Package de.xima.fc.interfaces.user
Interface IUser
-
- All Superinterfaces:
Serializable
- All Known Implementing Classes:
VirtualUser
public interface IUser extends Serializable
Common interface representing an authenticated user. Through this interface user information and permissions of the user can be accessed.- Since:
- 8.0.0
- Author:
- XIMA Media GmbH
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description IAuthenticationContext
getAuthenticationContext()
default @NotNull Set<Mandant>
getAuthorizedClients()
Convenience method for access all authorized clients of this user.@NotNull Set<IClientAuthorization>
getClientAuthorizations()
Returns all client authorizations this user has been assigned.default @NotNull Set<IClientAuthorization>
getClientAuthorizations(Mandant client)
Returns all client authorizations this user has been assigned within the client.default @NotNull Set<Postfach>
getClientInboxes(String scope, Mandant client)
Returns all inboxes that this user has access to within the given client and the given scope.default @NotNull Set<BenutzerGruppe>
getClientUserGroups(String scope, Mandant client)
Returns all user groups that this user has been assigned to within the given client and the given scope.String
getDisplayName()
String
getEmail()
String
getFamilyName()
String
getFirstName()
@NotNull EGender
getGender()
default @NotNull Set<Postfach>
getInboxes(String scope)
Returns all inboxes that this user has access to within the given scope.@NotNull Set<String>
getPermissions()
URI
getPictureUrl()
UserProfile
getProfile()
@NotNull Set<String>
getRoles()
default @NotNull Map<String,Set<BenutzerGruppe>>
getScopedUserGroups()
Returns a map of the all the user groups the user is assigned to scoped by application areas.@NotBlank String
getUniversalReferenceId()
default @NotNull Set<BenutzerGruppe>
getUserGroups(String scope)
Returns all user groups that this user has been assigned to within the given scope.String
getUserName()
default boolean
hasClientPermission(Mandant client, String permission)
Checks whether or not the user has the given client permission.default boolean
hasClientRole(Mandant client, String role)
Checks whether or not the user has the given client role.default boolean
hasGeneralPermission(String permission)
Checks whether or not the user has the given general permission.default boolean
hasSystemPermission(String permission)
Checks whether or not the user has the given system permission.default boolean
hasSystemRole(String role)
Checks whether or not the user has the given system role.
-
-
-
Method Detail
-
getUniversalReferenceId
@NotBlank @NotBlank String getUniversalReferenceId()
- Returns:
- the universal reference ID of this user. The universal reference ID is unique for every user within the
system across all authentication clients. See
UserMgmtUtils.getUniversalReferenceId(EHashAlgorithm, String, String)
for universal reference ID format.
-
getAuthenticationContext
@Nullable IAuthenticationContext getAuthenticationContext()
- Returns:
- the authentication context for this user. The authentication context contains information about how the user authenticated. Virtual users don't have an authentication context because they have never been authenticated.
-
getEmail
String getEmail()
- Returns:
- the email address of the user if there is any. The email address may come from the formcycle profile or the profile returned by the authentication client.
-
getUserName
@Nullable String getUserName()
- Returns:
- the user name of this user within the formcycle system if there is any and
null
otherwise.
-
getFirstName
String getFirstName()
- Returns:
- the first name of the user if there is any. The first name may come from the formcycle profile or the profile returned by the authentication client.
-
getFamilyName
String getFamilyName()
- Returns:
- the family name of the user if there is any. The family name may come from the formcycle profile or the profile returned by the authentication client.
-
getDisplayName
String getDisplayName()
- Returns:
- the display name of the user if there is any. The display name may come from the formcycle profile or the profile returned by the authentication client and is usually the full name (first and family name separated by whitespace).
-
getGender
@NotNull @NotNull EGender getGender()
- Returns:
- the gender of the user if there is any specified and
EGender.UNSPECIFIED
otherwise. The gender may come from the formcycle profile or the profile returned by the authentication client.
