Unified API Developer Manual / Version 2307
Table Of ContentsThe user repository manages User objects and Group objects. A Group can contain an arbitrary number of Member objects, which may be users or groups. The Unified API distinguishes between membership and direct membership. Only the latter is directly stored, the former is computed dynamically. A Member object is a member of a certain group, if there is a chain of direct member associations that ultimately leads from the group to the member.
Every member has a name and a domain. There are typically only very few domains in any given
CoreMedia CMS installation, leaving the name as the main
identifying feature of a member. A user is often designated in the
<name>@<domain>
format, for example, joe@mydomain
or
admin@
. As you can see, for built-in users, the domain part is left empty.
The domain that is represented by the empty string provides access to the built-in user
management of the Content Server. For members of this
domain this is also indicated by the method isBuiltIn()
. Only members of the
built-in user management may be changed under direct control of the
Unified API. Users of other, external domains are
mapped into the system from external servers by means of the LDAP protocol. Only read access
is allowed for external domains. You can access the distinguished name of an external user
through the Unified API in case you need to connect
back to the LDAP repository.
For users of external domains, the getter methods of CapObject, which is a super interface of Member, may be used to access custom string attributes stored in the LDAP server. The built-in user management does not support member attributes. Note that there is no fixed set of CapType objects for members, because LDAP does not enforce a strict typing. Instead, there is one artificial type per member that describes the available properties for these objects.
In Figure 7.1, “Class Diagram: Users and Groups” you can see an overview of all classes involved in the representation of users and groups.
A group is called administrative, if its direct and indirect members are supposed to gain special privileges while working in the CoreMedia CMS. A user is called administrative, if at least one of its direct or indirect groups is administrative.
For the purposes of assigning rights to users, groups may be designated as content groups or live groups or both. Only rules of content groups affect the computation of rights on the Content Management Server. Only read rights rules that are defined for live groups are published to the Live Servers.
Caution
CoreMedia Live Server Group management is not used anymore and has therefore been deprecated.
CoreMedia is planning to remove Live Server Group management together with Site Manager from the product portfolio with the next major release.
For users, the home folders can be retrieved as a content object. As already explained, setting the home folder is only possible for built-in users.