Class User

All Implemented Interfaces:
AccessControlled, Identifiable, Nameable, Registered, Removable, SystemItem

public class User extends BasicItem implements Nameable, Removable, SystemItem, Registered
This class is used to represent a user in BASE.
Version:
2.0
Author:
Nicklas
Last modified
$Date: 2018-03-14 14:17:56 +0100 (on, 14 mar 2018) $
  • Field Details

    • TYPE

      public static final Item TYPE
      The type of item represented by this class.
      See Also:
    • ROOT

      public static final String ROOT
      The system id for the User representing the root account. The root user has full access to everything in BASE.
      See Also:
    • RUNTIME_FILTER

      private static final QueryRuntimeFilter RUNTIME_FILTER
      This filter will limit a query to only return users which are members of at least one of the groups where the logged in user is a member unless the logged in user has generic read permission.
    • verificationCode

      private String verificationCode
    • verifiedEmail

      private String verifiedEmail
    • MAX_EXTERNAL_ID_LENGTH

      public static final int MAX_EXTERNAL_ID_LENGTH
      The maximum length of the external ID that can be stored in the database.
      See Also:
    • MAX_LOGIN_LENGTH

      public static final int MAX_LOGIN_LENGTH
      The maximum length of the login that can be stored in the database.
      See Also:
    • MAX_ORGANISATION_LENGTH

      public static final int MAX_ORGANISATION_LENGTH
      The maximum length of the organisation that can be stored in the database.
      See Also:
    • MAX_ADDRESS_LENGTH

      public static final int MAX_ADDRESS_LENGTH
      The maximum length of the address that can be stored in the database.
      See Also:
    • MAX_PHONE_LENGTH

      public static final int MAX_PHONE_LENGTH
      The maximum length of the phone that can be stored in the database.
      See Also:
    • MAX_FAX_LENGTH

      public static final int MAX_FAX_LENGTH
      The maximum length of the fax that can be stored in the database.
      See Also:
    • MAX_EMAIL_LENGTH

      public static final int MAX_EMAIL_LENGTH
      The maximum length of the email address that can be stored in the database.
      See Also:
    • MAX_URL_LENGTH

      public static final int MAX_URL_LENGTH
      The maximum length of the url that can be stored in the database.
      See Also:
  • Constructor Details

  • Method Details

    • getNew

      public static User getNew(DbControl dc, String login, String password) throws BaseException
      Create a new User item.
      Parameters:
      dc - The DbControl which will be used for permission checking and database access
      login - The login for the user (required)
      password - The password for the user (required)
      Returns:
      The new User item
      Throws:
      BaseException - If there is an error
    • getById

      public static User getById(DbControl dc, int id) throws ItemNotFoundException, PermissionDeniedException, BaseException
      Get a User item when you know the ID.
      Parameters:
      dc - The DbControl which will be used for permission checking and database access.
      id - The ID of the item to load
      Returns:
      The User item
      Throws:
      ItemNotFoundException - If an item with the specified ID is not found
      PermissionDeniedException - If the logged in user doesn't have Permission.READ permission to the item
      BaseException - If there is another error
    • getAllMembers

      public static Set<Integer> getAllMembers(DbControl dc, Set<Integer> groupIds)
      Load the ID:s of all users that are direct members of the specified groups.
      Parameters:
      dc - DbControl used to access database.
      groupIds - The ID:s of the groups
      Returns:
      The ID:s of all members
      See Also:
    • getAllMembers

      static Set<Integer> getAllMembers(Session session, Collection<Integer> groupIds)
    • addDefultRolesAndGroups

      static void addDefultRolesAndGroups(Session session, UserData user)
      Add all groups and roles that has been marked as default to the user.
      Since:
      2.4
    • getQuery

      public static ItemQuery<User> getQuery()
      Get a query configured to retrieve users. If the logged in user doesn't have generic permission to all users, only users that are members in at least one group where the logged in user is also a member are returned. The Everyone group is not considered since all users automatically are members to that group.
      Returns:
      An ItemQuery object
    • loginIsUsed

