Package de.xima.fc.utils

Class UserMgmtUtils

java.lang.Object
de.xima.fc.utils.UserMgmtUtils
All Implemented Interfaces:
Serializable
public final class UserMgmtUtils extends Object implements Serializable
Hilfsklasse für Funktionalitäten der Benutzerverwaltung.
See Also:

  • Field Details

    • DEFAULT_PWD_SYMBOLS

      public static final String DEFAULT_PWD_SYMBOLS
      See Also:

    • ANONYMOUS

      @Deprecated public static final Benutzer ANONYMOUS
      Deprecated.
      Use VirtualUser.ANONYMOUS
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • SYSTEM

      @Deprecated public static final Benutzer SYSTEM
      Deprecated.
      Use VirtualUser.SYSTEM
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • SETUP

      @Deprecated public static final Benutzer SETUP
      Deprecated.
      Use VirtualUser.SYSTEM
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • DESIGNER_USER

      @Deprecated public static final Benutzer DESIGNER_USER
      Deprecated.
      No equivalent, but see VirtualUser
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • DESIGNER_LAST_DUMMY

      @Deprecated public static final Benutzer DESIGNER_LAST_DUMMY
      Deprecated.
      Use virtual users
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

    • DESIGNER_INITIAL_DUMMY

      @Deprecated public static final Benutzer DESIGNER_INITIAL_DUMMY
      Deprecated.
      Use virtual users
      Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.

  • Method Details

    • canEditProject

      public static boolean canEditProject(IUser user, Projekt project)
      Whether or not the given user has permission to edit the given project.
      Parameters:
      user - to check for
      project - to check
      Returns:
      true if the user has permission to edit the project and false otherwise.

    • canViewProject

      public static boolean canViewProject(IUser user, Projekt project)
      Whether the given user has permission to view the given project.
      Parameters:
      user - to check for
      project - to check
      Returns:
      true if the user has permission to view the project and false otherwise.

    • canAccessClient

      public static boolean canAccessClient(IUser user, Mandant client)
      Whether the given user has permission to access the given client.
      Parameters:
      user - to check for
      client - to check
      Returns:
      true if the user has permission to access the given client and false otherwise.

    • canAccessInbox

      public static boolean canAccessInbox(IUser user, Postfach inbox)
      Whether the user has permission to access the client inbox. Note: This check does not take into account whether the user has the role permission to access the inbox UI.
      Parameters:
      user - to check for
      inbox - to check
      Returns:
      true if the user has permission to access the given client inbox and false otherwise.

    • isClientAdmin

      public static boolean isClientAdmin(UserProfile profile, Mandant client)
      Returns true if given profile has a role of a MANDANT_ADMIN
      Parameters:
      profile - to check
      Returns:
      false if no admin role found

    • isClientAdmin

      public static boolean isClientAdmin(IClientAuthorization authorization)
      Returns true if given authorization has a role of a MANDANT_ADMIN
      Parameters:
      authorization - direct or indirect authorization
      Returns:
      false if no admin role found

    • isClientAdmin

      public static boolean isClientAdmin(IUser user, Mandant client)
      Checks if the user is an admin of the given client.
      Parameters:
      user - to check for
      client - to check
      Returns:
      true if the user is an admin of the given client and false otherwise.

    • isSystemAdmin

      public static boolean isSystemAdmin(UserProfile profile)
      Checks if the user of the given profile is a system admin. System admins have permission to access/edit the system settings.
      Parameters:
      profile - to check
      Returns:
      true if the user of the given profile is a system admin and false otherwise.

    • isSystemAdmin

      public static boolean isSystemAdmin(IUser user)
      Checks if the user is a system admin. System admins have permission to access/edit the system settings.
      Parameters:
      user - A user to check.
      Returns:
      true if the user is a system admin and false otherwise.

    • isSuperUser

      public static boolean isSuperUser(IUser user)
      Checks if the user is THE super user. There is only one super user (sadmin) in the system.
      Parameters:
      user - to check
      Returns:
      true if the given user is the super user and false otherwise.