-
getPictureUrl
@Nullable URI getPictureUrl()
- Returns:
- the picture URL of the user if there is any and
null
otherwise. The picture URL may come from the profile returned by the authentication client.
-
getProfile
@Nullable UserProfile getProfile()
- Returns:
- the formcycle profile of the user if a match was found in the system and
null
otherwise.
-
getRoles
@NotNull @NotNull Set<String> getRoles()
- Returns:
- A
Set
of roles of the user within the system. Roles are scoped to clients or the system. For the format of client roles seeUserMgmtUtils.getClientRole(Mandant, String)
. The format of system roles is just the role name.
-
getPermissions
@NotNull @NotNull Set<String> getPermissions()
- Returns:
- A
Set
of permission the user has within the system. Permissions are scoped to clients or the system. For the format of client permissions seeUserMgmtUtils.getClientPermission(Mandant, String)
. The format of system permissions is just the permission name.
-
getAuthorizedClients
@NotNull default @NotNull Set<Mandant> getAuthorizedClients()
Convenience method for access all authorized clients of this user. For accessing client authorizations seegetClientAuthorizations()
orgetClientAuthorizations(Mandant)
.- Returns:
- A
Set
of all the clients the user has authorization. Regular users have authorization to a client if they have been assigned a role within the client (seeIClientAuthorization.getRoles()
). The super user has authorizations to all clients that have super user access enabled (seeMandant.isSadminAccess()
).
-
getClientAuthorizations
@NotNull @NotNull Set<IClientAuthorization> getClientAuthorizations()
Returns all client authorizations this user has been assigned. Client authorizations may be direct through a FOMRCYCLE account (seeDirectClientAuthorization.getUserProfile()
) or in indirect through filters (seeIndirectClientAuthorization
). The super user has authorizations to all clients that have super user access enabled (seeMandant.isSadminAccess()
).- Returns:
- a set of all authorizations for this user within the given client.
-
getScopedUserGroups
@NotNull default @NotNull Map<String,Set<BenutzerGruppe>> getScopedUserGroups()
Returns a map of the all the user groups the user is assigned to scoped by application areas. The following scopes exist:- USER_INBOX (
EAccessProperty.USER_INBOX
.getKey()
): User groups that the user is assigned to in the client inbox. The user is assigned all the user groups of a client authorization (IClientAuthorization
) in the inbox if the client authorization has a role with the permissionUSER_INBOX
. - PROJECTS (
EAccessProperty.PROJECTS
.getKey()
): User groups that the user is assigned to in the form overview / designer. The user is assigned all the user groups of a client authorization (IClientAuthorization
) in the form overview / designer if the client authorization has a role with the permissionPROJECTS
.
- Returns:
- A map of the scoped user groups.
- USER_INBOX (
-
hasClientRole
default boolean hasClientRole(Mandant client, String role)
Checks whether or not the user has the given client role.- Parameters:
client
- to check for rolerole
- to check for within the client- Returns:
true
if the user has the given client role andfalse
otherwise.
-
hasSystemRole
default boolean hasSystemRole(String role)
Checks whether or not the user has the given system role.- Parameters:
role
- to check for within the system- Returns:
true
if the user has the given system role andfalse
otherwise.
-
hasClientPermission
default boolean hasClientPermission(Mandant client, String permission)
Checks whether or not the user has the given client permission.- Parameters:
client
- to check for permissionpermission
- to check for within the client- Returns:
true
if the user has the given client permission andfalse
otherwise.
-
hasSystemPermission
default boolean hasSystemPermission(String permission)
Checks whether or not the user has the given system permission.- Parameters:
permission
- to check for within the system- Returns:
true
if the user has the given system permission andfalse
otherwise.
-
hasGeneralPermission
default boolean hasGeneralPermission(String permission)
Checks whether or not the user has the given general permission. General permissions are independent of scope.- Parameters:
permission
- general permission to check.- Returns:
true
if the user has the given general permission andfalse
otherwise.