      public static boolean loginIsUsed(DbControl dc, String login)
      Check if a login name already exists in the database
      Parameters:
      dc - An open DbControl used to access the database.
      login - The login name to look for
      Returns:
      TRUE if an user has the login. FALSE if the login is not in use.
    • externalIdIsUsed

      public static boolean externalIdIsUsed(DbControl dc, String externalId)
      Check if an external ID already exists in the database
      Parameters:
      dc - An open DbControl used to access the database.
      externalId - The externalID to look for
      Returns:
      TRUE if an user has the external ID. FALSE if the externalID is not in use.
    • encryptPassword

      static String encryptPassword(String password)
      Encrypt the plain-text password. The password is ecnrypted by first calculating the MD5 of the password and then using bcrypt with a random salt on the MD5.
      Parameters:
      password - The plain-text password
    • checkPassword

      static boolean checkPassword(String password, String cryptedPassword)
      Check the plain-text password against the crypted password.
      Parameters:
      password - The plain-text password
      cryptedPassword - The crypted password
      Returns:
      TRUE if the password is correct, FALSE if not
    • getData

      UserData getData()
      Description copied from class: BasicItem
      Get the BasicData object that holds all data for this item.
      Specified by:
      getData in class BasicItem
    • getType

      public Item getType()
      Description copied from interface: Identifiable
      Get the type of item represented by the object. The returned value is one of the values defined in the Item enumeration.
      Specified by:
      getType in interface Identifiable
      Returns:
      A value indicating the type of item
    • getName

      public String getName()
      Description copied from interface: Nameable
      Get the name of the item.
      Specified by:
      getName in interface Nameable
      Returns:
      A String with the name of the item
    • setName

      public void setName(String name) throws PermissionDeniedException, InvalidDataException
      Description copied from interface: Nameable
      Set the name of the item. The name cannot be null and mustn't be longer than the value specified by the Nameable.MAX_NAME_LENGTH constant.
      Specified by:
      setName in interface Nameable
      Parameters:
      name - The new name for the item
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      InvalidDataException - If the name is null or longer than specified by the Nameable.MAX_NAME_LENGTH constant
    • getDescription

      public String getDescription()
      Description copied from interface: Nameable
      Get the description for the item.
      Specified by:
      getDescription in interface Nameable
      Returns:
      A String with a description of the item
    • setDescription

      public void setDescription(String description) throws PermissionDeniedException, InvalidDataException
      Description copied from interface: Nameable
      Set the description for the item. The description can be null but mustn't be longer than the value specified by the Nameable.MAX_DESCRIPTION_LENGTH constant.
      Specified by:
      setDescription in interface Nameable
      Parameters:
      description - The new description for the item
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      InvalidDataException - If the description longer than specified by the Nameable.MAX_DESCRIPTION_LENGTH constant
    • isRemoved

      public boolean isRemoved()
      Description copied from interface: Removable
      Check if the removed flag is set for this item.
      Specified by:
      isRemoved in interface Removable
      Returns:
      TRUE if the item is flagged as removed, FALSE otherwise
    • setRemoved

      public void setRemoved(boolean removed) throws PermissionDeniedException
      Description copied from interface: Removable
      Set the removed flag for this item.
      Specified by:
      setRemoved in interface Removable
      Parameters:
      removed - TRUE if the item should be flagged as removed, FALSE otherwise
      Throws:
      PermissionDeniedException - If the logged in user doesn't have Permission.DELETE permission for setting the flag to TRUE or Permission.WRITE permission for setting the flag to FALSE
    • getRemovedBy

      public User getRemovedBy() throws PermissionDeniedException, ItemNotFoundException
      Description copied from interface: Removable
      Get the user that flagged this item for removal.
      Specified by:
      getRemovedBy in interface Removable
      Returns:
      A User object, or null if this item has not been flagged
      Throws:
      PermissionDeniedException - If the logged in user doesn't have Permission.READ permission for the user
      ItemNotFoundException - If the user that removed this item can't be found
    • getSystemId

      public String getSystemId()
      Description copied from interface: SystemItem
      Get the system id for the item.
      Specified by:
      getSystemId in interface SystemItem
      Returns:
      The id of the item or null if it is not a system item
    • isSystemItem

