Class UserService


public class UserService extends CayenneService
Provides service methods involving UserAccount and related entities.
  • Constructor Details

    • UserService

      public UserService(Portal portal)
      Create a new UserService for the given portal context.
      Parameters:
      portal - the portal context
  • Method Details

    • getUserRoleIds

      public List<String> getUserRoleIds(Object userId)
      Get user roles Id list.
      Parameters:
      userId - the user id
      Returns:
      a list of user role id
    • getActiveUserAccount

      public static UserAccount getActiveUserAccount()
      Get the active user account. Note: one should call that method after assuring the login name is not null.
      Returns:
      the active user account
      Since:
      22.4.0
    • getRolesPermissionIds

      public List getRolesPermissionIds(Object roleId, Object portalId)
      Get a list of permission id given a role id and a portal id Note: This method returns the list of permissions regardless of the role's active status. Additional checks are therefore needed to check which permissions actually apply.
      Parameters:
      roleId - the role id
      portalId - the portal id
      Returns:
      a list of permission id
    • updateClients

      public void updateClients(Object userId, List<String> clientIdList)
      Assign a user to a list of clients. All other clients will be removed from the user. Note that this method contains database transactions.
      Parameters:
      userId - a user id
      clientIdList - a list of client OIDs to associate the user with
      Since:
      4.0.0
    • updateRoles

      public void updateRoles(Object userId, List<String> newRoleIds, UserAccount currentAdminUser)
      Update the given user to have the given list of roles only (i.e delete ones not in list, add ones in list). This method also persists the new role list for the user into the database. Note that this method contains database transactions.
      Parameters:
      userId - user id
      newRoleIds - new the list of role OIDs to associate the user with
      currentAdminUser - the current logged in administrator user
    • updateGroups

      public void updateGroups(Object userId, List<String> groupIdList)
      Assign a user to a user group list. All other groups will be removed from the user. Note that this method contains database transactions.
      Parameters:
      userId - the user id
      groupIdList - the list of group OIDs
    • updatePortals

      public void updatePortals(Object userId, List<String> portalIdList)
      Assign a user to a list of portals. All other portals will be removed from the user. Note that this method contains database transactions.
      Parameters:
      userId - a user id
      portalIdList - a list of portal OIDs
    • updatePermissions

      public void updatePermissions(String roleId, String portalId, List<String> newPermissionIds)
      Assign a portal role with a list of permissions. Note that all other permissions for the given portal will be removed from the role. Note that this method contains database transactions.
      Parameters:
      roleId - the role id
      portalId - the portal id
      newPermissionIds - the list permission OIDs to assign to the role
    • updateGroupMembers

      public void updateGroupMembers(Object groupId, List<String> userIdList)
      Update a group with a new provided user member list. All other users will be removed from the group. Note that this method contains database transactions.
      Parameters:
      groupId - the OID of the group (required)
      userIdList - a list of user OIDs that shall be group members
    • updateRoleMembers

      public void updateRoleMembers(Object roleId, List<String> userIdList)
      Update a role with a new list of user. All other users will be removed from this role. Note that this method contains database transactions.
      Parameters:
      roleId - a role
      userIdList - a list of user OIDs that shall be associated with the role.
    • updateActiveUserProfile

      public void updateActiveUserProfile(UserAccount userAccount, Map<String,String> profileMap)
      Update user account's active profile with the given profile values map. If the user does not have an active profile one will be created. This method will also create user scope PropertyTypes if required.
      Parameters:
      userAccount - the user account (required)
      profileMap - the value to populate the active user profile with (required)
      Since:
      3.6.0
    • updateLockStatus

      public boolean updateLockStatus(UserAccount userAccount)
      Check the user's lock status and unlock them if they were locked temporarily and the lockout duration has passed. Note: This method performs a DB commit.
      Parameters:
      userAccount - the user account (required)
      Returns:
      true if the user's account status changed
      Since:
      3.6.0
    • getPasswordAndLoadDefaultAdminUser

      public void getPasswordAndLoadDefaultAdminUser(String configFilePath) throws Exception
      Get the password from keyStore and call loadDefaultAdminUser to create a default administrator and password only if the user list is empty with no submissions
      Parameters:
      configFilePath - standalone configuration path
      Throws:
      Exception - if an error occurs
      Since:
      23.10.0
    • loadDefaultAdminUser

      public void loadDefaultAdminUser(String password)
      Create a default administrator with the user name: administrator and provided password only if the user list is empty. (i.e. all users are accidently deleted or the system is newly built)
    • createUserAndProfile

      public UserAccount createUserAndProfile(String loginName, String email, String password, String givenName, String familyName, String authenticationDomain, String userType, Portal portal, boolean isSelfRegistration) throws ApplicationException, ApplicationEmailException
      Create a registered user with a default profile from the given user details. An email verification email will be sent if needed. Users will be made pending or active, depending on how the security manager operates. Status notification emails are NOT sent by this method. This is the only supported way to create local user accounts.

      Note that this method contains database transactions.

      Parameters:
      loginName - the users login name (required)
      email - the users email (required)
      password - the users login password (required for local users)
      givenName - the users first name (required)
      familyName - the users family name (required)
      authenticationDomain - the authentication domain (required for LDAP users; generally equal to the LDAP search base)
      userType - the user type (required; one of UserAccount.USER_TYPES)
      portal - the portal that the user will be assigned to
      isSelfRegistration - whether the user is registering the account, or whether an administrator or other process is creating the account. If set to true, additional checks such as email verification will be included.
      Returns:
      the persisted UserDetails object
      Throws:
      ApplicationException - if the username already exists or the password is not valid
      ApplicationEmailException - if an user account verification email could not be sent
    • createUserAndProfile

      public UserAccount createUserAndProfile(String loginName, String email, String password, String givenName, String familyName, String mobile, String authenticationDomain, String userType, Portal portal, boolean isSelfRegistration) throws ApplicationException, ApplicationEmailException
      Create a registered user with a default profile from the given user details. An email verification email will be sent if needed. Users will be made pending or active, depending on how the security manager service operates. Status notification emails are NOT sent by this method. This is the only supported way to create local user accounts.

      Note that this method contains database transactions.

      Parameters:
      loginName - the users login name (required)
      email - the users email (required)
      password - the users login password (required for local users)
      givenName - the users first name (required)
      familyName - the users family name (required)
      mobile - the users mobile (optional)
      authenticationDomain - the authentication domain (required for LDAP users; generally equal to the LDAP search base)
      userType - the user type (required; one of UserAccount.USER_TYPES)
      portal - the portal that the user will be assigned to
      isSelfRegistration - whether the user is registering the account, or whether an administrator or other process is creating the account. If set to true, additional checks such as email verification will be included.
      Returns:
      the persisted UserDetails object
      Throws:
      ApplicationException - if the username already exists or the password is not valid
      ApplicationEmailException - if an user account verification email could not be sent
      Since:
      3.5.0
    • createSsoUserAccount

      public UserAccount createSsoUserAccount(String loginName, String email, String givenName, String familyName, Map<String,String> profileMap) throws ApplicationException
      Create an SSO type user account and profile with the given details.

      Note that this method contains database transactions.

      Parameters:
      loginName - the users login name (required)
      email - the users email
      givenName - the users first name
      familyName - the users family name
      profileMap - the map of user property values to populate their default profile with
      Returns:
      the new UserAccount object
      Throws:
      ApplicationException - if an error occur creating the new user account
      Since:
      3.6.0
    • createLocalUserAndLogin

      public UserAccount createLocalUserAndLogin(String loginName, String password, String email, String givenName, String familyName, String mobile, Portal portal) throws ApplicationException
      Create a Local type UserAccount and log them in with the Spring Security Context, and return the new account.
      Parameters:
      loginName - the user login name (required)
      password - the user account password (required)
      email - the user email address (required)
      givenName - the users first name (optional)
      familyName - the users last name (optional)
      mobile - the user mobile phone number (optional)
      portal - the portal to associate the user with
      Returns:
      the new user account
      Throws:
      ApplicationException - if the loginName already exists or the password is not valid
      Since:
      4.1.0
    • createUpdateSsoUserAccount

      public UserAccount createUpdateSsoUserAccount(String loginName, String email, String givenName, String familyName, Map<String,String> profileMap) throws ApplicationException
      Looks for and existing SSO userAccount for the portal. If one is found it updates the user account and profile with the given details. Otherwise creates an SSO type user account and profile with the given details.

      Note that this method contains database transactions.

      Parameters:
      loginName - the users login name (required)
      email - the users email
      givenName - the users first name
      familyName - the users family name
      profileMap - the map of user property values to populate their default profile with
      Returns:
      the new UserAccount object
      Throws:
      ApplicationException - if an error occur creating the new user account
      Since:
      4.0.0
    • createRandomPassword

      public String createRandomPassword()
      Create a randomly generated password value with a length of 8 characters.
      Returns:
      a randomly generated password value
    • createRandomPassword

      public String createRandomPassword(int length)
      Create a randomly generated password value.
      Parameters:
      length - the password length, must be 3 or more characters in length
      Returns:
      a randomly generated password value
    • addUserToGroup

      public boolean addUserToGroup(UserAccount user, Group group)
      Add a user to a group. Note that this method contains database transactions.
      Parameters:
      user - a user (required)
      group - a group (required)
      Returns:
      true if the user was added to the group, false if they were already a member
    • associateUserWithSubmission

      public void associateUserWithSubmission(UserAccount user, Submission submission)
      Associate the given user account with the specified submission, also associate user with the submission's portal if not associated.
      Parameters:
      user - the user account to associate with the submission
      submission - the submission record to associate with the user
      Since:
      4.1.0
    • removeUserFromGroup

      public boolean removeUserFromGroup(UserAccount user, Group group)
      Remove a user from a group. Note that this method contains database transactions.
      Parameters:
      user - a user (required)
      group - a group (required)
      Returns:
      true if the user was removed from the group, false if they were not in the group in the first place
    • addPortalForUser

      public boolean addPortalForUser(UserAccount user, Portal portal)
      Add the portal access right for a given user. Note that this method contains database transactions.
      Parameters:
      user - a user
      portal - a portal
      Returns:
      true if the user has already got access right, otherwise add the right and return true
    • isAssociatedWithPortal

      public boolean isAssociatedWithPortal(UserAccount user, String portalName)
      Check if the user have access right to the portal.
      Parameters:
      user - the user account object
      portalName - the portal name
      Returns:
      true if the user have access right to the portal
    • changeUserPassword

      public void changeUserPassword(UserAccount userAccount, String newPassword)
      Change a password for a user. Note that this method contains database transactions.
      Parameters:
      userAccount - the user account object reference
      newPassword - new password for the user
    • changeUserPassword

      public void changeUserPassword(UserAccount userAccount, String newPassword, boolean commitChanges)
      Change a password for a user. Note that this method contains database transactions.
      Parameters:
      userAccount - the user account object reference
      newPassword - new password for the user
      commitChanges - commit the changes to the database
    • generatePassword

      public String generatePassword()
      Generate a random password. This method calls createRandomPassword().
      Returns:
      the new generated password
    • validatePassword

      public String validatePassword(String password)
      Validate the given password return null if sufficiently complex or otherwise will return an error message.

      Valid passwords must be 6 characters in length, and contain a letter and a character, and does not contain the text password.

      Parameters:
      password - the password to test
      Returns:
      true if the password is valid
    • isPasswordEqual

      public boolean isPasswordEqual(String plainTextPassword, UserAccount userAccount)
      Return a boolean to check whether password equals its hash value.
      Parameters:
      plainTextPassword - plain text password
      userAccount - hash value of the original password
      Returns:
      true if the plaintext password is equal to the hash and salt value
    • hasAccessToUser

      public boolean hasAccessToUser(UserAccount accessingUser, UserAccount targetUser)
      Check whether a user account can access another user in principle (e.g. for editing). This method does not check permissions; rather, a user can access another user if the accessing user is an administrator and the target user is either a portal user or belongs to a subset of the organisations of the accessing user
      Parameters:
      accessingUser - the accessing user
      targetUser - the target user (required)
      Returns:
      true if the accessing user can in principle access the target user, not considering specific permissions
      Since:
      4.1.0
    • hasPermission

      public boolean hasPermission(UserAccount user, Portal portal, String permissionName)
      Check whether the user can access a certain portal and has a certain permission
      Parameters:
      user - the user
      portal - the portal
      permissionName - the permission name
      Returns:
      true if the user can access the portal and has the permission
    • handleEmailVerification

      public void handleEmailVerification(UserAccount userAccount)
      Handle an email verification confirmation by a user. This method will perform a database commit.
      Parameters:
      userAccount - the user account which has been verified (required)
    • purgeUnverifiedAccounts

      public int purgeUnverifiedAccounts()
      Purges user accounts that require email verification but have exceeded their purge time.
      Returns:
      the number of records that were deleted
    • inactivateExpiredAccounts

      public int inactivateExpiredAccounts()
      Deactivate all users whose last access time (or creation time if the last access time is not set) is older than the expiry time set in the security manager. To find the set of users, we iterate through all security managers and their portals. Note that users are deactivated for all portals even if just one of them triggers the expiry. This method performs a database commit.
      Returns:
      the number of users that were deactivated
      Since:
      4.3.0