Package com.avoka.fc.core.service
Class UserService
java.lang.Object
com.avoka.fc.core.service.BaseService
com.avoka.fc.core.service.CayenneService
com.avoka.fc.core.service.UserService
Provides service methods involving UserAccount and related entities.
-
Constructor Summary
ConstructorDescriptionUserService
(Portal portal) Create a new UserService for the given portal context. -
Method Summary
Modifier and TypeMethodDescriptionboolean
addPortalForUser
(UserAccount user, Portal portal) Add the portal access right for a given user.boolean
addUserToGroup
(UserAccount user, Group group) Add a user to a group.void
associateUserWithSubmission
(UserAccount user, Submission submission) Associate the given user account with the specified submission, also associate user with the submission's portal if not associated.void
changeUserPassword
(UserAccount userAccount, String newPassword) Change a password for a user.void
changeUserPassword
(UserAccount userAccount, String newPassword, boolean commitChanges) Change a password for a user.createLocalUserAndLogin
(String loginName, String password, String email, String givenName, String familyName, String mobile, Portal portal) Create a Local type UserAccount and log them in with the Spring Security Context, and return the new account.Create a randomly generated password value with a length of 8 characters.createRandomPassword
(int length) Create a randomly generated password value.createSsoUserAccount
(String loginName, String email, String givenName, String familyName, Map<String, String> profileMap) Create an SSO type user account and profile with the given details.createUpdateSsoUserAccount
(String loginName, String email, String givenName, String familyName, Map<String, String> profileMap) Looks for and existing SSO userAccount for the portal.createUserAndProfile
(String loginName, String email, String password, String givenName, String familyName, String authenticationDomain, String userType, Portal portal, boolean isSelfRegistration) Create a registered user with a default profile from the given user details.createUserAndProfile
(String loginName, String email, String password, String givenName, String familyName, String mobile, String authenticationDomain, String userType, Portal portal, boolean isSelfRegistration) Create a registered user with a default profile from the given user details.void
createUserPasswordHistory
(UserAccount userAccount) Creates user password history after setting a password.Generate a random password.static UserAccount
Get the active user account.void
getPasswordAndLoadDefaultAdminUser
(String configFilePath) Get the password from keyStore and call loadDefaultAdminUser to create a default administrator and password only if the user list is empty with no submissionsgetRolesPermissionIds
(Object roleId, Object portalId) Get a list of permission id given a role id and a portal id Note: This method returns the list of permissions regardless of the role's active status.getUserRoleIds
(Object userId) Get user roles Id list.void
handleEmailVerification
(UserAccount userAccount) Handle an email verification confirmation by a user.boolean
hasAccessToUser
(UserAccount accessingUser, UserAccount targetUser) Check whether a user account can access another user in principle (e.g.boolean
hasPermission
(UserAccount user, Portal portal, String permissionName) Check whether the user can access a certain portal and has a certain permissionint
Deactivate all users whose last access time (or creation time if the last access time is not set) is older than the expiry time set in the security manager.boolean
isAssociatedWithPortal
(UserAccount user, String portalName) Check if the user have access right to the portal.boolean
isPasswordEqual
(String plainTextPassword, UserAccount userAccount) Return a boolean to check whether password equals its hash value.void
loadDefaultAdminUser
(String password) Create a default administrator with the user name: administrator and provided password only if the user list is empty.int
Purges user accounts that require email verification but have exceeded their purge time.boolean
removeUserFromGroup
(UserAccount user, Group group) Remove a user from a group.void
updateActiveUserProfile
(UserAccount userAccount, Map<String, String> profileMap) Update user account's active profile with the given profile values map.void
updateClients
(Object userId, List<String> clientIdList) Assign a user to a list of clients.void
