (including all sub-groups)
 | |
|      * 
 | |
|      * @param group        the group to retrieve members for
 | |
|      *
 | |
|      * @return members of the group as a JavaScript array
 | |
|      */
 | |
|     public Scriptable getMembers(ScriptNode group)
 | |
|     {
 | |
|         ParameterCheck.mandatory("Group", group);
 | |
|         Object[] members = getContainedAuthorities(group, AuthorityType.USER, true);
 | |
|         return Context.getCurrentContext().newArray(getScope(), members);
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Gets the members (people) of a group
 | |
|      * 
 | |
|      * @param group        the group to retrieve members for
 | |
|      * @param recurse      recurse into sub-groups
 | |
|      * 
 | |
|      * @return the members of the group as a JavaScript array
 | |
|      */
 | |
|     public Scriptable getMembers(ScriptNode group, boolean recurse)
 | |
|     {
 | |
|         ParameterCheck.mandatory("Group", group);
 | |
|         Object[] members = getContainedAuthorities(group, AuthorityType.USER, recurse);
 | |
|         return Context.getCurrentContext().newArray(getScope(), members);
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Gets the groups that contain the specified authority
 | |
|      * 
 | |
|      * @param person       the user (cm:person) to get the containing groups for
 | |
|      * 
 | |
|      * @return the containing groups as a JavaScript array
 | |
|      */
 | |
|     public Scriptable getContainerGroups(ScriptNode person)
 | |
|     {
 | |
|         ParameterCheck.mandatory("Person", person);
 | |
|         Object[] parents = null;
 | |
|         Set<String> authorities = this.authorityService.getContainingAuthoritiesInZone(
 | |
|                 AuthorityType.GROUP,
 | |
|                 (String)person.getProperties().get(ContentModel.PROP_USERNAME),
 | |
|                 AuthorityService.ZONE_APP_DEFAULT, null, 1000);
 | |
|         parents = new Object[authorities.size()];
 | |
|         int i = 0;
 | |
|         for (String authority : authorities)
 | |
|         {
 | |
|             ScriptNode group = getGroup(authority);
 | |
|             if (group != null)
 | |
|             {
 | |
|                 parents[i++] = group; 
 | |
|             }
 | |
|         }
 | |
|         return Context.getCurrentContext().newArray(getScope(), parents);
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Return true if the specified user is an Administrator authority.
 | |
|      * 
 | |
|      * @param person to test
 | |
|      * 
 | |
|      * @return true if an admin, false otherwise
 | |
|      */
 | |
|     public boolean isAdmin(ScriptNode person)
 | |
|     {
 | |
|         ParameterCheck.mandatory("Person", person);
 | |
|         return this.authorityService.isAdminAuthority((String)person.getProperties().get(ContentModel.PROP_USERNAME));
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Return true if the specified user is an guest authority.
 | |
|      * 
 | |
|      * @param person to test
 | |
|      * 
 | |
|      * @return true if an admin, false otherwise
 | |
|      */
 | |
|     public boolean isGuest(ScriptNode person)
 | |
|     {
 | |
|         ParameterCheck.mandatory("Person", person);
 | |
|         return this.authorityService.isGuestAuthority((String) person.getProperties().get(ContentModel.PROP_USERNAME));
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Gets a map of capabilities (boolean assertions) for the given person.
 | |
|      * 
 | |
|      * @param person
 | |
|      *            the person
 | |
|      * @return the capability map
 | |
|      */
 | |
|     public Map<String, Boolean> getCapabilities(final ScriptNode person)
 | |
|     {
 | |
|         ParameterCheck.mandatory("Person", person);
 | |
|         Map<String,Boolean> retVal = new ScriptableHashMap<String, Boolean>();
 | |
|         retVal.putAll(this.valueDerivingMapFactory.getMap(person));
 | |
|         return retVal;
 | |
|     }
 | |
|     
 | |
|     /**
 | |
|      * Return a map of the Person properties that are marked as immutable for the given user.
 | |
|      * This enables a script to interogate which properties are dealt with by an external
 | |
|      * system such as LDAP and should not be mutable in any client UI.
 | |
|      * 
 | |
|      * @param username String
 | |
|      *
 | |
|      * @return ScriptableHashMap
 | |
|      */
 | |
|     public ScriptableHashMap getImmutableProperties(String username)
 | |
|     {
 | |
|         Set<QName> props = userRegistrySynchronizer.getPersonMappedProperties(username);
 | |
|         ScriptableHashMap propMap = new ScriptableHashMap();
 | |
|         for (QName prop : props)
 | |
|         {
 | |
|             propMap.put(prop.toString(), Boolean.TRUE);
 | |
|         }
 | |
|         return propMap;
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Get Contained Authorities
 | |
|      * 
 | |
|      * @param container  authority containers
 | |
|      * @param type       authority type to filter by
 | |
|      * @param recurse    recurse into sub-containers
 | |
|      * 
 | |
|      * @return contained authorities
 | |
|      */
 | |
|     private Object[] getContainedAuthorities(ScriptNode container, AuthorityType type, boolean recurse)
 | |
|     {
 | |
|         Object[] members = null;
 | |
|         
 | |
|         if (container.getQNameType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
 | |
|         {
 | |
|             String groupName = (String)container.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
 | |
|             Set<String> authorities = authorityService.getContainedAuthorities(type, groupName, !recurse);
 | |
|             members = new Object[authorities.size()];
 | |
|             int i = 0;
 | |
|             for (String authority : authorities)
 | |
|             {
 | |
|                 AuthorityType authorityType = AuthorityType.getAuthorityType(authority);
 | |
|                 if (authorityType.equals(AuthorityType.GROUP))
 | |
|                 {
 | |
|                     ScriptNode group = getGroup(authority);
 | |
|                     if (group != null)
 | |
|                     {
 | |
|                         members[i++] = group; 
 | |
|                     }
 | |
|                 }
 | |
|                 else if (authorityType.equals(AuthorityType.USER))
 | |
|                 {
 | |
|                     ScriptNode person = getPerson(authority);
 | |
|                     if (person != null)
 | |
|                     {
 | |
|                         members[i++] = person; 
 | |
|                     }
 | |
|                 }
 | |
|             }
 | |
|         }
 | |
|         
 | |
|         return members != null ? members : new Object[0];
 | |
|     }
 | |
|     
 | |
|     public boolean getExcludeTenantFilter()
 | |
|     {
 | |
|         return false;
 | |
|     }
 | |
|     
 | |
|     public PermissionEvaluationMode getPermissionEvaluationMode()
 | |
|     {
 | |
|         return PermissionEvaluationMode.EAGER;
 | |
|     }
 | |
| }
 |