Package com.avoka.fc.core.service

Class UserService

  • public class UserService
extends CayenneService
    Provides service methods involving UserAccount and related entities.

    • Constructor Detail

      • UserService

        public UserService​(Portal portal)
        Create a new UserService for the given portal context.
        Parameters:
        portal - the portal context

    • Method Detail

      • getUserRoleIds

        public List<String> getUserRoleIds​(Object userId)
        Get user roles Id list.
        Parameters:
        userId - the user id
        Returns:
        a list of user role id

      • setESignatureStatus

        @Deprecated
public void setESignatureStatus​(UserAccount userAccount,
                                boolean enableSignature,
                                HttpServletRequest request)
        Deprecated.
        This method does nothing. Note that this method contains database transactions.
        Parameters:
        userAccount - the user account
        enableSignature - whether the esignature is enabled
        request - the http request is provided for logging additional information

      • getRolesPermissionIds

        public List getRolesPermissionIds​(Object roleId,
                                  Object portalId)
        Get a list of permission id given a role id and a portal id Note: This method returns the list of permissions regardless of the role's active status. Additional checks are therefore needed to check which permissions actually apply.
        Parameters:
        roleId - the role id
        portalId - the portal id
        Returns:
        a list of permission id

      • updateClients

        public void updateClients​(Object userId,
                          List<String> clientIdList)
        Assign a user to a list of clients. All other clients will be removed from the user. Note that this method contains database transactions.
        Parameters:
        userId - a user id
        clientIdList - a list of client OIDs to associate the user with
        Since:
        4.0.0

      • updateRoles

        public void updateRoles​(Object userId,
                        List<String> newRoleIds,
                        UserAccount currentAdminUser)
        Update the given user to have the given list of roles only (i.e delete ones not in list, add ones in list). This method also persists the new role list for the user into the database. Note that this method contains database transactions.
        Parameters:
        userId - user id
        newRoleIds - new the list of role OIDs to associate the user with
        currentAdminUser - the current logged in administrator user

      • updateGroups

        public void updateGroups​(Object userId,
                         List<String> groupIdList)
        Assign a user to a user group list. All other groups will be removed from the user. Note that this method contains database transactions.
        Parameters:
        userId - the user id
        groupIdList - the list of group OIDs

      • updatePortals

        public void updatePortals​(Object userId,
                          List<String> portalIdList)
        Assign a user to a list of portals. All other portals will be removed from the user. Note that this method contains database transactions.
        Parameters:
        userId - a user id
        portalIdList - a list of portal OIDs

      • updatePermissions

        public void updatePermissions​(String roleId,
                              String portalId,
                              List<String> newPermissionIds)
        Assign a portal role with a list of permissions. Note that all other permissions for the given portal will be removed from the role. Note that this method contains database transactions.
        Parameters:
        roleId - the role id
        portalId - the portal id
        newPermissionIds - the list permission OIDs to assign to the role

      • updateGroupMembers

        public void updateGroupMembers​(Object groupId,
                               List<String> userIdList)
        Update a group with a new provided user member list. All other users will be removed from the group. Note that this method contains database transactions.
        Parameters:
        groupId - the OID of the group (required)
        userIdList - a list of user OIDs that shall be group members

      • updateRoleMembers

        public void updateRoleMembers​(Object roleId,
                              List<String> userIdList)
        Update a role with a new list of user. All other users will be removed from this role. Note that this method contains database transactions.
        Parameters:
        roleId - a role
        userIdList - a list of user OIDs that shall be associated with the role.

      • updateActiveUserProfile

        public void updateActiveUserProfile​(UserAccount userAccount,
                                    Map<String,​String> profileMap)
        Update user account's active profile with the given profile values map. If the user does not have an active profile one will be created. This method will also create user scope PropertyTypes if required.
        Parameters:
        userAccount - the user account (required)
        profileMap - the value to populate the active user profile with (required)
        Since:
        3.6.0

      • updateLockStatus

        public boolean updateLockStatus​(UserAccount userAccount)
        Check the user's lock status and unlock them if they were locked temporarily and the lockout duration has passed. Note: This method performs a DB commit.
        Parameters:
        userAccount - the user account (required)
        Returns:
        true if the user's account status changed
        Since:
        3.6.0

      • loadDefaultAdminUser

        public void loadDefaultAdminUser()
        Create a default administrator with the user name: administrator and password: password only if the user list is empty. (i.e all users are accidently deleted or the system is newly built)

      • createUserAndProfile

        public UserAccount createUserAndProfile​(String loginName,
                                        String email,
                                        String password,
                                        String givenName,
                                        String familyName,
                                        String authenticationDomain,
                                        String userType,
                                        Portal portal,
                                        boolean isSelfRegistration)
                                 throws ApplicationException,
                                        ApplicationEmailException
        Create a registered user with a default profile from the given user details. An email verification email will be sent if needed. Users will be made pending or active, depending on how the security manager operates. Status notification emails are NOT sent by this method. This is the only supported way to create local user accounts.