updateGroupMembers
(Object groupId, List<String> userIdList) Update a group with a new provided user member list.void
updateGroups
(Object userId, List<String> groupIdList) Assign a user to a user group list.boolean
updateLockStatus
(UserAccount userAccount) Check the user's lock status and unlock them if they were locked temporarily and the lockout duration has passed.void
updatePermissions
(String roleId, String portalId, List<String> newPermissionIds) Assign a portal role with a list of permissions.void
updatePortals
(Object userId, List<String> portalIdList) Assign a user to a list of portals.void
updateRoleMembers
(Object roleId, List<String> userIdList) Update a role with a new list of user.void
updateRoles
(Object userId, List<String> newRoleIds, UserAccount currentAdminUser) Update the given user to have the given list of roles only (i.e delete ones not in list, add ones in list).validatePassword
(String password, UserAccount userAccount) Validate the given password return null if sufficiently complex or otherwise will return an error message.Methods inherited from class com.avoka.fc.core.service.CayenneService
commitChanges, deleteObject, deleteObjects, findObject, getDataContext, getDataDomain, getObjectForPK, getObjectStore, newObject, performNamedQuery, performNamedQuery, performNamedQuery, performNonSelectingQuery, performNonSelectingQuery, performNonSelectingQuery, performNonSelectingQuery, performQuery, performQuery, refetchEntity, refetchObject, registerNewObject, rollbackChanges, toMap, toMap
Methods inherited from class com.avoka.fc.core.service.BaseService
getLogger
-
Constructor Details
-
UserService
Create a new UserService for the given portal context.- Parameters:
portal
- the portal context
-
-
Method Details
-
getUserRoleIds
Get user roles Id list.- Parameters:
userId
- the user id- Returns:
- a list of user role id
-
getActiveUserAccount
Get the active user account. Note: one should call that method after assuring the login name is not null.- Returns:
- the active user account
- Since:
- 22.4.0
-
getRolesPermissionIds
Get a list of permission id given a role id and a portal id Note: This method returns the list of permissions regardless of the role's active status. Additional checks are therefore needed to check which permissions actually apply.- Parameters:
roleId
- the role idportalId
- the portal id- Returns:
- a list of permission id
-
updateClients
Assign a user to a list of clients. All other clients will be removed from the user. Note that this method contains database transactions.- Parameters:
userId
- a user idclientIdList
- a list of client OIDs to associate the user with- Since:
- 4.0.0
-
updateRoles
Update the given user to have the given list of roles only (i.e delete ones not in list, add ones in list). This method also persists the new role list for the user into the database. Note that this method contains database transactions.- Parameters:
userId
- user idnewRoleIds
- new the list of role OIDs to associate the user withcurrentAdminUser
- the current logged in administrator user
-
updateGroups
Assign a user to a user group list. All other groups will be removed from the user. Note that this method contains database transactions.- Parameters:
userId
- the user idgroupIdList
- the list of group OIDs
-
updatePortals
Assign a user to a list of portals. All other portals will be removed from the user. Note that this method contains database transactions.- Parameters:
userId
- a user idportalIdList
- a list of portal OIDs
-
updatePermissions
Assign a portal role with a list of permissions. Note that all other permissions for the given portal will be removed from the role. Note that this method contains database transactions.- Parameters:
roleId
- the role idportalId
- the portal idnewPermissionIds
- the list permission OIDs to assign to the role
-
updateGroupMembers
Update a group with a new provided user member list. All other users will be removed from the group. Note that this method contains database transactions.- Parameters:
groupId
- the OID of the group (required)userIdList
- a list of user OIDs that shall be group members
-
updateRoleMembers
Update a role with a new list of user. All other users will be removed from this role. Note that this method contains database transactions.- Parameters:
roleId
- a roleuserIdList
- a list of user OIDs that shall be associated with the role.
