The User Manager API includes two sets of procedures. Via these procedure sets, the Content Management Server accesses the respective user manager for the editorial system and for the live system to do the following, for example:
The names of the procedures for accessing the user manager for the live
system contain the character string secondary
The procedure sets for the internal user manager and some commonly known
user managers such as LDAP and ADS are supplied with Fiona and can be found in
the instanceinstName/script/cm/serverCmds/userman/handler
directory as Tcl files. The corresponding configuration files (in which the
Tcl files are referenced) can be found in the
instanceinstName/config
directory.
In order to make use of an existing procedure set,
Please also refer to the detailed description of the structure of the configuration files.
In order to create and use a new procedure set, you can copy an existing Tcl interface file including its configuration file, redefine the procedures, and adapt and integrate the configuration file.
The function tests whether a user with the login name
login
has the password
password
. The Content Manager passes the unencrypted
password to the function. If the user possesses this password, the function
returns 1; if not, it returns 0. In case of an error, the return value is
the error message.
This procedure returns the list of the names of user groups which
fulfill the search criteria (whereParams
). Search
criteria are given as name-value-pairs. The only search criterion available
is groupText
.
The procedure tests whether a user group exists with the name
name
and returns 1 if this is the case and 0 when the
group does not exist.
The procedure reads the value of the key
attribute
allocated to the group name
and returns it. An
external user manager must at least ensure that valid values are returned
if name
or realName
is specified as
key
. In the editorial system additionally
displayTitle
needs to return the group title to be displayed.
In case of an error, the error message is returned. The Tcl routine should
always forward error messages of the external user manager.
The procedure tests whether the user group with the name
name
has the global permission
permission
and returns 1 if this is the case. If the group
does not have the permission, the procedure returns 0; in case of error,
the return value is the error message.
This procedure has no parameters. It returns the list of group names. In case of error, it returns the error message.
listUsersThis procedure has no parameters. It returns the list of user names. In case of an error it returns the error message.
typeForGroupGetKey keyThis procedure returns the type of a group
parameter
(list
or string
).
This procedure returns the type of a user
parameter
(list
or string
).
This procedure returns the list of user logins for which the search
criteria (whereParams
) are fulfilled. Search criteria
are given as name-value-pairs. In the integrated user manager, the only
search criterion available is userText
.
The procedure tests whether a user with the login
login
exists and returns 1 if this is the case and 0
when the user does not exist.
The procedure reads the value of the key
attribute
allocated to the user login
and returns it. An
external user manager must ensure that valid values are then supplied when
login
, realName
, email
,
groups
, displayTitle
, or
defaultGroup
is specified as key
. In case of an
error, the error message is returned. The Tcl routine should always forward
error messages of the external user manager.
The procedure tests whether the user with the login
login
has the global permission
permission
and returns 1 if this is the case. If the
user does not have the permission, the procedure returns 0; in case of
error, the return value is the error message.
The integrated user manager determines whether a user has a permission by testing whether the permission was given directly to the user or whether the user is a member of a group with this permission.
The user manager’s only task is to allocate the names of global permissions to users and user groups. The administration of permissions is left to the applications which access it.
userWithLoginIsOwnerOf login ownedLoginThe procedure checks whether the user with the
login
login is the administrator (owner) of the user
with the ownedLogin
login. If this is the case, the
procedure returns 1, otherwise it returns 0. In case of an error, the error
message is returned.
This query tests whether the login
user
is permitted to modify the
preferences
of the ownedLogin
user. A simple implementation of
this function merely returns the result of userWithLoginIsSuperUser
login
.
The Content Manager passes the login login
to this
procedure. The procedure tests whether the user with the login is a
superuser and returns 1 if this is the case, and 0 when the user is not a
superuser. In case of error, the procedure returns the error message.