(no commit message)

[openafs-wiki.git] / TWiki / TWikiUserMappingDotPm.mdwn

# <a name="Package &lt;code&gt;TWiki::_UserMapping="></a> Package =TWiki::UserMapping

This is a virtual base class (a.k.a an interface) for all user mappers. It is **not** useable as a mapping in TWiki - use the [[BaseUserMapping]] for default behaviour.

User mapping is the process by which TWiki maps from a username (a login name) to a display name and back. It is also where groups are maintained.

See TWiki::Users::BaseUserMapping and TWiki::Users::TWikiUserMapping for the default implementations of this interface.

If you want to write a user mapper, you will need to implement the methods described in this class.

User mappings work by mapping both login names and display names to a _canonical user id_. This user id is composed from a prefix that defines the mapper in use (something like 'BaseUserMapping\_' or 'LdapUserMapping\_') and a unique user id that the mapper uses to identify the user.

The null prefix is reserver for the [[TWikiUserMapping]] for compatibility with old TWiki releases.

**_Note:_** in all the following documentation, `$cUID` refers to a **canonical user id**.

<div>
  <ul>
    <li><a href="#Package =TWiki::_UserMapping="> Package TWiki::UserMapping</a><ul>
        <li><a href="#PROTECTED _ClassMethod new ($ses"> PROTECTED ClassMethod new ($session, $mapping_id)</a></li>
        <li><a href="#ObjectMethod <strong>finish</strong> ()"> ObjectMethod finish <tt>()</tt></a></li>
        <li><a href="#ObjectMethod *login_TemplateName"> ObjectMethod loginTemplateName <tt>() -&gt; $templateFile</tt></a></li>
        <li><a href="#ObjectMethod *supportsRegistrati"> ObjectMethod supportsRegistration <tt>() -&gt; $boolean</tt></a></li>
        <li><a href="#ObjectMethod <strong>handlesUser</strong> ($cUI"> ObjectMethod handlesUser <tt>($cUID,$login,$wikiname) -&gt; $boolean</tt></a></li>
        <li><a href="#ObjectMethod <strong>login2cUID</strong> ($logi"> ObjectMethod login2cUID <tt>($login,$dontcheck) -&gt; cUID</tt></a></li>
        <li><a href="#ObjectMethod <strong>get_LoginName</strong> ($c"> ObjectMethod getLoginName <tt>($cUID) -&gt; login</tt></a></li>
        <li><a href="#ObjectMethod <strong>addUser</strong> ($login,$"> ObjectMethod addUser <tt>($login,$wikiname,$password,$emails) -&gt; $cUID</tt></a></li>
        <li><a href="#ObjectMethod <strong>removeUser</strong> ($cUID"> ObjectMethod removeUser <tt>($cUID) -&gt; $boolean</tt></a></li>
        <li><a href="#ObjectMethod <strong>get_WikiName</strong> ($cU"> ObjectMethod getWikiName <tt>($cUID) -&gt; $wikiname</tt></a></li>
        <li><a href="#ObjectMethod <strong>userExists</strong> ($cUID"> ObjectMethod userExists <tt>($cUID) -&gt; $boolean</tt></a></li>
        <li><a href="#ObjectMethod <strong>eachUser</strong> () -> TW"> ObjectMethod eachUser <tt>() -&gt; TWiki::ListIteratorofcUIDs</tt></a></li>
        <li><a href="#ObjectMethod *each_GroupMember*"> ObjectMethod eachGroupMember <tt>($group) -&gt; TWiki::ListIteratorofcUIDs</tt></a></li>
        <li><a href="#ObjectMethod <strong>isGroup</strong> ($name) -"> ObjectMethod isGroup <tt>($name) -&gt; boolean</tt></a></li>
        <li><a href="#ObjectMethod <strong>eachGroup</strong> () -> T"> ObjectMethod eachGroup <tt>() -&gt; TWiki::ListIteratorofgroupnames</tt></a></li>
        <li><a href="#ObjectMethod <strong>eachMembership</strong> ($"> ObjectMethod eachMembership <tt>($cUID) -&gt; TWiki::ListIteratorofgroupsthisuserisin</tt></a></li>
        <li><a href="#ObjectMethod <strong>isAdmin</strong> ($cUID) -"> ObjectMethod isAdmin <tt>($cUID) -&gt; $boolean</tt></a></li>
        <li><a href="#ObjectMethod <strong>is_InGroup</strong> ($cUID"> ObjectMethod isInGroup <tt>($cUID,$group) -&gt; $bool</tt></a></li>
        <li><a href="#ObjectMethod *find_UserByEmail*"> ObjectMethod findUserByEmail <tt>($email) -&gt; \@users</tt></a></li>
        <li><a href="#ObjectMethod <strong>getEmails</strong> ($name)"> ObjectMethod getEmails <tt>($name) -&gt; @emailAddress</tt></a></li>
        <li><a href="#ObjectMethod <strong>setEmails</strong> ($cUID,"> ObjectMethod setEmails <tt>($cUID,@emails)</tt></a></li>
        <li><a href="#ObjectMethod *find_UserByWikiNam"> ObjectMethod findUserByWikiName <tt>($wikiname) -&gt; listofcUIDsassociatedwiththatwikiname</tt></a></li>
        <li><a href="#ObjectMethod <strong>checkPassword</strong> ($l"> ObjectMethod checkPassword <tt>($login,$passwordU) -&gt; $boolean</tt></a></li>
        <li><a href="#ObjectMethod <strong>setPassword</strong> ($cUI"> ObjectMethod setPassword <tt>($cUID,$newPassU,$oldPassU) -&gt; $boolean</tt></a></li>
        <li><a href="#ObjectMethod <strong>passwordError</strong> ()"> ObjectMethod passwordError <tt>() -&gt; $string</tt></a></li>
      </ul>
    </li>
  </ul>
</div>

## <a name="PROTECTED _ClassMethod new ($ses"></a> PROTECTED [[ClassMethod]] new ($session, $mapping\_id)

Construct a user mapping object, using the given mapping id.

## <a name="ObjectMethod &lt;strong&gt;finish&lt;/strong&gt; ()"></a> [[ObjectMethod]] **finish** `()`

Break circular references.

## <a name="ObjectMethod &lt;strong&gt;login_TemplateName"></a> [[ObjectMethod]] \*loginTemplateName `() -> $templateFile`

Allows [[UserMappings]] to come with customised login screens - that should preferably only over-ride the UI function

Default is "login"

## <a name="ObjectMethod &lt;strong&gt;supportsRegistrati"></a> [[ObjectMethod]] \*supportsRegistration `() -> $boolean`

Return true if the [[UserMapper]] supports registration (ie can create new users)

Default is **false**

## <a name="ObjectMethod &lt;strong&gt;handlesUser&lt;/strong&gt; ($cUI"></a> [[ObjectMethod]] **handlesUser** `($cUID,$login,$wikiname) -> $boolean`

Called by the TWiki::Users object to determine which loaded mapping to use for a given user (must be fast).

The user can be identified by any of $cUID, $login or $wikiname. Any of these parameters may be undef, and they should be tested in order; cUID first, then login, then wikiname.

## <a name="ObjectMethod &lt;strong&gt;login2cUID&lt;/strong&gt; ($logi"></a> [[ObjectMethod]] **login2cUID** `($login,$dontcheck) -> cUID`

Convert a login name to the corresponding canonical user name. The canonical name can be any string of 7-bit alphanumeric and underscore characters, and must map 1:1 to the login name. (undef on failure)

(if $dontcheck is true, return a cUID for a nonexistant user too. This is used for registration)

Subclasses **must** implement this method.

Note: This method was previously (in TWiki 4.2.0) known as getCanonicalUserID. The name was changed to avoid confusion with TWiki::Users::getCanonicalUserID, which has a more generic function. However to support older user mappers, getCanonicalUserID will still be called if login2cUID is not defined.

## <a name="ObjectMethod &lt;strong&gt;get_LoginName&lt;/strong&gt; ($c"></a> [[ObjectMethod]] **getLoginName** `($cUID) -> login`

Converts an internal cUID to that user's login (undef on failure)

Subclasses **must** implement this method.

## <a name="ObjectMethod &lt;strong&gt;addUser&lt;/strong&gt; ($login,$"></a> [[ObjectMethod]] **addUser** `($login,$wikiname,$password,$emails) -> $cUID`

Add a user to the persistant mapping that maps from usernames to wikinames and vice-versa.

$login and $wikiname must be acceptable to $TWiki::cfg\{NameFilter\}. $login must **always** be specified. $wikiname may be undef, in which case the user mapper should make one up.

This function must return a canonical user id that it uses to uniquely identify the user. This can be the login name, or the wikiname if they are all guaranteed unigue, or some other string consisting only of 7-bit alphanumerics and underscores.

If you fail to create a new user (for eg your Mapper has read only access),

        throw Error::Simple('Failed to add user: '.$error);

where $error is a descriptive string.

Throws an Error::Simple if user adding is not supported (the default).

## <a name="ObjectMethod &lt;strong&gt;removeUser&lt;/strong&gt; ($cUID"></a> [[ObjectMethod]] **removeUser** `($cUID) -> $boolean`

Delete the users entry from this mapper. Throws an Error::Simple if user removal is not supported (the default).

## <a name="ObjectMethod &lt;strong&gt;get_WikiName&lt;/strong&gt; ($cU"></a> [[ObjectMethod]] **getWikiName** `($cUID) -> $wikiname`

Map a canonical user name to a wikiname.

Returns the $cUID by default.

## <a name="ObjectMethod &lt;strong&gt;userExists&lt;/strong&gt; ($cUID"></a> [[ObjectMethod]] **userExists** `($cUID) -> $boolean`

Determine if the user already exists or not. Whether a user exists or not is determined by the password manager.

Subclasses **must** implement this method.

## <a name="ObjectMethod &lt;strong&gt;eachUser&lt;/strong&gt; () - TWi"></a> [[ObjectMethod]] **eachUser** `() -> TWiki::ListIteratorofcUIDs`

Get an iterator over the list of all the registered users **not** including groups.

Subclasses **must** implement this method.

## <a name="ObjectMethod &lt;strong&gt;each_GroupMember*"></a><a name="ObjectMethod *each_GroupMember&lt;/strong&gt; "></a> [[ObjectMethod]] **eachGroupMember** `($group) -> TWiki::ListIteratorofcUIDs`

Return a iterator over the canonical user ids of users that are members of this group. Should only be called on groups.

Note that groups may be defined recursively, so a group may contain other groups. This method should **only** return users i.e. all contained groups should be fully expanded.

Subclasses **must** implement this method.

## <a name="ObjectMethod &lt;strong&gt;isGroup&lt;/strong&gt; ($name) -"></a> [[ObjectMethod]] **isGroup** `($name) -> boolean`

Establish if a user refers to a group or not. If $name is not a group name it will probably be a canonical user id, though that should not be assumed.

Subclasses **must** implement this method.

## <a name="ObjectMethod &lt;strong&gt;eachGroup&lt;/strong&gt; () - TW"></a> [[ObjectMethod]] **eachGroup** `() -> TWiki::ListIteratorofgroupnames`

Get an iterator over the list of all the groups.

Subclasses **must** implement this method.

## <a name="ObjectMethod &lt;strong&gt;eachMembership&lt;/strong&gt; ($"></a> [[ObjectMethod]] **eachMembership** `($cUID) -> TWiki::ListIteratorofgroupsthisuserisin`

Return an iterator over the names of groups that $cUID is a member of.

Subclasses **must** implement this method.

## <a name="ObjectMethod &lt;strong&gt;isAdmin&lt;/strong&gt; ($cUID) -"></a> [[ObjectMethod]] **isAdmin** `($cUID) -> $boolean`

True if the user is an administrator.

## <a name="ObjectMethod &lt;strong&gt;is_InGroup&lt;/strong&gt; ($cUID"></a> [[ObjectMethod]] **isInGroup** `($cUID,$group) -> $bool`

Test if the user identified by $cUID is in the given group. The default implementation iterates over all the members of $group, which is rather inefficient.

## <a name="ObjectMethod &lt;strong&gt;find_UserByEmail*"></a><a name="ObjectMethod *find_UserByEmail&lt;/strong&gt; "></a> [[ObjectMethod]] **findUserByEmail** `($email) -> \@users`

- `$email` - email address to look up

Return a list of canonical user names for the users that have this email registered with the password manager or the user mapping manager.

## <a name="ObjectMethod &lt;strong&gt;getEmails&lt;/strong&gt; ($name)"></a> [[ObjectMethod]] **getEmails** `($name) -> @emailAddress`

If $name is a cUID, return that user's email addresses. If it is a group, return the addresses of everyone in the group.

Duplicates should be removed from the list.

## <a name="ObjectMethod &lt;strong&gt;setEmails&lt;/strong&gt; ($cUID,"></a> [[ObjectMethod]] **setEmails** `($cUID,@emails)`

Set the email address(es) for the given user.

## <a name="ObjectMethod &lt;strong&gt;find_UserByWikiNam"></a> [[ObjectMethod]] \*findUserByWikiName `($wikiname) -> listofcUIDsassociatedwiththatwikiname`

- `$wikiname` - wikiname to look up

Return a list of canonical user names for the users that have this wikiname. Since a single wikiname might be used by multiple login ids, we need a list.

Note that if $wikiname is the name of a group, the group will **not** be expanded.

Subclasses **must** implement this method.

## <a name="ObjectMethod &lt;strong&gt;checkPassword&lt;/strong&gt; ($l"></a> [[ObjectMethod]] **checkPassword** `($login,$passwordU) -> $boolean`

Finds if the password is valid for the given login. This is called using a login name rather than a cUID because the user may not have been mapped at the time it is called.

Returns 1 on success, undef on failure.

Default behaviour is to return 1.

## <a name="ObjectMethod &lt;strong&gt;setPassword&lt;/strong&gt; ($cUI"></a> [[ObjectMethod]] **setPassword** `($cUID,$newPassU,$oldPassU) -> $boolean`

If the $oldPassU matches matches the user's password, then it will replace it with $newPassU.

If $oldPassU is not correct and not 1, will return 0.

If $oldPassU is 1, will force the change irrespective of the existing password, adding the user if necessary.

Otherwise returns 1 on success, undef on failure.

Default behaviour is to fail.

## <a name="ObjectMethod &lt;strong&gt;passwordError&lt;/strong&gt; ()"></a><a name="ObjectMethod &lt;strong&gt;passwordError&lt;/strong&gt; () "></a> [[ObjectMethod]] **passwordError** `() -> $string`

Returns a string indicating the error that happened in the password handlers TODO: these delayed errors should be replaced with Exceptions.

returns undef if no error (the default)