-
updateActiveUserProfile
Update user account's active profile with the given profile values map. If the user does not have an active profile one will be created. This method will also create user scope PropertyTypes if required.- Parameters:
userAccount
- the user account (required)profileMap
- the value to populate the active user profile with (required)- Since:
- 3.6.0
-
updateLockStatus
Check the user's lock status and unlock them if they were locked temporarily and the lockout duration has passed. Note: This method performs a DB commit.- Parameters:
userAccount
- the user account (required)- Returns:
- true if the user's account status changed
- Since:
- 3.6.0
-
getPasswordAndLoadDefaultAdminUser
Get the password from keyStore and call loadDefaultAdminUser to create a default administrator and password only if the user list is empty with no submissions- Parameters:
configFilePath
- standalone configuration path- Throws:
Exception
- if an error occurs- Since:
- 23.10.0
-
loadDefaultAdminUser
Create a default administrator with the user name: administrator and provided password only if the user list is empty. (i.e. all users are accidently deleted or the system is newly built) -
createUserAndProfile
public UserAccount createUserAndProfile(String loginName, String email, String password, String givenName, String familyName, String authenticationDomain, String userType, Portal portal, boolean isSelfRegistration) throws ApplicationException, ApplicationEmailException Create a registered user with a default profile from the given user details. An email verification email will be sent if needed. Users will be made pending or active, depending on how the security manager operates. Status notification emails are NOT sent by this method. This is the only supported way to create local user accounts. Note that this method contains database transactions.- Parameters:
loginName
- the users login name (required)email
- the users email (required)password
- the users login password (required for local users)givenName
- the users first name (required)familyName
- the users family name (required)authenticationDomain
- the authentication domain (required for LDAP users; generally equal to the LDAP search base)userType
- the user type (required; one ofUserAccount.USER_TYPES
)portal
- the portal that the user will be assigned toisSelfRegistration
- whether the user is registering the account, or whether an administrator or other process is creating the account. If set to true, additional checks such as email verification will be included.- Returns:
- the persisted UserDetails object
- Throws:
ApplicationException
- if the username already exists or the password is not validApplicationEmailException
- if an user account verification email could not be sent
-
createUserAndProfile
public UserAccount createUserAndProfile(String loginName, String email, String password, String givenName, String familyName, String mobile, String authenticationDomain, String userType, Portal portal, boolean isSelfRegistration) throws ApplicationException, ApplicationEmailException Create a registered user with a default profile from the given user details. An email verification email will be sent if needed. Users will be made pending or active, depending on how the security manager service operates. Status notification emails are NOT sent by this method. This is the only supported way to create local user accounts. Note that this method contains database transactions.- Parameters:
loginName
- the users login name (required)email
- the users email (required)password
- the users login password (required for local users)givenName
- the users first name (required)familyName
- the users family name (required)mobile
- the users mobile (optional)authenticationDomain
- the authentication domain (required for LDAP users; generally equal to the LDAP search base)userType
- the user type (required; one ofUserAccount.USER_TYPES
)portal
- the portal that the user will be assigned toisSelfRegistration
- whether the user is registering the account, or whether an administrator or other process is creating the account. If set to true, additional checks such as email verification will be included.- Returns:
- the persisted UserDetails object
- Throws:
ApplicationException
- if the username already exists or the password is not validApplicationEmailException
- if an user account verification email could not be sent- Since:
- 3.5.0
-
createSsoUserAccount
public UserAccount createSsoUserAccount(String loginName, String email, String givenName, String familyName, Map<String, String> profileMap) throws ApplicationExceptionCreate an SSO type user account and profile with the given details. Note that this method contains database transactions.- Parameters:
loginName
- the users login name (required)email
- the users emailgivenName
- the users first namefamilyName
- the users family nameprofileMap
- the map of user property values to populate their default profile with- Returns:
- the new UserAccount object
- Throws:
ApplicationException
- if an error occur creating the new user account- Since:
- 3.6.0
-
createLocalUserAndLogin
public UserAccount createLocalUserAndLogin(String loginName, String password, String email, String givenName, String familyName, String mobile, Portal portal) throws ApplicationException Create a Local type UserAccount and log them in with the Spring Security Context, and return the new account.- Parameters:
loginName
- the user login name (required)password
- the user account password (required)email
- the user email address (required)givenName
- the users first name (optional)familyName
- the users last name (optional)mobile
- the user mobile phone number (optional)portal
- the portal to associate the user with- Returns:
- the new user account
- Throws:
ApplicationException
- if the loginName already exists or the password is not valid- Since:
