001/*
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: User.java,v 1.5 2009/01/28 05:34:51 ww203982 Exp $
026 *
027 * Portions Copyright 2015 ForgeRock AS.
028 */
029
030package com.iplanet.ums;
031
032import java.security.Principal;
033import java.util.Collection;
034import java.util.Iterator;
035
036import com.sun.identity.shared.debug.Debug;
037import com.iplanet.services.ldap.Attr;
038import com.iplanet.services.ldap.AttrSet;
039import org.forgerock.opendj.ldap.DN;
040import org.forgerock.opendj.ldap.SearchScope;
041
042/**
043 * Represents a user entry in UMS.
044 * 
045 * @supported.api
046 */
047public class User extends PersistentObject {
048
049    private static Debug debug;
050
051    static {
052        debug = Debug.getInstance(IUMSConstants.UMS_DEBUG);
053    }
054
055    /**
056     * No args constructor; used to construct the right object as entries are
057     * read from persistent storage.
058     * 
059     */
060    protected User() throws UMSException {
061        super();
062    }
063
064    /**
065     * Construct user entry from session and a given guid.
066     * 
067     * @param session
068     *            authenticated session maintained by Session Manager
069     * @param guid
070     *            globally unique identifier for the entity
071     */
072    User(Principal principal, Guid guid) throws UMSException {
073        super(principal, guid);
074        verifyClass();
075    }
076
077    /**
078     * Construct User object without a session. Unlike the constructor with a
079     * session parameter; this one simply creates a User object in memory, using
080     * the default template. The save() method must be called to save the object
081     * to the persistent store.
082     * 
083     * @param attrSet
084     *            attribute/value set
085     * 
086     */
087    User(AttrSet attrSet) throws UMSException {
088        this(TemplateManager.getTemplateManager().getCreationTemplate(_class,
089                null), attrSet);
090    }
091
092    /**
093     * Construct User object without session. Unlike constructor with session,
094     * this one simply creates a User object in memory. Call the save() method
095     * to save the object to data store.
096     * 
097     * @param template
098     *            template to the User
099     * @param attrSet
100     *            attribute/value set
101     * 
102     * @supported.api
103     */
104    public User(CreationTemplate template, AttrSet attrSet) throws UMSException 
105    {
106        super(template, attrSet);
107    }
108
109    /**
110     * Return uid for the user
111     * 
112     * @return uid of the user
113     * 
114     * @supported.api
115     */
116    public String getUID() throws UMSException {
117        return getAttribute(DEFAULT_NAMING_ATTR).getValue();
118    }
119
120    /**
121     * Return attribute set according to a supplied search template. The search
122     * template is used as attribute retrieval guidelines.
123     * 
124     * @param template
125     *            Search template
126     * @return attribute set with attribute names defined in the template
127     * 
128     * @supported.api
129     */
130    public AttrSet getAttributes(SearchTemplate template) throws UMSException {
131        AttrSet attrSet = new AttrSet();
132        String[] attrNames = template.getAttributeNames();
133
134        for (int i = 0; i < attrNames.length; i++) {
135            attrSet.add(getAttribute(attrNames[i]));
136        }
137        return attrSet;
138    }
139
140    /**
141     * Return groups that the user is a member of. If the user is not a member
142     * of a group as indicated in the "memberof" attribute in the user entry,
143     * null is returned for this method.
144     * 
145     * @return String representation of guid for the group(s) that the user is a
146     *         member of; null if the user is not recorded as a member of any
147     *         group.
148     * 
149     * @supported.api
150     */
151    public String[] getGroups() throws UMSException {
152        Attr memberOfGroups = getAttribute(MEMBER_ATTR_NAME);
153
154        if (memberOfGroups == null || memberOfGroups.size() == 0) {
155            return null;
156        } else {
157            return memberOfGroups.getStringValues();
158        }
159    }
160
161    /**
162     * Get the access rights associated with the user; this will return an
163     * aggregation of all the attribute access rights granted by each of the
164     * user's roles. The aggregation will only include from the 'guid' parameter
165     * on up the DIT.
166     * 
167     * @param guid
168     *            The starting location of the role (rights) aggregation.
169     * @return AccessRightObject associated with the user
170     * 
171     * @supported.api
172     */
173    public AccessRightObject getAccessRight(Guid guid) throws UMSException,
174            com.iplanet.services.ldap.aci.ACIParseException {
175        AccessRightObject aro = new AccessRightObject();
176        Collection roles = getRoles();
177        Iterator it = roles.iterator();
178        if (it != null) {
179            if (debug.messageEnabled()) {
180                debug.message("User.getAccessRight : Get rights for : "
181                        + guid.getDn());
182            }
183            DN guidDn = DN.valueOf(guid.getDn());
184            while (it.hasNext()) {
185                Guid roleGuid = new Guid((String) it.next());
186                DN roleGuidDn = DN.valueOf(roleGuid.getDn());
187                if (debug.messageEnabled()) {
188                    debug.message("User.getAccessRight : Role Dn : "
189                            + roleGuid.getDn());
190                }
191                if (roleGuidDn.parent().isInScopeOf(guidDn, SearchScope.SUBORDINATES))
192                    continue;
193                BaseRole role = (BaseRole) UMSObject.getObject(getPrincipal(),
194                        roleGuid);
195                if (debug.messageEnabled()) {
196                    debug.message("User.getAccessRight : Role "
197                            + role.getGuid());
198                }
199                AccessRightObject right = role.getAccessRight();
200                aro.grantReadPermission(right.getReadableAttributeNames());
201                aro.grantWritePermission(right.getWritableAttributeNames());
202                debug.message("User.getAccessRight : Done grant");
203            }
204        }
205        return aro;
206    }
207
208    private static final String MEMBER_ATTR_NAME = "memberof";
209
210    private static final String DEFAULT_NAMING_ATTR = "uid";
211
212    static final String NEW_INSTANCE_FAILED = "newinstancefailed";
213
214    private static final Class _class = com.iplanet.ums.User.class;
215}