      public boolean isSystemItem()
      Description copied from interface: SystemItem
      Check if the item is a system item or not. A system item have a non-null value for the system id.
      Specified by:
      isSystemItem in interface SystemItem
      Returns:
      TRUE if this item is a system item, FALSE otherwise
    • getEntryDate

      public Date getEntryDate()
      Description copied from interface: Registered
      Get the date that the item was registered in the database.
      Specified by:
      getEntryDate in interface Registered
      Returns:
      A date or null if this is not known
    • setEntryDate

      public void setEntryDate(Date entryDate)
      Description copied from interface: Registered
      Set the date the entry was registered in the database. Implementations should only allow this property to be set before the item is first stored in the database. The intention of this method is to facilitate export/import of data between server.
      Specified by:
      setEntryDate in interface Registered
      Parameters:
      entryDate - A date or null to use today's date
    • isUsed

      public boolean isUsed() throws BaseException
      Checks if:
      • any Ownable item is owned by this user
      A user can also be referenced from groups, roles, projects, item keys, sessions and settings, but those references are automatically deleted if the user is deleted and aren't inclued in this check.
      Overrides:
      isUsed in class BasicItem
      Returns:
      TRUE if this item is used, FALSE otherwise
      Throws:
      BaseException - If not able to tell if item is used or not.
      See Also:
    • getUsingItems

      public Set<ItemProxy> getUsingItems()
      Get all:
      Overrides:
      getUsingItems in class BasicItem
      Returns:
      A set containing proxies for the items, or an empty set if no items are using this item
      Since:
      2.2
      See Also:
    • breakCircularReferences

      int breakCircularReferences(Set<ItemProxy> items)
      If the home directory is found among the items, set it to null.
      Overrides:
      breakCircularReferences in class BasicItem
      Since:
      3.8
    • initPermissions

      void initPermissions(int granted, int denied) throws BaseException
      If the logged in user is the same as this user RESTRICTED_WRITE permissions is granted, unless it is a multiuser account. If this is a system user, delete and create permissions are revoked. Finally READ permission is granted to if the user is a member of at least one group where the logged in user is also a member.
      Overrides:
      initPermissions in class BasicItem
      Parameters:
      granted - Permissions that have been granted by the subclass
      denied - Permissions that have been denied by the subclass
      Throws:
      BaseException - If the permissions couldn't be initialised
    • getPluginPermissions

      PluginPermission getPluginPermissions()
      Make sure plug-ins always has at least read access to the logged in user.
      Overrides:
      getPluginPermissions in class BasicItem
      Since:
      2.9
    • setPassword

      public void setPassword(String password) throws PermissionDeniedException, InvalidDataException
      Set the password.
      Parameters:
      password - Password to set. A null password is not allowed.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have restricted_write permission
      InvalidDataException - If the new password is null
    • getExpirationDate

      public Date getExpirationDate()
      Get the expire date of the account. When the expiration date have been passed the user can't login. A null value indicates that the account will never expire.
      Returns:
      A Date object or null.
    • setExpirationDate

      public void setExpirationDate(Date expirationDate) throws PermissionDeniedException
      Sets the expiration date of the account. A null value indicates that the account will never expire.
      Parameters:
      expirationDate - Date when the account should expire.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
    • isDisabled

      public boolean isDisabled()
      Check if this account has been disabled. It is not possible to login if the account is disabled.
      Returns:
      TRUE if the account is disabled, FALSE otherwise
    • setDisabled

      public void setDisabled(boolean disabled) throws PermissionDeniedException
      Disables or enables the account.
      Parameters:
      disabled - TRUE to disabled the account, FALSE to enabled it
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      See Also:
    • getUseDeviceVerification

      public boolean getUseDeviceVerification()
      A flag indicating if device verification has been enabled for this account.
      Since:
      3.12
    • setUseDeviceVerification

      public void setUseDeviceVerification(boolean useDeviceVerification)
      Enable or disable device verification for this user account. Note that WRITE permission is required to use this method which is normally only given to administrators. To let a user enable this feature by itself, the email address must first be verified.
      Since:
      3.12
      See Also:
    • sendEmailVerificationCode

