Class UserMgmtUtils

    • Field Detail

      • ANONYMOUS

        @Deprecated
        public static final Benutzer ANONYMOUS
        Deprecated.
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
      • SYSTEM

        @Deprecated
        public static final Benutzer SYSTEM
        Deprecated.
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
      • SETUP

        @Deprecated
        public static final Benutzer SETUP
        Deprecated.
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
      • DESIGNER_USER

        @Deprecated
        public static final Benutzer DESIGNER_USER
        Deprecated.
        No equivalent, but see VirtualUser
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
      • DESIGNER_LAST_DUMMY

        @Deprecated
        public static final Benutzer DESIGNER_LAST_DUMMY
        Deprecated.
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
      • DESIGNER_INITIAL_DUMMY

        @Deprecated
        public static final Benutzer DESIGNER_INITIAL_DUMMY
        Deprecated.
        Virtueller Benutzer für Fälle, bei denen ein Benutzer benötigt wird, aber keine Anmeldungen notwendig ist.
    • Method Detail

      • canEditProject

        public static boolean canEditProject​(IUser user,
                                             Projekt project)
        Whether or not the given user has permission to edit the given project.
        Parameters:
        user - to check for
        project - to check
        Returns:
        true if the user has permission to edit the project and false otherwise.
      • canViewProject

        public static boolean canViewProject​(IUser user,
                                             Projekt project)
        Whether the given user has permission to view the given project.
        Parameters:
        user - to check for
        project - to check
        Returns:
        true if the user has permission to view the project and false otherwise.
      • canAccessClient

        public static boolean canAccessClient​(IUser user,
                                              Mandant client)
        Whether the given user has permission to access the given client.
        Parameters:
        user - to check for
        client - to check
        Returns:
        true if the user has permission to access the given client and false otherwise.
      • canAccessInbox

        public static boolean canAccessInbox​(IUser user,
                                             Postfach inbox)
        Whether the user has permission to access the client inbox. Note: This check does not take into account whether the user has the role permission to access the inbox UI.
        Parameters:
        user - to check for
        inbox - to check
        Returns:
        true if the user has permission to access the given client inbox and false otherwise.
      • isClientAdmin

        public static boolean isClientAdmin​(UserProfile profile,
                                            Mandant client)
        Returns true if given profile has a role of a MANDANT_ADMIN
        Parameters:
        profile - to check
        Returns:
        false if no admin role found
      • isClientAdmin

        public static boolean isClientAdmin​(IClientAuthorization authorization)
        Returns true if given authorization has a role of a MANDANT_ADMIN
        Parameters:
        authorization - direct or indirect authorization
        Returns:
        false if no admin role found
      • isClientAdmin

        public static boolean isClientAdmin​(IUser user,
                                            Mandant client)
        Checks if the user is an admin of the given client.
        Parameters:
        user - to check for
        client - to check
        Returns:
        true if the user is an admin of the given client and false otherwise.
      • isSystemAdmin

        public static boolean isSystemAdmin​(UserProfile profile)
        Checks if the user of the given profile is a system admin. System admins have permission to access/edit the system settings.
        Parameters:
        profile - to check
        Returns:
        true if the user of the given profile is a system admin and false otherwise.
      • isSystemAdmin

        public static boolean isSystemAdmin​(IUser user)
        Checks if the user is a system admin. System admins have permission to access/edit the system settings.
        Parameters:
        user - A user to check.
        Returns:
        true if the user is a system admin and false otherwise.
      • isSuperUser

        public static boolean isSuperUser​(IUser user)
        Checks if the user is THE super user. There is only one super user (sadmin) in the system.
        Parameters:
        user - to check
        Returns:
        true if the given user is the super user and false otherwise.
      • isAnonymousUser

        public static boolean isAnonymousUser​(IUser user)
        Checks if the user is anonymous.
        Parameters:
        user - to check
        Returns:
        true if the user is an anonymous user and false otherwise.
      • isBackendAccessCapable

        public static boolean isBackendAccessCapable​(IClientAuthorization authorization)
        Returns if the given client authorization is capable of allowing users access to the formcycle backend. This does not mean that the authorization actually allows backend access. If you want to find if an authorization grants backend access use hasBackendAccess(IClientAuthorization) instead.
        Parameters:
        authorization - to check.
        Returns:
        true if the authorization is capable of allowing users access to the formcycle backend. false otherwise.
      • isUser