    • isAnonymousUser

      public static boolean isAnonymousUser(IUser user)
      Checks if the user is anonymous.
      Parameters:
      user - to check
      Returns:
      true if the user is an anonymous user and false otherwise.

    • isBackendAccessCapable

      public static boolean isBackendAccessCapable(IClientAuthorization authorization)
      Returns if the given client authorization is capable of allowing users access to the formcycle backend. This does not mean that the authorization actually allows backend access. If you want to find if an authorization grants backend access use hasBackendAccess(IClientAuthorization) instead.
      Parameters:
      authorization - to check.
      Returns:
      true if the authorization is capable of allowing users access to the formcycle backend. false otherwise.

    • isUser

      public static boolean isUser(IEntityClientAuthorization authorization, IUser user)
      Checks whether the given client authorization applies to the given user.
      Parameters:
      authorization - to check.
      user - to check if the client authorization applies.
      Returns:
      true if the given client authorization applies to the given user and false otherwise.

    • isUser

      public static boolean isUser(UserProfile profile, IUser user)
      Checks whether the given user profile is the user profile of the given user.
      Parameters:
      profile - to check.
      user - to check if the user profile is their user profile.
      Returns:
      true if the given user profile is the user profile of the given user and false otherwise.

    • isUser

      public static boolean isUser(IUserIdentity identity, IUser user)
      Checks whether the given user identity is the identity of the given user.
      Parameters:
      identity - to check.
      user - to check if their identity is the given user identity.
      Returns:
      true if the given user identity is the identity of the given user and false otherwise.

    • isActive

      public static boolean isActive(IClientAuthorization authorization)
      Checks if the given client authorization is active. If the attached user profile is inactive then the client authorization can't be active.
      Parameters:
      authorization - to check.
      Returns:
      true if the given client authorization is active and false otherwise.

    • isExpired

      public static boolean isExpired(IEntityClientAuthorization authorization)
      Checks if the given client authorization is expired (right now).
      Parameters:
      authorization - to check.
      Returns:
      true if the given client authorization is expired and false otherwise.

    • isInvitationExpired

      public static boolean isInvitationExpired(IEntityClientAuthorization authorization)
      Checks if the invitation attached to the given client authorization is expired (right now).
      Parameters:
      authorization - to check.
      Returns:
      true if the invitation to the given client authorization is expired and false otherwise.

    • isAuthenticatedFor

      public static boolean isAuthenticatedFor(IUser user, String authTarget)
      checks if the user has been authenticated for the given authentication target.
      Parameters:
      user - to check.
      authTarget - to check. User can authenticated for different authentication targets, e.g. "backend", "form", ...
      Returns:
      true if the user has been authenticated for the given authentication target and false otherwise.
      Throws:
      IllegalArgumentException - if a blank authentication target is given.

    • isInvitedUser

      public static boolean isInvitedUser(IUser user)

    • isInvitedUser

      public static boolean isInvitedUser(org.pac4j.core.profile.UserProfile pac4jProfile)

    • hasBackendAccess

      public static boolean hasBackendAccess(IUser user)
      Checks if the user has permission to access to the formcycle backend.
      Parameters:
      user - to check
      Returns:
      true if the user has permission to access the formcycle backend and false otherwise.

    • hasBackendAccess

      public static boolean hasBackendAccess(IClientAuthorization authorization)
      If the given client authorization grants users access to the formcycle backend.
      Parameters:
      authorization - to check
      Returns:
      true if the client authorization grants users access to the formcycle backend and false otherwise.

    • hasInboxAccess

      public static boolean hasInboxAccess(IClientAuthorization authorization)
      Returns whether or not the given client authorization grants inbox access.
      Parameters:
      authorization - to check
      Returns:
      true if the authorization grants inbox access and false otherwise.

    • hasDesignerAccess

      public static boolean hasDesignerAccess(IClientAuthorization authorization)
      Returns whether or not the given client authorization grants designer access.
      Parameters:
      authorization - to check
      Returns:
      true if the authorization grants designer access and false otherwise.

    • setAuthenticationTargetInAuthenticationAttributes

      public static void setAuthenticationTargetInAuthenticationAttributes(org.pac4j.core.profile.UserProfile pac4jProfile, IAuthenticationTarget target)
      Sets the given authentication target in the authentication attributes of the profile.
      Parameters:
      pac4jProfile - to set authentication target for.
      target - to set.

