001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: User.java,v 1.5 2009/01/28 05:34:51 ww203982 Exp $
026 *
027 */
028
029package com.iplanet.ums;
030
031import java.security.Principal;
032import java.util.Collection;
033import java.util.Iterator;
034
035import com.sun.identity.shared.ldap.util.DN;
036
037import com.sun.identity.shared.debug.Debug;
038import com.iplanet.services.ldap.Attr;
039import com.iplanet.services.ldap.AttrSet;
040
041/**
042 * Represents a user entry in UMS.
043 * 
044 * @supported.api
045 */
046public class User extends PersistentObject {
047
048    private static Debug debug;
049
050    static {
051        debug = Debug.getInstance(IUMSConstants.UMS_DEBUG);
052    }
053
054    /**
055     * No args constructor; used to construct the right object as entries are
056     * read from persistent storage.
057     * 
058     */
059    protected User() throws UMSException {
060        super();
061    }
062
063    /**
064     * Construct user entry from session and a given guid.
065     * 
066     * @param session
067     *            authenticated session maintained by Session Manager
068     * @param guid
069     *            globally unique identifier for the entity
070     */
071    User(Principal principal, Guid guid) throws UMSException {
072        super(principal, guid);
073        verifyClass();
074    }
075
076    /**
077     * Construct User object without a session. Unlike the constructor with a
078     * session parameter; this one simply creates a User object in memory, using
079     * the default template. The save() method must be called to save the object
080     * to the persistent store.
081     * 
082     * @param attrSet
083     *            attribute/value set
084     * 
085     */
086    User(AttrSet attrSet) throws UMSException {
087        this(TemplateManager.getTemplateManager().getCreationTemplate(_class,
088                null), attrSet);
089    }
090
091    /**
092     * Construct User object without session. Unlike constructor with session,
093     * this one simply creates a User object in memory. Call the save() method
094     * to save the object to data store.
095     * 
096     * @param template
097     *            template to the User
098     * @param attrSet
099     *            attribute/value set
100     * 
101     * @supported.api
102     */
103    public User(CreationTemplate template, AttrSet attrSet) throws UMSException 
104    {
105        super(template, attrSet);
106    }
107
108    /**
109     * Return uid for the user
110     * 
111     * @return uid of the user
112     * 
113     * @supported.api
114     */
115    public String getUID() throws UMSException {
116        return getAttribute(DEFAULT_NAMING_ATTR).getValue();
117    }
118
119    /**
120     * Return attribute set according to a supplied search template. The search
121     * template is used as attribute retrieval guidelines.
122     * 
123     * @param template
124     *            Search template
125     * @return attribute set with attribute names defined in the template
126     * 
127     * @supported.api
128     */
129    public AttrSet getAttributes(SearchTemplate template) throws UMSException {
130        AttrSet attrSet = new AttrSet();
131        String[] attrNames = template.getAttributeNames();
132
133        for (int i = 0; i < attrNames.length; i++) {
134            attrSet.add(getAttribute(attrNames[i]));
135        }
136        return attrSet;
137    }
138
139    /**
140     * Return groups that the user is a member of. If the user is not a member
141     * of a group as indicated in the "memberof" attribute in the user entry,
142     * null is returned for this method.
143     * 
144     * @return String representation of guid for the group(s) that the user is a
145     *         member of; null if the user is not recorded as a member of any
146     *         group.
147     * 
148     * @supported.api
149     */
150    public String[] getGroups() throws UMSException {
151        Attr memberOfGroups = getAttribute(MEMBER_ATTR_NAME);
152
153        if (memberOfGroups == null || memberOfGroups.size() == 0) {
154            return null;
155        } else {
156            return memberOfGroups.getStringValues();
157        }
158    }
159
160    /**
161     * Get the access rights associated with the user; this will return an
162     * aggregation of all the attribute access rights granted by each of the
163     * user's roles. The aggregation will only include from the 'guid' parameter
164     * on up the DIT.
165     * 
166     * @param guid
167     *            The starting location of the role (rights) aggregation.
168     * @return AccessRightObject associated with the user
169     * 
170     * @supported.api
171     */
172    public AccessRightObject getAccessRight(Guid guid) throws UMSException,
173            com.iplanet.services.ldap.aci.ACIParseException {
174        AccessRightObject aro = new AccessRightObject();
175        Collection roles = getRoles();
176        Iterator it = roles.iterator();
177        if (it != null) {
178            if (debug.messageEnabled()) {
179                debug.message("User.getAccessRight : Get rights for : "
180                        + guid.getDn());
181            }
182            DN guidDn = new DN(guid.getDn());
183            while (it.hasNext()) {
184                Guid roleGuid = new Guid((String) it.next());
185                DN roleGuidDn = new DN(roleGuid.getDn());
186                if (debug.messageEnabled()) {
187                    debug.message("User.getAccessRight : Role Dn : "
188                            + roleGuid.getDn());
189                }
190                if (roleGuidDn.getParent().isDescendantOf(guidDn))
191                    continue;
192                BaseRole role = (BaseRole) UMSObject.getObject(getPrincipal(),
193                        roleGuid);
194                if (debug.messageEnabled()) {
195                    debug.message("User.getAccessRight : Role "
196                            + role.getGuid());
197                }
198                AccessRightObject right = role.getAccessRight();
199                aro.grantReadPermission(right.getReadableAttributeNames());
200                aro.grantWritePermission(right.getWritableAttributeNames());
201                debug.message("User.getAccessRight : Done grant");
202            }
203        }
204        return aro;
205    }
206
207    private static final String MEMBER_ATTR_NAME = "memberof";
208
209    private static final String DEFAULT_NAMING_ATTR = "uid";
210
211    static final String NEW_INSTANCE_FAILED = "newinstancefailed";
212
213    private static final Class _class = com.iplanet.ums.User.class;
214}