      public void sendEmailVerificationCode(String serverUrl)
      Send a verification code to the currently registered email address. The client application should ask the user to enter the verification code and then call enableDeviceVerification(String). The verification must be done with the same User instance since the verification code is only temporarily stored inside this instance.
      Parameters:
      serverUrl - URL to the server or null to use the default application title
      Since:
      3.12
    • enableDeviceVerification

      public void enableDeviceVerification(String code)
      Verify the email and enables device verification.
      Parameters:
      code - The code that was sent by email to the user
      Since:
      3.12
      See Also:
    • disableDeviceVerification

      public void disableDeviceVerification()
      Disable device verification.
      Since:
      3.12
    • isMultiuserAccount

      public boolean isMultiuserAccount()
      Check if the user account is a multiuser account or not. Multiuser accounts don't have write permissions for contact information and settings.
      Returns:
      TRUE if the user account is a multiuser account, FALSE otherwise
    • setMultiuserAccount

      public void setMultiuserAccount(boolean multiuserAccount) throws PermissionDeniedException
      Sets if the user account is multiuser account.
      Parameters:
      multiuserAccount - Set to TRUE if it is, FALSE otherwise.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
    • getExternalId

      public String getExternalId()
      Get the external id for the user account. The external id is intended to be used by external applications which need to synchronize data between the BASE database and some external database. It is not used by the core.
      Returns:
      A String object or null if not set.
    • setExternalId

      public void setExternalId(String externalId) throws PermissionDeniedException, InvalidDataException, BaseException
      Set the external id for the user account.
      Parameters:
      externalId - External id to be set, null is allowed.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      InvalidDataException - If the new value is longer than MAX_EXTERNAL_ID_LENGTH
      BaseException - If there is another error
    • getLogin

      public String getLogin()
      Get the login for the user account.
      Returns:
      A String object.
    • setLogin

      public void setLogin(String login) throws PermissionDeniedException, InvalidDataException
      Set the login for the user account.
      Parameters:
      login - Login name to set. Null is not allowed.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      InvalidDataException - If the new value is null or longer than MAX_LOGIN_LENGTH
    • getOrganisation

      public String getOrganisation()
      Get the organisation this user works for, or null if unknown.
      Returns:
      A String object or null if not set.
    • setOrganisation

      public void setOrganisation(String organisation) throws PermissionDeniedException, InvalidDataException
      Set the organisation this user works for, or null if unknown.
      Parameters:
      organisation - Some kind of name or description of the organisation to associate with the user. Not longer then 255
      Throws:
      PermissionDeniedException - If the logged in user doesn't have restricted write permission
      InvalidDataException - If the new value is longer than MAX_ORGANISATION_LENGTH
    • getAddress

      public String getAddress()
      Get the address for the user, or null if unknown.
      Returns:
      A String object, or null if not set.
    • setAddress

      public void setAddress(String address) throws PermissionDeniedException, InvalidDataException
      Set the address for the user, or null if unknown.
      Parameters:
      address - Address to be set.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      InvalidDataException - If the new value is longer than MAX_ADDRESS_LENGTH
    • getPhone

      public String getPhone()
      Get the phone number to the user, or null if unknown.
      Returns:
      A String object or null if not set.
    • setPhone

      public void setPhone(String phone) throws PermissionDeniedException, InvalidDataException
      Set the phone number to the user, or null if unknown.
      Parameters:
      phone - Phone number to set.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      InvalidDataException - If the new value is longer than MAX_PHONE_LENGTH
    • getFax

      public String getFax()
      Get the fax number to the user, or null if unknown.
      Returns:
      A String object or null if not set.
    • setFax

      public void setFax(String fax) throws PermissionDeniedException, InvalidDataException
      Set the fax number to the user, or null if unknown.
      Parameters:
      fax - Fax number to be set.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      InvalidDataException - If the new value is longer than MAX_FAX_LENGTH
    • getEmail