        public static boolean isUser​(IEntityClientAuthorization authorization,
                                     IUser user)
        Checks whether the given client authorization applies to the given user.
        Parameters:
        authorization - to check.
        user - to check if the client authorization applies.
        Returns:
        true if the given client authorization applies to the given user and false otherwise.
      • isUser

        public static boolean isUser​(UserProfile profile,
                                     IUser user)
        Checks whether the given user profile is the user profile of the given user.
        Parameters:
        profile - to check.
        user - to check if the user profile is their user profile.
        Returns:
        true if the given user profile is the user profile of the given user and false otherwise.
      • isUser

        public static boolean isUser​(IUserIdentity identity,
                                     IUser user)
        Checks whether the given user identity is the identity of the given user.
        Parameters:
        identity - to check.
        user - to check if their identity is the given user identity.
        Returns:
        true if the given user identity is the identity of the given user and false otherwise.
      • isActive

        public static boolean isActive​(IClientAuthorization authorization)
        Checks if the given client authorization is active. If the attached user profile is inactive then the client authorization can't be active.
        Parameters:
        authorization - to check.
        Returns:
        true if the given client authorization is active and false otherwise.
      • isExpired

        public static boolean isExpired​(IEntityClientAuthorization authorization)
        Checks if the given client authorization is expired (right now).
        Parameters:
        authorization - to check.
        Returns:
        true if the given client authorization is expired and false otherwise.
      • isInvitationExpired

        public static boolean isInvitationExpired​(IEntityClientAuthorization authorization)
        Checks if the invitation attached to the given client authorization is expired (right now).
        Parameters:
        authorization - to check.
        Returns:
        true if the invitation to the given client authorization is expired and false otherwise.
      • isAuthenticatedFor

        public static boolean isAuthenticatedFor​(IUser user,
                                                 String authTarget)
        checks if the user has been authenticated for the given authentication target.
        Parameters:
        user - to check.
        authTarget - to check. User can authenticated for different authentication targets, e.g. "backend", "form", ...
        Returns:
        true if the user has been authenticated for the given authentication target and false otherwise.
        Throws:
        IllegalArgumentException - if a blank authentication target is given.
      • isInvitedUser

        public static boolean isInvitedUser​(IUser user)
      • isInvitedUser

        public static boolean isInvitedUser​(org.pac4j.core.profile.UserProfile pac4jProfile)
      • hasBackendAccess

        public static boolean hasBackendAccess​(IUser user)
        Checks if the user has permission to access to the formcycle backend.
        Parameters:
        user - to check
        Returns:
        true if the user has permission to access the formcycle backend and false otherwise.
      • hasBackendAccess

        public static boolean hasBackendAccess​(IClientAuthorization authorization)
        If the given client authorization grants users access to the formcycle backend.
        Parameters:
        authorization - to check
        Returns:
        true if the client authorization grants users access to the formcycle backend and false otherwise.
      • hasInboxAccess

        public static boolean hasInboxAccess​(IClientAuthorization authorization)
        Returns whether or not the given client authorization grants inbox access.
        Parameters:
        authorization - to check
        Returns:
        true if the authorization grants inbox access and false otherwise.
      • hasDesignerAccess

        public static boolean hasDesignerAccess​(IClientAuthorization authorization)
        Returns whether or not the given client authorization grants designer access.
        Parameters:
        authorization - to check
        Returns:
        true if the authorization grants designer access and false otherwise.
      • setAuthenticationTargetInAuthenticationAttributes

        public static void setAuthenticationTargetInAuthenticationAttributes​(org.pac4j.core.profile.UserProfile pac4jProfile,
                                                                             IAuthenticationTarget target)
        Sets the given authentication target in the authentication attributes of the profile.
        Parameters:
        pac4jProfile - to set authentication target for.
        target - to set.
      • getAuthenticationTargetFromAuthenticationAttribute

        public static String getAuthenticationTargetFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Gets the target that the user authenticated for if it has been set in the authentication attributes of the given profile.
        Parameters:
        pac4jProfile - to get the authentication client descriptor for
        Returns:
        the authentication client descriptor if it has been set and null otherwise.
      • getAuthenticationClientFromAuthenticationAttribute