        Note that this method contains database transactions.

        Parameters:
        loginName - the users login name (required)
        email - the users email (required)
        password - the users login password (required for local users)
        givenName - the users first name (required)
        familyName - the users family name (required)
        authenticationDomain - the authentication domain (required for LDAP users; generally equal to the LDAP search base)
        userType - the user type (required; one of UserAccount.USER_TYPES)
        portal - the portal that the user will be assigned to
        isSelfRegistration - whether the user is registering the account, or whether an administrator or other process is creating the account. If set to true, additional checks such as email verification will be included.
        Returns:
        the persisted UserDetails object
        Throws:
        ApplicationException - if the username already exists or the password is not valid
        ApplicationEmailException - if an user account verification email could not be sent

      • createUserAndProfile

        public UserAccount createUserAndProfile​(String loginName,
                                        String email,
                                        String password,
                                        String givenName,
                                        String familyName,
                                        String mobile,
                                        String authenticationDomain,
                                        String userType,
                                        Portal portal,
                                        boolean isSelfRegistration)
                                 throws ApplicationException,
                                        ApplicationEmailException
        Create a registered user with a default profile from the given user details. An email verification email will be sent if needed. Users will be made pending or active, depending on how the security manager service operates. Status notification emails are NOT sent by this method. This is the only supported way to create local user accounts.

        Note that this method contains database transactions.

        Parameters:
        loginName - the users login name (required)
        email - the users email (required)
        password - the users login password (required for local users)
        givenName - the users first name (required)
        familyName - the users family name (required)
        mobile - the users mobile (optional)
        authenticationDomain - the authentication domain (required for LDAP users; generally equal to the LDAP search base)
        userType - the user type (required; one of UserAccount.USER_TYPES)
        portal - the portal that the user will be assigned to
        isSelfRegistration - whether the user is registering the account, or whether an administrator or other process is creating the account. If set to true, additional checks such as email verification will be included.
        Returns:
        the persisted UserDetails object
        Throws:
        ApplicationException - if the username already exists or the password is not valid
        ApplicationEmailException - if an user account verification email could not be sent
        Since:
        3.5.0

      • createSsoUserAccount

        public UserAccount createSsoUserAccount​(String loginName,
                                        String email,
                                        String givenName,
                                        String familyName,
                                        Map<String,​String> profileMap)
                                 throws ApplicationException
        Create an SSO type user account and profile with the given details.

        Note that this method contains database transactions.

        Parameters:
        loginName - the users login name (required)
        email - the users email
        givenName - the users first name
        familyName - the users family name
        profileMap - the map of user property values to populate their default profile with
        Returns:
        the new UserAccount object
        Throws:
        ApplicationException - if an error occur creating the new user account
        Since:
        3.6.0

      • createLocalUserAndLogin

        public UserAccount createLocalUserAndLogin​(String loginName,
                                           String password,
                                           String email,
                                           String givenName,
                                           String familyName,
                                           String mobile,
                                           Portal portal)
                                    throws ApplicationException
        Create a Local type UserAccount and log them in with the Spring Security Context, and return the new account.
        Parameters:
        loginName - the user login name (required)
        password - the user account password (required)
        email - the user email address (required)
        givenName - the users first name (optional)
        familyName - the users last name (optional)
        mobile - the user mobile phone number (optional)
        portal - the portal to associate the user with
        Returns:
        the new user account
        Throws:
        ApplicationException - if the loginName already exists or the password is not valid
        Since:
        4.1.0

      • createUpdateSsoUserAccount

        public UserAccount createUpdateSsoUserAccount​(String loginName,
                                              String email,
                                              String givenName,
                                              String familyName,
                                              Map<String,​String> profileMap)
                                       throws ApplicationException
        Looks for and existing SSO userAccount for the portal. If one is found it updates the user account and profile with the given details. Otherwise creates an SSO type user account and profile with the given details.

        Note that this method contains database transactions.