      public String getEmail()
      Get the email address to the user.
      Returns:
      A java.lang.String object, or null if unknown.
    • setEmail

      public void setEmail(String email) throws PermissionDeniedException, InvalidDataException
      Set the email address to the user, or null if unknown. Note! If the email address is changed, device verification will be disabled until the email address is verified!
      Parameters:
      email - Email to be set, null is allowed.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      InvalidDataException - If the new value is longer than MAX_EMAIL_LENGTH
    • getSendMessagesAsEmail

      public boolean getSendMessagesAsEmail()
      If this flag has been set, messges to the user is also sent as an email. This requires that the server admin has configured an outgoing smtp server and that this user has specified a valid email address.
      Returns:
      TRUE to send messages as email, FALSE if not
      Since:
      2.16
    • setSendMessagesAsEmail

      public void setSendMessagesAsEmail(boolean sendMessagesAsEmail)
      Set a flag indicating that all messages should also be sent as email. See getSendMessagesAsEmail() for information about restrictions.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      Since:
      2.16
    • getUrl

      public String getUrl()
      Get the URL to the user's homepage.
      Returns:
      A String object, or null if unknown.
    • setUrl

      public void setUrl(String url) throws PermissionDeniedException, InvalidDataException
      Set the URL to the user's homepage, or null if unknown.
      Parameters:
      url - URL to set. The String can be at maximum 255.
      Throws:
      PermissionDeniedException - If the logged in user doesn't have write permission
      InvalidDataException - If the new value is longer than MAX_URL_LENGTH
    • getExtended

      public Object getExtended(String name)
      Gets an extended property with a certain name
      Parameters:
      name - The name of the property
      Returns:
      An Object or null if no extended property exists with the name
      Since:
      2.4
    • setExtended

      public void setExtended(String name, Object value)
      Sets an extended property
      Parameters:
      name - The name to call the extended property by
      value - The value the extended property should have
      Throws:
      PermissionDeniedException - If the logged in user doesn't have @link {Permission#RESTRICTED_WRITE} permission for the user.
      Since:
      2.4
    • getQuota

      public Quota getQuota() throws PermissionDeniedException, BaseException
      Get the Quota that applies to the user.
      Returns:
      A Quota item
      Throws:
      PermissionDeniedException - If the logged in user doesn't have Permission.READ permission to the item
      BaseException - If there is some other kind of error.
    • setQuota

      public void setQuota(Quota quota) throws PermissionDeniedException, InvalidDataException
      Set the quota for the user.
      Parameters:
      quota - The new Quota
      Throws:
      InvalidDataException - If the quota is null
      PermissionDeniedException - If the logged in user doesn't have Permission.WRITE permission for the user or Permission.USE permission for the quota
    • getQuotaGroup

      public Group getQuotaGroup() throws PermissionDeniedException, BaseException
      Get the Group whose Quota also applies to the user.
      Returns:
      A Group item, or null if no group has been specified
      Throws:
      PermissionDeniedException - If the logged in user doesn't have Permission.READ permission to the item
      BaseException - If there is some other kind of error.
    • setQuotaGroup

      public void setQuotaGroup(Group quotaGroup) throws PermissionDeniedException
      Set the group whose quota should be checked for disk consuming items.
      Parameters:
      quotaGroup - The new Group
      Throws:
      PermissionDeniedException - If the logged in user doesn't have Permission.WRITE permission for the user or Permission.USE permission for the group
    • getDiskUsage

      public long getDiskUsage(QuotaType quotaType, Location location) throws BaseException
      Get the used number of bytes for the specified quota type and location.
      Parameters:
      quotaType - The QuotaType
      location - The location
      Returns:
      The number of bytes that have been used
      Throws:
      BaseException - If one of the required parameter is null or if there is some other kind of error.
    • hasExceededQuota

      public boolean hasExceededQuota(QuotaType quotaType, Location location)
      Check if the user has used more quota than what has been assigned. This method will check both the user's primary quota and, if it exists, the group quota. The most restrictive quota is used.
      Parameters:
      quotaType - The quota type to check
      location - The location
      Returns:
      TRUE if the quota has been exceeded, FALSE otherwise
      Since:
      2.4
    • getHomeDirectory