        public static IClientDescriptor getAuthenticationClientFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Gets the client descriptor of the client that authenticated the user if it has been set in the authentication attributes of the given profile.
        Parameters:
        pac4jProfile - to get the authentication client descriptor for
        Returns:
        the authentication client descriptor if it has been set and null otherwise.
      • getClientAuthorizationsFromAuthenticationAttribute

        public static Set<IClientAuthorization> getClientAuthorizationsFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Get the client authorizations of the user if it has been set in the authentication attributes of the given profile.
        Parameters:
        pac4jProfile - to get the client authorizations for.
        Returns:
        the client authorizations if it has been set and null otherwise.
      • getUserProfileFromAuthenticationAttribute

        public static UserProfile getUserProfileFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Gets the formcycle profile if it has been set in the authentication attributes of the given pac4j profile.
        Parameters:
        pac4jProfile - to get the formcycle profile for
        Returns:
        the formcycle profile if it has been set and null otherwise.
      • getPermissionsFromAuthenticationAttribute

        public static Set<String> getPermissionsFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Gets the permissions if they have been set in the authentication attributes of the given pac4j profile.
        Parameters:
        pac4jProfile - to get the permissions for.
        Returns:
        the permissions if they have been set in and null otherwise.
      • getInvitationClientAuthorizationFromAuthenticationAttribute

        public static DirectClientAuthorization getInvitationClientAuthorizationFromAuthenticationAttribute​(org.pac4j.core.profile.UserProfile pac4jProfile)
        Gets the invitation client authorization if it has been set in the authentication attributes of the given pac4j profile. See here for more information about what invitation client authorizations are used for.
        Parameters:
        pac4jProfile - to get the invitation client authorization for.
        Returns:
        the invitation client authorization if it has been set in and null otherwise.
        See Also:
        CmnConst.Security.Authorization.AUTHENTICATION_ATTR_CLIENT_INVITATION_UUID
      • getUniversalReferenceId

        public static String getUniversalReferenceId​(org.pac4j.core.profile.UserProfile profile)
        Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
        Parameters:
        profile - to get the universal reference ID for
        Returns:
        the universal reference ID of the profile.
      • getUniversalReferenceId

        public static String getUniversalReferenceId​(EHashAlgorithm hashAlgorithm,
                                                     org.pac4j.core.profile.UserProfile profile)
        Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
        Parameters:
        hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
        profile - to get the universal reference ID for
        Returns:
        the universal reference ID of the profile.
      • getUniversalReferenceId

        public static String getUniversalReferenceId​(IUserIdentity identity)
        Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
        Parameters:
        identity - to get the universal reference ID for
        Returns:
        the universal reference ID of the identity.
      • getUniversalReferenceId

        public static String getUniversalReferenceId​(EHashAlgorithm hashAlgorithm,
                                                     IUserIdentity identity)
        Returns the universal reference ID of the user using the given hash algorithm. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. See getUniversalReferenceId(EHashAlgorithm, String, String) for universal reference ID format.
        Parameters:
        hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
        identity - to get the universal reference ID for
        Returns:
        the universal reference ID of the identity.
      • getUniversalReferenceId

        public static String getUniversalReferenceId​(EHashAlgorithm hashAlgorithm,
                                                     String clientName,
                                                     String profileId)
        Returns the universal reference ID of the user. The universal reference ID is unique for every user within the system across all authenticators if it is a uniquely identifiable user. Anonymous users or users that authenticate via a group password can't be uniquely identified. There are a few users which have special universal reference IDs (see below). All other users follow a general format for their universal reference ID.

        Universal reference ID format for general users:

         <Authenticator client name>#<Hash algorithm ID>#<profile identification hash>
         
        Authenticator client name
        The client name of an authenticator client, which can be retrieved by calling IClientDescriptor.getClientName(), E.g. "KERBEROS" or the callback UUID for entity authenticators.
        Hash algorithm ID
        An identifier determining the hash algorithm used to calculate the profile hash
        Profile identification hash
        A hash digest representing the user profile. See getUserProfileHash(EHashAlgorithm, UserProfile) for the creation of the user profile hash.
        Special reserved universal reference IDs:
Parameters:
hashAlgorithm - the algorithm to be used for calculating the hash digest for a user profile. If no hash algorithm is given, the default user profile hash algorithm will be used.
clientName - describes the authentication client that is used to authenticate the user
profileId - ID of the authenticated user within the authentication client
Returns:
the universal reference ID of the user