        Parameters:
        loginName - the users login name (required)
        email - the users email
        givenName - the users first name
        familyName - the users family name
        profileMap - the map of user property values to populate their default profile with
        Returns:
        the new UserAccount object
        Throws:
        ApplicationException - if an error occur creating the new user account
        Since:
        4.0.0

      • createRandomPassword

        public String createRandomPassword()
        Create a randomly generated password value with a length of 8 characters.
        Returns:
        a randomly generated password value

      • createRandomPassword

        public String createRandomPassword​(int length)
        Create a randomly generated password value.
        Parameters:
        length - the password length, must be 3 or more characters in length
        Returns:
        a randomly generated password value

      • addUserToGroup

        public boolean addUserToGroup​(UserAccount user,
                              Group group)
        Add a user to a group. Note that this method contains database transactions.
        Parameters:
        user - a user (required)
        group - a group (required)
        Returns:
        true if the user was added to the group, false if they were already a member

      • associateUserWithSubmission

        public void associateUserWithSubmission​(UserAccount user,
                                        Submission submission)
        Associate the given user account with the specified submission, also associate user with the submission's portal if not associated.
        Parameters:
        user - the user account to associate with the submission
        submission - the submission record to associate with the user
        Since:
        4.1.0

      • removeUserFromGroup

        public boolean removeUserFromGroup​(UserAccount user,
                                   Group group)
        Remove a user from a group. Note that this method contains database transactions.
        Parameters:
        user - a user (required)
        group - a group (required)
        Returns:
        true if the user was removed from the group, false if they were not in the group in the first place

      • addPortalForUser

        public boolean addPortalForUser​(UserAccount user,
                                Portal portal)
        Add the portal access right for a given user. Note that this method contains database transactions.
        Parameters:
        user - a user
        portal - a portal
        Returns:
        true if the user has already got access right, otherwise add the right and return true

      • isAssociatedWithPortal

        public boolean isAssociatedWithPortal​(UserAccount user,
                                      String portalName)
        Check if the user have access right to the portal.
        Parameters:
        user - the user account object
        portalName - the portal name
        Returns:
        true if the user have access right to the portal

      • changeUserPassword

        public void changeUserPassword​(UserAccount userAccount,
                               String newPassword)
        Change a password for a user. Note that this method contains database transactions.
        Parameters:
        userAccount - the user account object reference
        newPassword - new password for the user

      • changeUserPassword

        public void changeUserPassword​(UserAccount userAccount,
                               String newPassword,
                               boolean commitChanges)
        Change a password for a user. Note that this method contains database transactions.
        Parameters:
        userAccount - the user account object reference
        newPassword - new password for the user
        commitChanges - commit the changes to the database

      • generatePassword

        public String generatePassword()
        Generate a random password. This method calls createRandomPassword().
        Returns:
        the new generated password

      • validatePassword

        public String validatePassword​(String password)
        Validate the given password return null if sufficiently complex or otherwise will return an error message.

        Valid passwords must be 6 characters in length, and contain a letter and a character, and does not contain the text password.

        Parameters:
        password - the password to test
        Returns:
        true if the password is valid

      • isPasswordEqual

        public boolean isPasswordEqual​(String plainTextPassword,
                               UserAccount userAccount)
        Return a boolean to check whether password equals its hash value.
        Parameters:
        plainTextPassword - plain text password
        userAccount - hash value of the original password
        Returns:
        true if the plaintext password is equal to the hash and salt value

      • hasAccessToUser

        public boolean hasAccessToUser​(UserAccount accessingUser,
                               UserAccount targetUser)
        Check whether a user account can access another user in principle (e.g. for editing). This method does not check permissions; rather, a user can access another user if the accessing user is an administrator and the target user is either a portal user or belongs to a subset of the organisations of the accessing user
        Parameters:
        accessingUser - the accessing user
        targetUser - the target user (required)
        Returns:
        true if the accessing user can in principle access the target user, not considering specific permissions
        Since:
        4.1.0

      • hasPermission

        public boolean hasPermission​(UserAccount user,
                             Portal portal,
                             String permissionName)
        Check whether the user can access a certain portal and has a certain permission
        Parameters:
        user - the user
        portal - the portal
        permissionName - the permission name
        Returns:
        true if the user can access the portal and has the permission

      • handleEmailVerification

        public void handleEmailVerification​(UserAccount userAccount)
        Handle an email verification confirmation by a user. This method will perform a database commit.
        Parameters:
        userAccount - the user account which has been verified (required)

      • purgeUnverifiedAccounts

        public int purgeUnverifiedAccounts()
        Purges user accounts that require email verification but have exceeded their purge time.
        Returns:
        the number of records that were deleted

      • inactivateExpiredAccounts

        public int inactivateExpiredAccounts()
        Deactivate all users whose last access time (or creation time if the last access time is not set) is older than the expiry time set in the security manager. To find the set of users, we iterate through all security managers and their portals. Note that users are deactivated for all portals even if just one of them triggers the expiry. This method performs a database commit.
        Returns:
        the number of users that were deactivated
        Since:
        4.3.0