The User Manager API

The Concept

The User Manager API includes two sets of procedures. Via these procedure sets, the Content Management Server accesses the respective user manager for the editorial system and for the live system to do the following, for example:

  • determine the groups and the users of the editorial system as well as their permissions,
  • authenticate users of the editorial system by means of a password,
  • determine the groups of the live system.

The names of the procedures for accessing the user manager for the live system contain the character string secondary

The procedure sets for the internal user manager and some commonly known user managers such as LDAP and ADS are supplied with Fiona and can be found in the instanceinstName/script/cm/serverCmds/userman/handler directory as Tcl files. The corresponding configuration files (in which the Tcl files are referenced) can be found in the instanceinstName/config directory.

In order to make use of an existing procedure set,

  • adapt the parameters in the corresponding configuration file to the system requirements,
  • integrate the configuration file into the system configuration and
  • restart the Content Management Server.

Please also refer to the detailed description of the structure of the configuration files.

In order to create and use a new procedure set, you can copy an existing Tcl interface file including its configuration file, redefine the procedures, and adapt and integrate the configuration file.

Procedures of the User Manager API

checkLoginAndPassword login password

The function tests whether a user with the login name login has the password password. The Content Manager passes the unencrypted password to the function. If the user possesses this password, the function returns 1; if not, it returns 0. In case of an error, the return value is the error message.

groupsWhere whereParams
secondaryGroupsWhere whereParams

This procedure returns the list of the names of user groups which fulfill the search criteria (whereParams). Search criteria are given as name-value-pairs. The only search criterion available is groupText.

groupWithNameExists name
secondaryGroupWithNameExists name

The procedure tests whether a user group exists with the name name and returns 1 if this is the case and 0 when the group does not exist.

groupWithNameGet name key
secondaryGroupWithNameGet name key

The procedure reads the value of the key attribute allocated to the group name and returns it. An external user manager must at least ensure that valid values are returned if name or realName is specified as key. In the editorial system additionally displayTitle needs to return the group title to be displayed. In case of an error, the error message is returned. The Tcl routine should always forward error messages of the external user manager.

groupWithNameHasGlobalPerm name permission

The procedure tests whether the user group with the name name has the global permission permission and returns 1 if this is the case. If the group does not have the permission, the procedure returns 0; in case of error, the return value is the error message.

listGroups
listSecondaryGroups

This procedure has no parameters. It returns the list of group names. In case of error, it returns the error message.

listUsers

This procedure has no parameters. It returns the list of user names. In case of an error it returns the error message.

typeForGroupGetKey key
typeForSecondaryGroupGetKey key

This procedure returns the type of a group parameter (list or string).

typeForUserGetKey key

This procedure returns the type of a user parameter (list or string).

usersWhere whereParams

This procedure returns the list of user logins for which the search criteria (whereParams) are fulfilled. Search criteria are given as name-value-pairs. In the integrated user manager, the only search criterion available is userText.

userWithLoginExists login

The procedure tests whether a user with the login login exists and returns 1 if this is the case and 0 when the user does not exist.

userWithLoginGet login key

The procedure reads the value of the key attribute allocated to the user login and returns it. An external user manager must ensure that valid values are then supplied when login, realName, email, groups, displayTitle, or defaultGroup is specified as key. In case of an error, the error message is returned. The Tcl routine should always forward error messages of the external user manager.

userWithLoginHasGlobalPerm login permission

The procedure tests whether the user with the login login has the global permission permission and returns 1 if this is the case. If the user does not have the permission, the procedure returns 0; in case of error, the return value is the error message.

The integrated user manager determines whether a user has a permission by testing whether the permission was given directly to the user or whether the user is a member of a group with this permission.

The user manager’s only task is to allocate the names of global permissions to users and user groups. The administration of permissions is left to the applications which access it.

userWithLoginIsOwnerOf login ownedLogin

The procedure checks whether the user with the login login is the administrator (owner) of the user with the ownedLogin login. If this is the case, the procedure returns 1, otherwise it returns 0. In case of an error, the error message is returned.

This query tests whether the login user is permitted to modify the preferences of the ownedLogin user. A simple implementation of this function merely returns the result of userWithLoginIsSuperUser login.

userWithLoginIsSuperUser login

The Content Manager passes the login login to this procedure. The procedure tests whether the user with the login is a superuser and returns 1 if this is the case, and 0 when the user is not a superuser. In case of error, the procedure returns the error message.