      public Directory getHomeDirectory() throws PermissionDeniedException, BaseException
      Get the home Directory for this user.
      Returns:
      A Directory item, or null if no home directory has been specified
      Throws:
      PermissionDeniedException - If the logged in user doesn't have Permission.READ permission to the directory
      BaseException - If there is some other kind of error.
    • setHomeDirectory

      public void setHomeDirectory(Directory homeDirectory) throws PermissionDeniedException, InvalidDataException
      Set the home directory for the user.
      Parameters:
      homeDirectory - The new home Directory
      Throws:
      PermissionDeniedException - If the logged in user doesn't have Permission.WRITE permission for the user or Permission.USE permission for the directory
      InvalidDataException - If the home directory is not a subdirectory to /root/home
    • addToDefaultRolesAndGroups

      public void addToDefaultRolesAndGroups() throws BaseException
      Add this user to the groups and roles that has been marked as default for new users.
      Throws:
      BaseException - If there is a problem
      Since:
      2.4
    • getRoles

      public ItemQuery<Role> getRoles()
      Get a query that returns the roles where this user is a member. The query excludes roles that the logged in user doesn't have permission to read.
      Returns:
      a restricted ItemQuery.
      See Also:
    • getGroups

      public ItemQuery<Group> getGroups()
      Get a query that returns the groups where this user is a member. The query excludes groups that the logged in user doesn't have permission to read.
      Returns:
      A restricted ItemQuery.
      See Also:
    • getProjects

      public ItemQuery<Project> getProjects()
      Get a query that returns the projects where this user is a member. The query excludes projects that the logged in user doesn't have permission to read. The query doesn't include projects where this user is the owner.
      Returns:
      A restricted ItemQuery
      See Also:
    • newDefaultSetting

      Create a new default setting for this user.
      Parameters:
      name - The name of the setting
      value - The value of the setting
      Returns:
      The new UserDefaultSetting object
      Throws:
      PermissionDeniedException - If the logged in user doesn't have restricted write permission
      InvalidDataException - If the name or value is null or longer than what is allowed
      BaseException - If there is another error
      See Also:
    • getDefaultSettings

      public ItemQuery<UserDefaultSetting> getDefaultSettings()
      Get a query that returns all default settings for this user.
      Returns:
      An ItemQuery object
      See Also:
    • newClientSetting

      public UserClientSetting newClientSetting(Client client, String name, String value) throws PermissionDeniedException, InvalidDataException, BaseException
      Create a new client application setting for this user.
      Parameters:
      client - The client application
      name - The name of the setting
      value - The value of the setting
      Returns:
      The new UserDefaultSetting object
      Throws:
      PermissionDeniedException - If the logged in user doesn't have restricted write permission
      InvalidDataException - If the name or value is null or longer than what is allowed
      BaseException - If there is another error
      See Also:
    • getClientSettings

      public ItemQuery<UserClientSetting> getClientSettings(Client client)
      Get a query that returns the settings for the specified client.
      Parameters:
      client - The client application
      Returns:
      An ItemQuery object
      See Also:
    • getMessages

      public ItemQuery<Message> getMessages()
      Get a query that returns all messages for the user.
      Returns:
      An ItemQuery object
      See Also:
    • getItems

      public ResultList<Ownable> getItems(Item itemType, int firstItem, int maxItems, Permission permission)
      See Also:
    • getItems

      public ResultList<Ownable> getItems(Set<Item> itemTypes, int firstItem, int maxItems, Permission permission, Restriction restriction)
      Load the items owned by this user. If this user is not the same as the currently logged in user this method will only load items that are shared to the logged in user with the given permission.
      Parameters:
      itemTypes - Limit the list to only return items of the specified types, use null or an empty set to return items of all types
      firstItem - The index of the first item to return (0-based)
      maxItems - The maximum number of items to return, or 0 to return all items
      permission - The permission the logged in user should have on the items
      restriction - An optional restriction that is applied to the queries to further reduce the list
      Returns:
      A list containing ownable items
      Since:
      2.15