public interface ApplicationService
This class performs amalgamation across the active directories assigned to client applications (providing a unified view of their directories).
Modifier and Type | Interface and Description |
---|---|
static interface |
ApplicationService.MembershipsIterable |
Modifier and Type | Method and Description |
---|---|
void |
addAllUsers(Application application,
Collection<UserTemplateWithCredentialAndAttributes> users)
Adds the user to THE FIRST permissible active directory.
|
Group |
addGroup(Application application,
GroupTemplate group)
Adds the group to ALL the active permissible directories.
|
void |
addGroupToGroup(Application application,
String childGroupName,
String parentGroupName)
Makes groups matching the given name (childGroupName) direct members of the group (parentGroupName) across ALL active directories.
|
User |
addUser(Application application,
UserTemplate user,
PasswordCredential credential)
|
UserWithAttributes |
addUser(Application application,
UserTemplateWithAttributes user,
PasswordCredential credential)
Adds the user to the first permissible active directory.
|
void |
addUserToGroup(Application application,
String username,
String groupName)
Makes the primary user of the given username a direct member of the group on the directory where the primary user resides.
|
User |
authenticateUser(Application application,
String username,
PasswordCredential passwordCredential)
Will attempt to authenticate the given user against the application.
|
<T> PagedSearcher<T> |
createPagedGroupSearcher(Application application,
EntityQuery<T> query)
Creates paged group searcher for a given group query.
|
<T> PagedSearcher<T> |
createPagedUserSearcher(Application application,
EntityQuery<T> query)
Creates paged user searcher for a given user query.
|
void |
expireAllPasswords(Application application)
Expires all passwords for all directories which are part of this application, regardless of
group mapping.
|
Group |
findGroupByName(Application application,
String name)
Returns the first group with the matching groupname
from all the active directories assigned to the application.
|
GroupWithAttributes |
findGroupWithAttributesByName(Application application,
String name)
Returns the first group with the matching groupname
from all the active directories assigned to the application.
|
User |
findRemoteUserByName(Application application,
String username)
Returns the first user with the matching username from all active directories authoratiative remote directory.
|
User |
findUserByKey(Application application,
String key)
Returns the user with a matching key from all the active directories assigned to the application.
|
User |
findUserByName(Application application,
String name)
Returns the first user with the matching username
from all the active directories assigned to the application.
|
UserWithAttributes |
findUserWithAttributesByKey(Application application,
String key)
Returns the user with a matching key from all the active directories assigned to the application.
|
UserWithAttributes |
findUserWithAttributesByName(Application application,
String name)
Returns the first user with the matching username
from all the active directories assigned to the application.
|
Webhook |
findWebhookById(Application application,
long webhookId)
Retrieves a Webhook by its identifier.
|
UserCapabilities |
getCapabilitiesForNewUsers(Application application)
Gets the expected capabilities for
new users . |
String |
getCurrentEventToken(Application application)
Returns a token that can be used for querying events that have happened
after the token was generated.
|
ApplicationService.MembershipsIterable |
getMemberships(Application application)
Returns all memberships for the given application.
|
Events |
getNewEvents(Application application,
String eventToken)
Returns an events object which contains a new eventToken and events that
happened after the given
eventToken was generated. |
AvatarReference |
getUserAvatar(Application application,
String username,
int sizeHint)
Gets an avatar for this user, if one is available.
|
URI |
getUserAvatarLink(Application application,
String username,
int sizeHint)
Gets a URL for an avatar for this user, if one is available.
|
boolean |
isGroupDirectGroupMember(Application application,
String childGroup,
String parentGroup)
Returns
true if the childGroup is a direct member of the parentGroup in any of the application's assigned directories. |
boolean |
isGroupNestedGroupMember(Application application,
String childGroup,
String parentGroup)
Returns
true if the childGroup is a direct or indirect (nested) member of the parentGroup in any of the application's active assigned directories. |
boolean |
isUserAuthorised(Application application,
String username)
Returns true if the user is permitted to attempt authentication with the application.
|
boolean |
isUserAuthorised(Application application,
User user)
Deprecated.