-
getClientAuthorizations
@NotNull default @NotNull Set<IClientAuthorization> getClientAuthorizations(Mandant client)
Returns all client authorizations this user has been assigned within the client. Client authorizations may be direct through a FOMRCYCLE account (seeDirectClientAuthorization.getUserProfile()
) or in indirect through filters (seeIndirectClientAuthorization
). The super user does not have client authorizations- Parameters:
client
- for which to get the authorizations- Returns:
- a set of all authorizations for this user within the given client.
-
getClientUserGroups
@NotNull default @NotNull Set<BenutzerGruppe> getClientUserGroups(String scope, Mandant client)
Returns all user groups that this user has been assigned to within the given client and the given scope. The scope limits the returned set of user groups to a part of the application. When no scope is given, the user groups from all scopes are returned. Commonly used scopes are for exampleEAccessProperty.USER_INBOX
.getKey()
(client inbox) andEAccessProperty.PROJECTS
.getKey()
(form overview / designer). For more information about scopes seegetScopedUserGroups()
. The superuser is not assigned to any user groups. An empty set will always be returned for the superuser.- Parameters:
scope
- for which to find the user groups. Passnull
for all scopes.client
- for which to find the user groups of this user.- Returns:
- All user groups the user has been assigned to within the given client and scope.
-
getClientInboxes
@NotNull default @NotNull Set<Postfach> getClientInboxes(String scope, Mandant client)
Returns all inboxes that this user has access to within the given client and the given scope. The scope limits the returned set of inboxes to a part of the application. When no scope is given, the inboxes from all scopes are returned. Commonly used scopes are for exampleEAccessProperty.USER_INBOX
.getKey()
(client inbox) andEAccessProperty.PROJECTS
.getKey()
(form overview / designer). For more information about scopes seegetScopedUserGroups()
. The super user has access to all inboxes if client inbox access has been enabled or no inboxes if client inbox access has been disabled (seeMandant.isSadminInboxAccess()
). An empty set will always be returned for the super user.- Parameters:
scope
- for which to find the user groups. Passnull
for all scopes.client
- for which to find the user groups of this user.- Returns:
- All user groups the user has been assigned to within the given client and scope.
-
getUserGroups
@NotNull default @NotNull Set<BenutzerGruppe> getUserGroups(String scope)
Returns all user groups that this user has been assigned to within the given scope. The scope limits the returned set of user groups to a part of the application. When no scope is given, the user groups from all scopes are returned. Commonly used scopes are for exampleEAccessProperty.USER_INBOX
.getKey()
(client inbox) andEAccessProperty.PROJECTS
.getKey()
(form overview / designer). For more information about scopes seegetScopedUserGroups()
. The super user is not assigned to any user groups. An empty set will always be returned for the super user.- Parameters:
scope
- for which to find the user groups. Passnull
for all scopes.- Returns:
- All user groups the user has been assigned to within the given scope.
- Since:
- 8.0.2
-
getInboxes
@NotNull default @NotNull Set<Postfach> getInboxes(String scope)
Returns all inboxes that this user has access to within the given scope. The scope limits the returned set of inboxes to a part of the application. When no scope is given, the inboxes from all scopes are returned. Commonly used scopes are for exampleEAccessProperty.USER_INBOX
.getKey()
(client inbox) andEAccessProperty.PROJECTS
.getKey()
(form overview / designer). For more information about scopes seegetScopedUserGroups()
. The super user has access to all inboxes if client inbox access has been enabled or no inboxes if client inbox access has been disabled (seeMandant.isSadminInboxAccess()
). An empty set will always be returned for the super user.- Parameters:
scope
- for which to find the user groups. Passnull
for all scopes.- Returns:
- All user groups the user has been assigned to within the given scope.
- Since:
- 8.0.2
-
-