001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 */ 020 021package org.nuxeo.scim.server.jaxrs.usermanager; 022 023import javax.ws.rs.core.MediaType; 024 025import org.apache.commons.logging.Log; 026import org.apache.commons.logging.LogFactory; 027import org.nuxeo.ecm.core.api.ClientException; 028import org.nuxeo.ecm.core.api.NuxeoPrincipal; 029import org.nuxeo.ecm.platform.usermanager.UserManager; 030import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper; 031import org.nuxeo.ecm.webengine.WebEngine; 032import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException; 033import org.nuxeo.ecm.webengine.model.impl.DefaultObject; 034import org.nuxeo.runtime.api.Framework; 035import org.nuxeo.scim.server.mapper.AbstractMapper; 036import org.nuxeo.scim.server.mapper.UserMapperFactory; 037 038/** 039 * Base class used for all WebObject associated to SCIM Domain model 040 * 041 * @author tiry 042 * @since 7.4 043 */ 044 045public abstract class BaseUMObject extends DefaultObject { 046 047 protected static Log log = LogFactory.getLog(SCIMUserWebObject.class); 048 049 protected UserManager um; 050 051 protected AbstractMapper mapper; 052 053 protected String baseUrl; 054 055 // default to JSON 056 protected MediaType fixeMediaType = null; 057 058 public BaseUMObject() { 059 super(); 060 } 061 062 protected abstract String getPrefix(); 063 064 @Override 065 protected void initialize(Object... args) { 066 um = Framework.getService(UserManager.class); 067 // build base url 068 baseUrl = VirtualHostHelper.getBaseURL(WebEngine.getActiveContext().getRequest()); 069 while (baseUrl.endsWith("/")) { 070 baseUrl = baseUrl.substring(0, baseUrl.length() - 1); 071 } 072 baseUrl = baseUrl + WebEngine.getActiveContext().getUrlPath(); 073 // remove end of url 074 int idx = baseUrl.lastIndexOf(getPrefix()); 075 if (idx > 0) { 076 baseUrl = baseUrl.substring(0, idx + getPrefix().length()); 077 } 078 mapper = UserMapperFactory.getMapper(baseUrl); 079 080 if (args != null && args.length > 0) { 081 fixeMediaType = (MediaType) args[0]; 082 } 083 if (fixeMediaType == null) { 084 String accept = WebEngine.getActiveContext().getRequest().getHeader("Accept"); 085 if (accept != null && accept.toLowerCase().contains("application/xml")) { 086 fixeMediaType = MediaType.APPLICATION_XML_TYPE; 087 } else { 088 fixeMediaType = MediaType.APPLICATION_JSON_TYPE; 089 } 090 } 091 } 092 093 protected void checkUpdateGuardPreconditions() throws ClientException { 094 NuxeoPrincipal principal = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal(); 095 if (!principal.isAdministrator()) { 096 if ((!principal.isMemberOf("powerusers")) || !isAPowerUserEditableArtifact()) { 097 098 throw new WebSecurityException("User is not allowed to edit users"); 099 } 100 } 101 } 102 103 /** 104 * Check that the current artifact is editable by a power user. Basically this means not an admin user or not an 105 * admin group. 106 * 107 * @return 108 */ 109 protected boolean isAPowerUserEditableArtifact() { 110 return false; 111 } 112 113}