|
boolean |
isUserDirectGroupMember(Application application,
String username,
String groupName)
Returns
true if the user is a direct member of the group in the directory of the first user found with the specified username. |
boolean |
isUserNestedGroupMember(Application application,
String username,
String groupName)
Returns
true if the user is a direct or indirect (nested) member of the group in the directory of the first user found with the specified username. |
Webhook |
registerWebhook(Application application,
String endpointUrl,
String token)
Registers a Webhook associated to the application.
|
void |
removeGroup(Application application,
String group)
Removes ALL groups from each of the application's assigned
directories that are active.
|
void |
removeGroupAttributes(Application application,
String groupname,
String attributeName)
Removes a group's attribute values for all active permissible directories assigned to the application.
|
void |
removeGroupFromGroup(Application application,
String childGroup,
String parentGroup)
Makes child group matching the given name not members of the parent group across ALL active directories.
|
void |
removeUser(Application application,
String user)
Removes the user from the first active directory they are found in.
|
void |
removeUserAttributes(Application application,
String username,
String attributeName)
Removes a user's attribute values for the first active directory containing this username.
|
void |
removeUserFromGroup(Application application,
String username,
String groupName)
Makes the primary user of the given username no longer a member of the group on the directory where the primary user resides.
|
User |
renameUser(Application application,
String oldUserName,
String newUsername)
Renames the user in the first active directory the users exists in.
|
<T> List<T> |
searchDirectGroupRelationships(Application application,
MembershipQuery<T> query)
Searches for direct group relationships in any of the application's active assigned directories.
|
<T> List<T> |
searchGroups(Application application,
EntityQuery<T> query)
Returns a List<Group> matching the search criteria defined in the query
for ALL of the active directories assigned to the application.
|
<T> List<T> |
searchNestedGroupRelationships(Application application,
MembershipQuery<T> query)
Searches for direct and indirect (nested) group relationships in any of the application's active assigned directories.
|
<T> List<T> |
searchUsers(Application application,
EntityQuery<T> query)
Returns a List<User> or List<String> matching the search criteria defined in the query
for ALL of the active directories assigned to the application.
|
void |
storeGroupAttributes(Application application,
String groupname,
Map<String,Set<String>> attributes)
Adds or updates a group's attributes with the new Map of attribute values for all active permissible directories assigned to the application.
|
void |
storeUserAttributes(Application application,
String username,
Map<String,Set<String>> attributes)
Adds or updates a user's attributes with the new Map of attribute values for the first active directory containing this username.
|
void |
unregisterWebhook(Application application,
long webhookId)
Unregisters a Webhook.
|
Group |
updateGroup(Application application,
GroupTemplate group)
Updates the group in ALL the active permissible directories.
|
User |
updateUser(Application application,
UserTemplate user)
Updates the user in the first active directory the User belongs.
|
void |
updateUserCredential(Application application,
String username,
PasswordCredential credential)
Updates the credentials of the first matching user from all the active directories assigned to the application.
|
User |
userAuthenticated(Application application,
String username) |
User authenticateUser(Application application, String username, PasswordCredential passwordCredential) throws OperationFailedException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, UserNotFoundException
OperationFailedException
being thrown,
the authentication logic will skip those directories, instead relying on the operative ones, in the order defined in the application's directory mappings.
However, if the user, still, cannot be authenticated against any remaining directories, we suspect one of the bad directories must have held
the user account, in which case OperationFailedException
, which indicates the underlying cause of the first failing directory,
will be thrown from this method.application
- the application to authenticate againstusername
- the username to authenticate againstpasswordCredential
- the password to use for authenticationOperationFailedException
- underlying directory implementation failed to execute the operation.ExpiredCredentialException
- if the users credentials have expiredInactiveAccountException
- if the users account is marked as inactiveInvalidAuthenticationException
- if authentication with the provided credentials failed, or potentially the user does not exist.UserNotFoundException
boolean isUserAuthorised(Application application, String username)
For a user to have access to an application:
application
- application user is authenticating againstusername
- username@Deprecated boolean isUserAuthorised(Application application, User user)
isUserAuthorised(Application, String)
For a user to have access to an application:
application
- application user is authenticating againstuser
- the user that will be checkedvoid addAllUsers(Application application, Collection<UserTemplateWithCredentialAndAttributes> users) throws ApplicationPermissionException, OperationFailedException, BulkAddFailedException
If no directories have CREATE_USER permission, an ApplicationPermissionException
is thrown.
application
- add to application's assigned directories.users
- the users to add.ApplicationPermissionException
- thrown when no CREATE USER permission for any of the directories.OperationFailedException
- underlying directory implementation failed to execute the operation.BulkAddFailedException
- throw when it failed to create a user in of the directories.User findUserByName(Application application, String name) throws UserNotFoundException
The directories are searched in the order they are assigned to the application.
application
- search application's assigned directories.name
- the username of the user to find.UserNotFoundException
- user not found in any of the directories.User findRemoteUserByName(Application application, String username) throws UserNotFoundException
The directories are searched in the order they are assigned to the application.
application
- search application's assigned directories.username
- the username of the user to find.UserNotFoundException
- user not found in any of the directories.UserWithAttributes findUserWithAttributesByName(Application application, String name) throws UserNotFoundException
The directories are searched in the order they are assigned to the application.
application
- search application's assigned directories.name
- the username of the user to find.UserNotFoundException
- user not found in any of the directories.User findUserByKey(Application application, String key) throws UserNotFoundException
application
- application that is looking up the user.key
- user key to look up by.UserNotFoundException
- if the canonical user with the given key is not found in the active directories
mapped to the application.UserWithAttributes findUserWithAttributesByKey(Application application, String key) throws UserNotFoundException
application
- application that is looking up the user.key
- user key to look up by.UserNotFoundException
- if the canonical user with the given key is not found in the active directories
mapped to the application.@Deprecated User addUser(Application application, UserTemplate user, PasswordCredential credential) throws InvalidUserException, OperationFailedException, InvalidCredentialException, ApplicationPermissionException
addUser(com.atlassian.crowd.model.application.Application, com.atlassian.crowd.model.user.UserTemplateWithAttributes, com.atlassian.crowd.embedded.api.PasswordCredential)
instead. Since v2.9
If the user exists in ANY of the application's active assigned
directories, then an InvalidUserException
will be thrown.
If the add operation fails on the directory because of permission restrictions, an ApplicationPermissionException is thrown
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the add operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the added user from the directory operation.
application
- add to application's assigned directories.user
- a template of the user to be added. The directoryId of the UserTemplate is ignored, and will be mutated for each directoryMapping.credential
- the password credential of the user (unencrypted).findUserByName(com.atlassian.crowd.model.application.Application, String)
.InvalidCredentialException
- if the user's credential does not meet the validation requirements for an associated directory.InvalidUserException
- if the user already exists in ANY associated directory or the user template does not have the required properties populated.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.CREATE_USER
.UserWithAttributes addUser(Application application, UserTemplateWithAttributes user, PasswordCredential credential) throws InvalidUserException, OperationFailedException, InvalidCredentialException, ApplicationPermissionException
If the user exists in ANY of the application's active assigned
directories, then an InvalidUserException
will be thrown.
If the add operation fails on the directory because of permission restrictions, an ApplicationPermissionException is thrown
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the add operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the added user from the directory operation.
application
- add to application's assigned directories.user
- a template of the user to be added. The directoryId of the UserTemplateWithAttributes
is ignored, and will be mutated for each directoryMapping.credential
- the password credential of the user (unencrypted).findUserWithAttributesByName(com.atlassian.crowd.model.application.Application, String)
.InvalidCredentialException
- if the user's credential does not meet the validation requirements for an associated directory.InvalidUserException
- if the user already exists in ANY associated directory or the user template does not have the required properties populated.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.CREATE_USER
.User updateUser(Application application, UserTemplate user) throws InvalidUserException, OperationFailedException, ApplicationPermissionException, UserNotFoundException
If the user does not exist in ANY of the application's active assigned
directories, then a UserNotFoundException
will be thrown.
If the update operation is not allowed on the User's directory, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the updated User.
application
- application with assigned directories to operate on.user
- a template of the user to be added. The directoryId of the UserTemplate is ignored, and directories searched for the given username.InvalidUserException
- if the user template does not have the required properties populated.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the User's directory is not allowed to perform operations of type OperationType.UPDATE_USER
.UserNotFoundException
- user does not exist in any of the associated active directories of the application.User renameUser(Application application, String oldUserName, String newUsername) throws UserNotFoundException, OperationFailedException, ApplicationPermissionException, InvalidUserException
If the user does not exist in ANY of the application's active assigned
directories, then a UserNotFoundException
will be thrown.
If the rename operation is not allowed on the User's directory, an
ApplicationPermissionException
is thrown.
If the rename operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the renamed User.
application
- application with assigned directories to operate on.oldUserName
- current username of the user to rename.newUsername
- new username of the renamed user.UserNotFoundException
- user does not exist in any of the associated active directories of the application.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the User's directory is not allowed to perform operations of type OperationType.UPDATE_USER
.InvalidUserException
- if the new username does not meet the username requirements for an associated directory.void updateUserCredential(Application application, String username, PasswordCredential credential) throws OperationFailedException, UserNotFoundException, InvalidCredentialException, ApplicationPermissionException
Thus, the method only operates on the same user returned from a call to findUserByName.
application
- update in application's assigned directories.username
- name of user.credential
- new (unencrypted) credentials.OperationFailedException
- underlying directory implementation failed to execute the operation.InvalidCredentialException
- if the user's credential does not meet the validation requirements for an associated directory.ApplicationPermissionException
- if the first directory in which the user is found doesn't have the permission to perform operations of type OperationType.UPDATE_USER
.UserNotFoundException
- if no user with the given name exists in ANY assigned directory.UnsupportedOperationException
- if the underlying directory does not support user renaming.void storeUserAttributes(Application application, String username, Map<String,Set<String>> attributes) throws OperationFailedException, ApplicationPermissionException, UserNotFoundException
The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing attribute on the user.
This method does not update primary field attributes like firstName, lastName, etc.
If the user does not exist in ANY of the application's assigned
directories, then a UserNotFoundException
will be thrown.
If the directory does not have UPDATE_USER permission, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
application
- application with assigned directories to operate on.username
- username of the user to update.attributes
- map of one-to-many attribute-values. All attribute keys are treated as new or updated attributes.UserNotFoundException
- if the user with the supplied username does not exist in ANY assigned directory.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the User's directory does not have permission to perform operations of type OperationType.UPDATE_USER_ATTRIBUTE
.void removeUserAttributes(Application application, String username, String attributeName) throws OperationFailedException, ApplicationPermissionException, UserNotFoundException
If the user does not exist in ANY of the application's assigned
directories, then a UserNotFoundException
will be thrown.
If the directory does not have UPDATE_USER permission, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
application
- application with assigned directories to operate on.username
- username of the user to update.attributeName
- all attribute values for this key will be removed from the user.UserNotFoundException
- if the user with the supplied username does not exist in ANY assigned directory.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the User's directory does not have permission to perform operations of type OperationType.UPDATE_USER_ATTRIBUTE
.void removeUser(Application application, String user) throws OperationFailedException, UserNotFoundException, ApplicationPermissionException
If the user does not exist in ANY of the application's assigned directories, then a UserNotFoundException
will be thrown.
If the remove operation fails because of permission restrictions, an ApplicationPermissionException is thrown.
application
- remove from application's assigned directories.user
- the name of the user to remove.OperationFailedException
- underlying directory implementation failed to execute the operation.UserNotFoundException
- if user with given name does not exist in ANY assigned directory.ApplicationPermissionException
- if the User's directory does not have permission to perform operations of type OperationType.DELETE_USER
.<T> List<T> searchUsers(Application application, EntityQuery<T> query)
The users will be returned in a stable order including across pagination boundaries (excluding modification).
application
- search application's assigned directories.query
- the search query.Group findGroupByName(Application application, String name) throws GroupNotFoundException
The directories are searched in the order they are assigned to the application.
application
- search application's assigned directories.name
- the groupname of the group to find.GroupNotFoundException
- group not found in any of the directories.GroupWithAttributes findGroupWithAttributesByName(Application application, String name) throws GroupNotFoundException
The directories are searched in the order they are assigned to the application.
application
- search application's assigned directories.name
- the groupname of the group to find.GroupNotFoundException
- group not found in any of the directories.Group addGroup(Application application, GroupTemplate group) throws InvalidGroupException, OperationFailedException, ApplicationPermissionException
If the group exists in ANY of the application's active assigned
directories, then an InvalidGroupException
will be thrown.
If the add operation fails on a directory because of
permissioning restrictions, an INFO message is logged.
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the add operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the group from the first directory containing the group.
application
- add to application's assigned directories.group
- a template of the group to be added. The directoryId of the GroupTemplate is ignored, and will be mutated for each directoryMapping.findGroupByName(com.atlassian.crowd.model.application.Application, String)
.InvalidGroupException
- if the group already exists in ANY associated directory or the group template does not have the required properties populated.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.CREATE_GROUP
.Group updateGroup(Application application, GroupTemplate group) throws InvalidGroupException, OperationFailedException, ApplicationPermissionException, GroupNotFoundException
If the group does not exist in ANY of the application's assigned
directories, then a GroupNotFoundException
will be thrown.
If the update operation fails on a directory because of
permissioning restrictions, an INFO message is logged.
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the group from the first directory containing the group.
application
- application with assigned directories to operate on.group
- a template of the group to be added. The directoryId of the GroupTemplate is ignored, and will be mutated for each directoryMapping.findGroupByName(com.atlassian.crowd.model.application.Application, String)
.InvalidGroupException
- if the group already exists in ANY associated directory or the group template does not have the required properties populated.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP
.GroupNotFoundException
- group does not exist in any of the associated directories of the application.void storeGroupAttributes(Application application, String groupname, Map<String,Set<String>> attributes) throws OperationFailedException, ApplicationPermissionException, GroupNotFoundException
The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing attribute on the group.
This method does not update primary field attributes like firstName, lastName, etc.
If the group does not exist in ANY of the application's assigned
directories, then a GroupNotFoundException
will be thrown.
If the update operation fails on a directory because of
permissioning restrictions, an INFO message is logged.
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
application
- application with assigned directories to operate on.groupname
- groupname of the group to update.attributes
- map of one-to-many attribute-values. All attribute keys are treated as new or updated attributes.GroupNotFoundException
- if the group with the supplied groupname does not exist in ANY assigned directory.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP_ATTRIBUTE
.void removeGroupAttributes(Application application, String groupname, String attributeName) throws OperationFailedException, ApplicationPermissionException, GroupNotFoundException
If the group does not exist in ANY of the application's assigned
directories, then a GroupNotFoundException
will be thrown.
If the update operation fails on a directory because of
permissioning restrictions, an INFO message is logged.
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
application
- application with assigned directories to operate on.groupname
- groupname of the group to update.attributeName
- all attribute values for this key will be removed from the group.GroupNotFoundException
- if the group with the supplied groupname does not exist in ANY assigned directory.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP_ATTRIBUTE
.void removeGroup(Application application, String group) throws OperationFailedException, GroupNotFoundException, ApplicationPermissionException
If the group doesn't exist in ANY of the application's assigned directories that are active, then a GroupNotFoundException will be thrown.
If the remove operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, a ApplicationPermissionException is thrown.
If the remove operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
application
- remove from application's assigned directories.group
- the name of the group to remove.OperationFailedException
- underlying directory implementation failed to execute the operation.GroupNotFoundException
- if group with given name does not exist in ANY assigned directory.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.DELETE_GROUP
.<T> List<T> searchGroups(Application application, EntityQuery<T> query)
The groups will be returned in a stable order including across pagination boundaries (excluding modification).
application
- search application's assigned directories.query
- the search query.void addUserToGroup(Application application, String username, String groupName) throws OperationFailedException, UserNotFoundException, GroupNotFoundException, ApplicationPermissionException, MembershipAlreadyExistsException
A user exists in one individual directory, however a group is thought to "span" all directories (users from different directories can belong to the same group). With this in mind, if the group does not exist in the User's directory (but does already exist), then this method will attempt to automatically add the group to that directory for you.
application
- modify groups in application's assigned directories.username
- username of the user.groupName
- name of the group.UserNotFoundException
- when the user cannot be found in ANY directoryGroupNotFoundException
- when the group cannot be found in ANY directoryMembershipAlreadyExistsException
- if the user is already a member of the groupOperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the application's directory where the primary user resides does not allow operations of type OperationType.UPDATE_GROUP
or the group is readonly.void addGroupToGroup(Application application, String childGroupName, String parentGroupName) throws OperationFailedException, GroupNotFoundException, ApplicationPermissionException, InvalidMembershipException, MembershipAlreadyExistsException
application
- modify groups in the application's assigned directories.childGroupName
- name of child group.parentGroupName
- name of parent group.GroupNotFoundException
- when the parent or child group do not existOperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if we were unable to create the membership in any directory. This is based on Edit permissions, Create permissions, and whether Nested Groups is supported by the individual directories.MembershipAlreadyExistsException
- if the child group is already a child of the parent groupInvalidMembershipException
- The child and parent are of different group types or would cause a circular reference.void removeUserFromGroup(Application application, String username, String groupName) throws OperationFailedException, GroupNotFoundException, UserNotFoundException, ApplicationPermissionException, MembershipNotFoundException
application
- modify groups in application's assigned directories.username
- username of the user.groupName
- name of the group.UserNotFoundException
- when the user cannot be found in ANY directoryGroupNotFoundException
- when the group does not exist in the directory where the primary user resides.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the application's directory where the primary user resides does not allow operations of type OperationType.UPDATE_GROUP
.MembershipNotFoundException
- if the user is not a direct member of the group in an assigned directory.void removeGroupFromGroup(Application application, String childGroup, String parentGroup) throws OperationFailedException, GroupNotFoundException, ApplicationPermissionException, MembershipNotFoundException
application
- modify groups in application's assigned directories.childGroup
- name of child group.parentGroup
- name of parent group.GroupNotFoundException
- when the child group cannot be found in ANY directory OR when ALL child groups are in directories which don't have the requested parent group.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP
.MembershipNotFoundException
- if the user is not a direct member of the group in an assigned directory.boolean isUserDirectGroupMember(Application application, String username, String groupName)
true
if the user is a direct member of the group in the directory of the first user found with the specified username.application
- search groups in application's assigned directories.username
- name of the user to inspect.groupName
- name of the group to inspect.true
if and only if the user is a direct member of the group. If the group or user does not exist in any directory, false
is returned.boolean isGroupDirectGroupMember(Application application, String childGroup, String parentGroup)
true
if the childGroup is a direct member of the parentGroup in any of the application's assigned directories.application
- search groups in application's assigned directories.childGroup
- name of the group to inspect.parentGroup
- name of the group to inspect.true
if and only if the childGroup is a direct member of the parentGroup. If either group does not exist in any directory, false
is returned.boolean isUserNestedGroupMember(Application application, String username, String groupName)
true
if the user is a direct or indirect (nested) member of the group in the directory of the first user found with the specified username.
If the directory does not support nested groups, this call will be equivalent to DirectoryManager.isUserDirectGroupMember(long, String, String)
.
WARNING: this method could be very slow if the underlying RemoteDirectory does not employ caching.
See CWD-1485 for explanation of logic in amalgamation.
Nesting is not resolved across directories.
application
- search groups in application's assigned directories.username
- name of the user to inspect.groupName
- name of the group to inspect.true
if and only if the user is a direct or indirect (nested) member of the group. If the group or user does not exist in the directory, false
is returned.boolean isGroupNestedGroupMember(Application application, String childGroup, String parentGroup)
true
if the childGroup is a direct or indirect (nested) member of the parentGroup in any of the application's active assigned directories.
If the directory does not support nested groups, this call will be equivalent to DirectoryManager.isGroupDirectGroupMember(long, String, String)
.
WARNING: this method could be very slow if the underlying RemoteDirectory does not employ caching.
See CWD-1485 for explanation of logic in amalgamation.
Nesting is not resolved across directories.
application
- search groups in application's assigned directories.childGroup
- name of the user to inspect.parentGroup
- name of the group to inspect.true
if and only if the childGroup is a direct or indirect (nested) member of the parentGroup. If either group does not exist in the directory, false
is returned.<T> List<T> searchDirectGroupRelationships(Application application, MembershipQuery<T> query)
membership aggregation semantic
will determine whether only the owning directory (when false
) or all directories (when true
) will be searched.<T> List<T> searchNestedGroupRelationships(Application application, MembershipQuery<T> query)
If the directory does not support nested groups, this call will be equivalent to DirectoryManager.searchDirectGroupRelationships(long, com.atlassian.crowd.search.query.membership.MembershipQuery)
.
WARNING: this method could be very slow if the underlying RemoteDirectory does not employ caching.
When searching for the groups a user is a member of only the directory of the user (as determined by findUserByName) is searched. When searching for memberships of a group or groups a group is a member of all directories are searched and the results amalgamated.
String getCurrentEventToken(Application application) throws IncrementalSynchronisationNotAvailableException
If the event token has not changed since the last call to this method, it is guaranteed that no new events have been received.
The format of event token is implementation specific and can change without a warning.
application
- current applicationIncrementalSynchronisationNotAvailableException
- if the application cannot provide incremental synchronisationEvents getNewEvents(Application application, String eventToken) throws EventTokenExpiredException, OperationFailedException
eventToken
was generated.
If for any reason event store is unable to retrieve events that happened
after the event token was generated, an
EventTokenExpiredException
will be thrown. The caller is then
expected to call getCurrentEventToken(Application)
again before asking for
new events.
application
- return events visible to applicationeventToken
- event token that was retrieved by a call to getCurrentEventToken(com.atlassian.crowd.model.application.Application)
or this methodeventToken
was generatedEventTokenExpiredException
- if events that happened after the event token was generated can not be retrievedOperationFailedException
- if the operation has failed for any other reason, including invalid argumentsWebhook findWebhookById(Application application, long webhookId) throws WebhookNotFoundException, ApplicationPermissionException
application
- the application that owns the Webhook. Only the application that registered
the Webhook is allowed to retrieve itwebhookId
- Id of a Webhook, as returned by registerWebhook(com.atlassian.crowd.model.application.Application, String, String)
WebhookNotFoundException
- if a Webhook with the given Id does not existApplicationPermissionException
- if the Webhook exists, but was registered by a different applicationWebhook registerWebhook(Application application, String endpointUrl, @Nullable String token) throws InvalidWebhookEndpointException
application
- the application that owns the Webhook. Only this application will
be able to unregister it later.endpointUrl
- the application-provided HTTP endpoint that will be POST'ed by Crowd
when new events are ready to be collected.token
- the token Crowd will use to ping the Webhook endpoint (optional).InvalidWebhookEndpointException
- when endpointUrl
is not a valid urlvoid unregisterWebhook(Application application, long webhookId) throws ApplicationPermissionException, WebhookNotFoundException
application
- the application that owns the Webhook.webhookId
- the identifier of the Webhook that will be unregistered.ApplicationPermissionException
- if the application is not the same that
registered the Webhook.WebhookNotFoundException
- if the Webhook is not found on the serverUserCapabilities getCapabilitiesForNewUsers(Application application)
new users
.
Those capabilities reflects a specific moment in time and are subject to change if any user directory is added, removed or re-ordered.
application
- the application the directories are assigned toaddUser(Application, UserTemplate, PasswordCredential)
@Nullable URI getUserAvatarLink(Application application, String username, int sizeHint) throws UserNotFoundException, DirectoryNotFoundException, OperationFailedException
username
- the user to fetch an avatar for, as returned from a find
methodsizeHint
- a hint in pixels for how large the image should beUserNotFoundException
DirectoryNotFoundException
OperationFailedException
@Nullable AvatarReference getUserAvatar(Application application, String username, int sizeHint) throws UserNotFoundException, DirectoryNotFoundException, OperationFailedException
username
- the user to fetch an avatar for, as returned from a find
methodsizeHint
- a hint in pixels for how large the image should beUserNotFoundException
DirectoryNotFoundException
OperationFailedException
void expireAllPasswords(Application application) throws OperationFailedException
application
- the application for which to expire all passwords in all
mapped directories.OperationFailedException
- if any of the directories fail to expire all passwords. This
can lead to only some of the users having expired passwords.@ExperimentalApi User userAuthenticated(Application application, String username) throws UserNotFoundException, OperationFailedException, InactiveAccountException
@ExperimentalApi ApplicationService.MembershipsIterable getMemberships(Application application)
application
- the application for which memberships will be returned@ExperimentalApi <T> PagedSearcher<T> createPagedUserSearcher(Application application, EntityQuery<T> query) throws PagingNotSupportedException
PagingNotSupportedException
@ExperimentalApi <T> PagedSearcher<T> createPagedGroupSearcher(Application application, EntityQuery<T> query) throws PagingNotSupportedException
PagingNotSupportedException
Copyright © 2024 Atlassian. All rights reserved.