- 4.1.0
-
createUpdateSsoUserAccount
public UserAccount createUpdateSsoUserAccount(String loginName, String email, String givenName, String familyName, Map<String, String> profileMap) throws ApplicationExceptionLooks for and existing SSO userAccount for the portal. If one is found it updates the user account and profile with the given details. Otherwise creates an SSO type user account and profile with the given details. Note that this method contains database transactions.- Parameters:
loginName
- the users login name (required)email
- the users emailgivenName
- the users first namefamilyName
- the users family nameprofileMap
- the map of user property values to populate their default profile with- Returns:
- the new UserAccount object
- Throws:
ApplicationException
- if an error occur creating the new user account- Since:
- 4.0.0
-
createRandomPassword
Create a randomly generated password value with a length of 8 characters.- Returns:
- a randomly generated password value
-
createRandomPassword
Create a randomly generated password value.- Parameters:
length
- the password length, must be 3 or more characters in length- Returns:
- a randomly generated password value
-
addUserToGroup
Add a user to a group. Note that this method contains database transactions.- Parameters:
user
- a user (required)group
- a group (required)- Returns:
- true if the user was added to the group, false if they were already a member
-
associateUserWithSubmission
Associate the given user account with the specified submission, also associate user with the submission's portal if not associated.- Parameters:
user
- the user account to associate with the submissionsubmission
- the submission record to associate with the user- Since:
- 4.1.0
-
removeUserFromGroup
Remove a user from a group. Note that this method contains database transactions.- Parameters:
user
- a user (required)group
- a group (required)- Returns:
- true if the user was removed from the group, false if they were not in the group in the first place
-
addPortalForUser
Add the portal access right for a given user. Note that this method contains database transactions.- Parameters:
user
- a userportal
- a portal- Returns:
- true if the user has already got access right, otherwise add the right and return true
-
isAssociatedWithPortal
Check if the user have access right to the portal.- Parameters:
user
- the user account objectportalName
- the portal name- Returns:
- true if the user have access right to the portal
-
changeUserPassword
Change a password for a user. Note that this method contains database transactions.- Parameters:
userAccount
- the user account object referencenewPassword
- new password for the user
-
changeUserPassword
Change a password for a user. Note that this method contains database transactions.- Parameters:
userAccount
- the user account object referencenewPassword
- new password for the usercommitChanges
- commit the changes to the database
-
generatePassword
Generate a random password. This method callscreateRandomPassword()
.- Returns:
- the new generated password
-
validatePassword
Validate the given password return null if sufficiently complex or otherwise will return an error message. Valid passwords must be 6 characters in length, and contain a letter and a character, and does not contain the text password.- Parameters:
password
- the password to testuserAccount
- the user account against which the password will be validated- Returns:
- true if the password is valid
-
isPasswordEqual
Return a boolean to check whether password equals its hash value.- Parameters:
plainTextPassword
- plain text passworduserAccount
- hash value of the original password- Returns:
- true if the plaintext password is equal to the hash and salt value
-
hasAccessToUser
Check whether a user account can access another user in principle (e.g. for editing). This method does not check permissions; rather, a user can access another user if the accessing user is an administrator and the target user is either a portal user or belongs to a subset of the organisations of the accessing user- Parameters:
accessingUser
- the accessing usertargetUser
- the target user (required)- Returns:
- true if the accessing user can in principle access the target user, not considering specific permissions
- Since:
- 4.1.0
-
hasPermission
Check whether the user can access a certain portal and has a certain permission- Parameters:
user
- the userportal
- the portalpermissionName
- the permission name- Returns:
- true if the user can access the portal and has the permission
-
handleEmailVerification
Handle an email verification confirmation by a user. This method will perform a database commit.- Parameters:
userAccount
- the user account which has been verified (required)
-
purgeUnverifiedAccounts
public int purgeUnverifiedAccounts()Purges user accounts that require email verification but have exceeded their purge time.- Returns:
- the number of records that were deleted
-
inactivateExpiredAccounts
public int inactivateExpiredAccounts()Deactivate all users whose last access time (or creation time if the last access time is not set) is older than the expiry time set in the security manager. To find the set of users, we iterate through all security managers and their portals. Note that users are deactivated for all portals even if just one of them triggers the expiry. This method performs a database commit.- Returns:
- the number of users that were deactivated
- Since:
- 4.3.0
-
createUserPasswordHistory
Creates user password history after setting a password. This method also replaces the old password history record with the new one if the current number of the passwords is equal to that in the security manager parameter- Parameters:
userAccount
- the userAccount for which password history should be created- Since:
- 24.10.0
-