    • getAuthenticationTargetFromAuthenticationAttribute

      public static String getAuthenticationTargetFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Gets the target that the user authenticated for if it has been set in the authentication attributes of the given profile.
      Parameters:
      pac4jProfile - to get the authentication client descriptor for
      Returns:
      the authentication client descriptor if it has been set and null otherwise.

    • getAuthenticationClientFromAuthenticationAttribute

      public static IClientDescriptor getAuthenticationClientFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Gets the client descriptor of the client that authenticated the user if it has been set in the authentication attributes of the given profile.
      Parameters:
      pac4jProfile - to get the authentication client descriptor for
      Returns:
      the authentication client descriptor if it has been set and null otherwise.

    • getClientAuthorizationsFromAuthenticationAttribute

      public static Set<IClientAuthorization> getClientAuthorizationsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Get the client authorizations of the user if it has been set in the authentication attributes of the given profile.
      Parameters:
      pac4jProfile - to get the client authorizations for.
      Returns:
      the client authorizations if it has been set and null otherwise.

    • getUserProfileFromAuthenticationAttribute

      public static UserProfile getUserProfileFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Gets the formcycle profile if it has been set in the authentication attributes of the given pac4j profile.
      Parameters:
      pac4jProfile - to get the formcycle profile for
      Returns:
      the formcycle profile if it has been set and null otherwise.

    • getPermissionsFromAuthenticationAttribute

      public static Set<String> getPermissionsFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Gets the permissions if they have been set in the authentication attributes of the given pac4j profile.
      Parameters:
      pac4jProfile - to get the permissions for.
      Returns:
      the permissions if they have been set in and null otherwise.

    • getInvitationClientAuthorizationFromAuthenticationAttribute

      public static DirectClientAuthorization getInvitationClientAuthorizationFromAuthenticationAttribute(org.pac4j.core.profile.UserProfile pac4jProfile)
      Gets the invitation client authorization if it has been set in the authentication attributes of the given pac4j profile. See here for more information about what invitation client authorizations are used for.
      Parameters:
      pac4jProfile - to get the invitation client authorization for.
      Returns:
      the invitation client authorization if it has been set in and null otherwise.
      See Also:

    • getUniversalReferenceId

      public static String getUniversalReferenceId(org.pac4j.core.profile.UserProfile profile)
      Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
      Parameters:
      profile - to get the universal reference ID for
      Returns:
      the universal reference ID of the profile.

    • getUniversalReferenceId

      public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm, org.pac4j.core.profile.UserProfile profile)
      Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
      Parameters:
      hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
      profile - to get the universal reference ID for
      Returns:
      the universal reference ID of the profile.

    • getUniversalReferenceId

      public static String getUniversalReferenceId(IUserIdentity identity)
      Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
      Parameters:
      identity - to get the universal reference ID for
      Returns:
      the universal reference ID of the identity.

    • getUniversalReferenceId

      public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm, IUserIdentity identity)
      Returns the universal reference ID of the user using the given hash algorithm. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
      Parameters:
      hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
      identity - to get the universal reference ID for
      Returns:
      the universal reference ID of the identity.

    • getUniversalReferenceId

      public static String getUniversalReferenceId(EHashAlgorithm hashAlgorithm, String clientName, String profileId)
      Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. Anonymous users or users that authenticate via a group password can't be uniquely identified. There are a few users which have special universal reference IDs (see below). All other users follow a general format for their universal reference ID.

      Universal reference ID format for general users: 

       <Authenticator client name>#<Hash algorithm ID>#<profile identification hash>
      Authenticator client name
      The client name of an authenticator client, which can be retrieved by calling IClientDescriptor.getClientName(), E.g. "KERBEROS" or the callback UUID for entity authenticators.
      Hash algorithm ID
      An identifier determining the hash algorithm used to calculate the profile hash
      Profile identification hash
      A hash digest representing the user profile. See getUserProfileHash(EHashAlgorithm, UserProfile) for the creation of the user profile hash.
      Special reserved universal reference IDs: