001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * docs/licenses/cddl.txt 011 * or http://www.opensource.org/licenses/cddl1.php. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * docs/licenses/cddl.txt. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2017-2021 Ping Identity Corporation 026 */ 027package com.unboundid.directory.sdk.common.types; 028 029 030 031import com.unboundid.ldap.sdk.DN; 032import com.unboundid.ldap.sdk.Filter; 033import com.unboundid.ldap.sdk.LDAPException; 034import com.unboundid.ldap.sdk.SearchScope; 035import com.unboundid.util.NotExtensible; 036import com.unboundid.util.ThreadSafety; 037import com.unboundid.util.ThreadSafetyLevel; 038 039 040 041/** 042 * This interface defines a set of methods that may be used to interact with a 043 * group. 044 */ 045@NotExtensible() 046@ThreadSafety(level=ThreadSafetyLevel.INTERFACE_NOT_THREADSAFE) 047public interface Group 048{ 049 /** 050 * Retrieves the DN of the entry that defines this group. 051 * 052 * @return The DN of the entry that defines this group. 053 */ 054 DN getDN(); 055 056 057 058 /** 059 * Indicates whether the specified user is a member of this group. 060 * 061 * @param userDN The DN for the user for whom to make the 062 * determination. It must not be {@code null}. 063 * @param directMembershipOnly Indicates whether to only consider the user a 064 * member of the group if that user is directly 065 * named as a member of the group. If this 066 * parameter is {@code true}, then the method 067 * will return {@code true} only if the user is 068 * directly listed as a member of the group, and 069 * will not included dynamic or nested 070 * membership. If this parameter is 071 * {@code false}, then the method will return 072 * {@code true} if the user is a direct member 073 * of the group, is a member of a dynamic group 074 * in which the user matches the membership 075 * criteria, or if the user is a member of a 076 * nested group. 077 * 078 * @return {@code true} if the specified user is a member of this group, or 079 * {@code false} if not. 080 * 081 * @throws LDAPException If a problem is encountered while attempting to 082 * make the determination. 083 */ 084 boolean isMember(final String userDN, final boolean directMembershipOnly) 085 throws LDAPException; 086 087 088 089 /** 090 * Indicates whether the specified user is a member of this group. 091 * 092 * @param userEntry The entry for the user for whom to make the 093 * determination. It must not be {@code null}. 094 * @param directMembershipOnly Indicates whether to only consider the user a 095 * member of the group if that user is directly 096 * named as a member of the group. If this 097 * parameter is {@code true}, then the method 098 * will return {@code true} only if the user is 099 * directly listed as a member of the group, and 100 * will not included dynamic or nested 101 * membership. If this parameter is 102 * {@code false}, then the method will return 103 * {@code true} if the user is a direct member 104 * of the group, is a member of a dynamic group 105 * in which the user matches the membership 106 * criteria, or if the user is a member of a 107 * nested group. 108 * 109 * @return {@code true} if the specified user is a member of this group, or 110 * {@code false} if not. 111 * 112 * @throws LDAPException If a problem is encountered while attempting to 113 * make the determination. 114 */ 115 boolean isMember(final Entry userEntry, final boolean directMembershipOnly) 116 throws LDAPException; 117 118 119 120 /** 121 * Indicates whether the 122 * {@link #getMemberIterator(String,SearchScope,Filter,boolean)} method can be 123 * used to efficiently obtain information about all members of this group. 124 * 125 * @return {@code true} if the {@code getMembers} method should be able to 126 * efficiently retrieve a list of all members of this group, or 127 * {@code false} if the call to {@code getMembers} may be 128 * inefficient. 129 */ 130 boolean canRetrieveMemberListEfficiently(); 131 132 133 134 /** 135 * Retrieves an object that may be used to iterate through the members of this 136 * group. It may be used to iterate through all members, or only members that 137 * match a specified set of criteria. 138 * 139 * @param baseDN A base DN that may be used to restrict the 140 * set of members that are made available 141 * through the iterator. If this is 142 * non-{@code null}, then the iterator will only 143 * iterate across entries at or below this base 144 * DN that are also within the specified scope. 145 * @param scope A search scope that may be used to restrict 146 * the set of members that are made available 147 * through the iterator. If the base DN is 148 * non-{@code null}, then the scope must also be 149 * non-{@code null}, and the iterator will only 150 * iterate across entries at or below the base 151 * DN and within this scope. 152 * @param filter A filter that may be used to restrict the 153 * set of members that are made available 154 * through the iterator. If this is 155 * non-{@code null}, then the iterator will only 156 * iterate across members that match this 157 * filter. 158 * @param includeNestedMembers Indicates whether to include members that are 159 * not direct members of this group, but that 160 * are nested members because they are members 161 * of a group that is directly or indirectly a 162 * member of this group. 163 * 164 * @return A {@code GroupMemberIterator} object that may be used to iterate 165 * across the members of this group. 166 * 167 * @throws LDAPException If a problem is encountered while creating the 168 * requested group member iterator. 169 */ 170 GroupMemberIterator getMemberIterator(final String baseDN, 171 final SearchScope scope, 172 final Filter filter, 173 final boolean includeNestedMembers) 174 throws LDAPException; 175}