/**
   * Update the site security when an AuthzGroup is deleted, if it is a site AuthzGroup.
   *
   * @param azGroup The AuthzGroup.
   */
  protected void removeSiteSecurity(AuthzGroup azGroup) {
    // Special code for the site service
    Reference ref = entityManager().newReference(azGroup.getId());
    if (SiteService.APPLICATION_ID.equals(ref.getType())
        && SiteService.SITE_SUBTYPE.equals(ref.getSubType())) {
      // no azGroup, no users
      Set empty = new HashSet();

      SiteService.setSiteSecurity(ref.getId(), empty, empty, empty);
    }
  }
  /**
   * Update the site security based on the values in the AuthzGroup, if it is a site AuthzGroup.
   *
   * @param azGroup The AuthzGroup.
   */
  protected void updateSiteSecurity(AuthzGroup azGroup) {
    // Special code for the site service
    Reference ref = entityManager().newReference(azGroup.getId());
    if (SiteService.APPLICATION_ID.equals(ref.getType())
        && SiteService.SITE_SUBTYPE.equals(ref.getSubType())) {
      // collect the users
      Set updUsers = azGroup.getUsersIsAllowed(SiteService.SECURE_UPDATE_SITE);
      Set unpUsers = azGroup.getUsersIsAllowed(SiteService.SITE_VISIT_UNPUBLISHED);
      Set visitUsers = azGroup.getUsersIsAllowed(SiteService.SITE_VISIT);

      SiteService.setSiteSecurity(ref.getId(), updUsers, unpUsers, visitUsers);
    }
  }
  /** {@inheritDoc} */
  public Collection getEntityAuthzGroups(Reference ref, String userId) {
    // double check that it's mine
    if (APPLICATION_ID != ref.getType()) return null;

    Collection rv = new Vector();

    // if the reference is an AuthzGroup, and not a special one
    // get the list of realms for the azGroup-referenced resource
    if ((ref.getId() != null) && (ref.getId().length() > 0) && (!ref.getId().startsWith("!"))) {
      // add the current user's azGroup (for what azGroup stuff everyone can do, i.e. add)
      ref.addUserAuthzGroup(rv, sessionManager().getCurrentSessionUserId());

      // make a new reference on the azGroup's id
      Reference refnew = entityManager().newReference(ref.getId());
      rv.addAll(refnew.getAuthzGroups(userId));
    }

    return rv;
  }
  /** {@inheritDoc} */
  public void refreshUser(String userId) {
    if ((m_provider == null) || (userId == null)) return;

    try {
      String eid = userDirectoryService().getUserEid(userId);

      // wrap the provided map in our special map that will deal with compound provider ids
      Map providerGrants = new ProviderMap(m_provider, m_provider.getGroupRolesForUser(eid));

      m_storage.refreshUser(userId, providerGrants);

      // update site security for this user - get the user's realms for the three site locks
      Set updAuthzGroups = getAuthzGroupsIsAllowed(userId, SiteService.SECURE_UPDATE_SITE, null);
      Set unpAuthzGroups =
          getAuthzGroupsIsAllowed(userId, SiteService.SITE_VISIT_UNPUBLISHED, null);
      Set visitAuthzGroups = getAuthzGroupsIsAllowed(userId, SiteService.SITE_VISIT, null);

      // convert from azGroup ids (potential site references) to site ids for those that are site,
      // skipping special and user sites other than our user's
      Set updSites = new HashSet();
      for (Iterator i = updAuthzGroups.iterator(); i.hasNext(); ) {
        String azGroupId = (String) i.next();
        Reference ref = entityManager().newReference(azGroupId);
        if ((SiteService.APPLICATION_ID.equals(ref.getType()))
            && SiteService.SITE_SUBTYPE.equals(ref.getSubType())
            && !SiteService.isSpecialSite(ref.getId())
            && (!SiteService.isUserSite(ref.getId())
                || userId.equals(SiteService.getSiteUserId(ref.getId())))) {
          updSites.add(ref.getId());
        }
      }

      Set unpSites = new HashSet();
      for (Iterator i = unpAuthzGroups.iterator(); i.hasNext(); ) {
        String azGroupId = (String) i.next();
        Reference ref = entityManager().newReference(azGroupId);
        if ((SiteService.APPLICATION_ID.equals(ref.getType()))
            && SiteService.SITE_SUBTYPE.equals(ref.getSubType())
            && !SiteService.isSpecialSite(ref.getId())
            && (!SiteService.isUserSite(ref.getId())
                || userId.equals(SiteService.getSiteUserId(ref.getId())))) {
          unpSites.add(ref.getId());
        }
      }

      Set visitSites = new HashSet();
      for (Iterator i = visitAuthzGroups.iterator(); i.hasNext(); ) {
        String azGroupId = (String) i.next();
        Reference ref = entityManager().newReference(azGroupId);
        if ((SiteService.APPLICATION_ID.equals(ref.getType()))
            && SiteService.SITE_SUBTYPE.equals(ref.getSubType())
            && !SiteService.isSpecialSite(ref.getId())
            && (!SiteService.isUserSite(ref.getId())
                || userId.equals(SiteService.getSiteUserId(ref.getId())))) {
          visitSites.add(ref.getId());
        }
      }

      SiteService.setUserSecurity(userId, updSites, unpSites, visitSites);
    } catch (UserNotDefinedException e) {
      M_log.warn("refreshUser: cannot find eid for user: " + userId);
    }
  }