Diff for HordeGroupAPI between 6 and 7


+ Horde Group API

This document is intended to clarify the Horde Group API, and to provide a solid target for applications to move toward for Horde4.  Motivation for this document was spurred from the conversation between the Bens on IRC regarding the "proper" way to handle groups with LDAP.


++ Abstract

In its simplest terms a group consists of an ID and a Name.  The ID is unique to that group and is unchanging.  The name is a human-friendly name that can be changed as desired.  The source and/or format of the group ID should not be of concern to the application using it, and should always be obtained/modified/stored through the group API calls.  The group ID is the **only** acceptable method as to refer to a group, as it is guaranteed to be unique (uniqueness being the job of the driver).  The group name is strictly for interface use.

A group can also have a parent and multiple children.  All references to parents and children are to be made through API calls.  Again, it is of no concern to the application //how// these relationships are maintained, but only that they exist and are free to be used.

For Horde4, we will move away from the object-oriented method of managing groups in favor of a Horde_Groups class which will act as a group manager.  This should alleviate some of the confusion between the different drivers, and eliminate some of the OO overhead.

----Also for Horde4, the way we handle saving groups to the backend will change.  Instead of keeping track of the changes and committing them to storage when updateGroup() is called, all changes should be stored on the fly.  There is a bit of a performance hit for this, but it simplifies the API, and group modifications are rare enough and deliberate enough that this should not be an issue.


++ Standards

In order to help keep concepts straight, the following standards should be used

* **$gid** -- Group ID

* **$group** -- Group Object

* **$name** -- Group Name

* **$parent** -- ID of Group's Parent

Adds a group to the groups system. @@--- The group must first be created with                                               

Group::newGroup(), and have any initial users added to it, before this                                                

function is called. @@

Changes the name of a group without changing its contents or where it                                                 

is in the groups hierarchy.  

+++ removeGroup(@@--- $group +++ $gid@@,$gid@@ @@---, $force = false)false@@)

Removes aa group from thethe groups system permanently.

* Is the $force parameter necessary?  Can we automatically update the backend as updates are provided?  Or, is it faster to get all of the updates, and then commit them to the backend all at once?

+++ getGroupName($gid)

Retrieves the name of a group.

+++ getGUID(@@--- $group +++ $gid@@)

Returns a$group +++ $gid@@)

Returns a globally unique ID for a group.

+++ exists(@@--- $group +++ $gid@@)

Check if a group exists in the system.

+++ getGroupParent($gid@@+++, $deep == false@@)

Returns the single parent ID @@+++ or a list of parent IDs@@ of the given group.

* Add support to take over getGroupParentList()

+++ listGroups($refresh = false)

Returns a list of all groups, in the format gid => name.

+++ listUsers($gid@@+++, @all = false@@)

Get a

Get a list of every user that is a part of this group ONLY.

* Add support to take over listAllUsers()

+++ getGroupMembership($user, $parentGroups = false)

Get a list of every group that $user is in.

+++ userIsInGroup($user, $gid, $subgroups = true)

Say if a user is a member of a group or not.

+++ @@+++ addUser($username, $gid) @@

Add a user to a group.

* Should be able to handle arrays for both parameters.

+++a user to a group.

* Should be able to handle arrays for both parameters.

+++ @@+++ removeUser($username, $gid) @@

Remove aa user from a group.

* Should be able to handle arrays for both parameters.

+++ updateGroup($group)

##yellow|deprecated?## -- should we always update the backend?

+++ getLevel($gid)

##yellow|deprecated## -- is this used?

+++ getAuditLog($gid)

##yellow|new function## -- do we need this?

+++ clearAuditLog($gid)

##yellow|new function## -- do we need this?

+++ @@--- newGroup($name, $parent = DATATREE_ROOT) @@

deprecated in favor of using addGroup()

+++ @@--- getGroup($gid) @@

deprecated -- no longer using group objects.

+++ @@--- getGroupById($gid) @@

deprecated -- no longer using group objects.

+++ @@--- getGroupShortName($group) @@

deprecated -- no need for short names...they're just confusing (K.I.S.S)

+++ @@--- getGroupId($group) @@

deprecated -- no longer using group objects.

+++ @@--- getGroupParents($gid) @@

deprecated in favor of always using flat lists.

+++ @@--- getGroupParentList($gid) @@

deprecated in favor of getGroupParent()

+++ @@--- listAllUsers($gid) @@

deprecated in favor of listUsers()

+++ @@--- getLevel($gid) @@

deprecated -- This is only used in the group admin UI for the tree.  Horde_Tree automatically determines node depth now, so this is no longer necessary.

+++ @@--- updateGroup($group) @@

deprecated -- All group modifications are saved to the backend on the fly.

+++ @@--- getAuditLog($gid) @@

deprecated -- Only used internally to store group to backend.

+++ @@--- clearAuditLog($gid) @@

deprecated -- Only used internally to store group to backend.

++ @@--- !DatatreeObject_Group @@

All !DatatreeObject_Group functionality has been moved to Group (Horde_Groups) to eliminate OO overhead.

+++ setGroupOb(&$groupOb)

+++ getId()

+++ save()

+++ addUser($username, $update = true)

+++ removeUser($username, $update = true)

+++ listUser()

+++ listAllUsers()

+++ getAuditLog()

+++ clearAuditLog()


++ Horde_Groups API

This is a list of the methods that will be available in Horde_Groups to Horde4 applications:

* addGroup($name, $parent)

* removeGroup($gid)

* renameGroup($gid, $newName)

* getGroupname($gid)

* getGUID($gid)

* exists($gid)

* getGroupParent($gid, $deep = false)

* listGroups()

* listUsers($gid, $subgroups = false)

* getGroupMembership($username, $parentGroups$parents = false)

* userIsInGroup($username, $gid, $subgroups = true)

* addUser($username, $gid)

* removeUser($username, $gid)