Source code

001/*
002 * (C) Copyright 2006-2008 Nuxeo SAS (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     bstefanescu
016 *
017 * $Id$
018 */
019
020package org.nuxeo.ecm.core.rest.security;
021
022import java.util.ArrayList;
023import java.util.List;
024
025import javax.servlet.http.HttpServletRequest;
026import javax.ws.rs.GET;
027import javax.ws.rs.POST;
028import javax.ws.rs.Path;
029import javax.ws.rs.core.Response;
030
031import org.nuxeo.ecm.core.api.CoreSession;
032import org.nuxeo.ecm.core.api.DocumentModel;
033import org.nuxeo.ecm.core.api.NuxeoException;
034import org.nuxeo.ecm.core.api.NuxeoGroup;
035import org.nuxeo.ecm.core.api.NuxeoPrincipal;
036import org.nuxeo.ecm.core.api.security.ACE;
037import org.nuxeo.ecm.core.api.security.ACL;
038import org.nuxeo.ecm.core.api.security.ACP;
039import org.nuxeo.ecm.core.api.security.impl.ACLImpl;
040import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
041import org.nuxeo.ecm.platform.usermanager.UserManager;
042import org.nuxeo.ecm.webengine.WebException;
043import org.nuxeo.ecm.webengine.model.Resource;
044import org.nuxeo.ecm.webengine.model.View;
045import org.nuxeo.ecm.webengine.model.WebAdapter;
046import org.nuxeo.ecm.webengine.model.impl.DefaultAdapter;
047import org.nuxeo.ecm.webengine.util.ACLUtils;
048import org.nuxeo.runtime.api.Framework;
049
050/**
051 * Version Service - manage document versions TODO not yet implemented
052 * <p>
053 * Accepts the following methods:
054 * <ul>
055 * <li>GET - get the last document version
056 * <li>DELETE - delete a version
057 * <li>POST - create a new version
058 * </ul>
059 *
060 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a>
061 */
062@WebAdapter(name = "permissions", type = "PermissionService", targetType = "Document", targetFacets = { "Folderish" })
063public class PermissionService extends DefaultAdapter {
064
065    @GET
066    public Object doGet() {
067        return new View(getTarget(), "permissions").resolve();
068    }
069
070    @POST
071    @Path("add")
072    public Response postPermission() {
073        try {
074            HttpServletRequest req = ctx.getRequest();
075            String action = req.getParameter("action");
076            String permission = req.getParameter("permission");
077            String username = req.getParameter("user");
078
079            UserManager userManager = Framework.getService(UserManager.class);
080            NuxeoPrincipal user = userManager.getPrincipal(username);
081            if (user == null) {
082                NuxeoGroup group = userManager.getGroup(username);
083                if (group == null) {
084                    return Response.status(500).build();
085                }
086            }
087            ACPImpl acp = new ACPImpl();
088            ACLImpl acl = new ACLImpl(ACL.LOCAL_ACL);
089            acp.addACL(acl);
090            boolean granted = "grant".equals(action);
091            ACE ace = new ACE(username, permission, granted);
092            acl.add(ace);
093            CoreSession session = ctx.getCoreSession();
094            Resource target = getTarget();
095            session.setACP(target.getAdapter(DocumentModel.class).getRef(), acp, false);
096            session.save();
097            return redirect(target.getPath());
098        } catch (NuxeoException e) {
099            throw WebException.wrap(e);
100        }
101    }
102
103    @POST
104    @Path("delete")
105    public Response postDeletePermission() {
106        return deletePermission();
107    }
108
109    @GET
110    @Path("delete")
111    public Response deletePermission() {
112        try {
113            HttpServletRequest req = ctx.getRequest();
114            String permission = req.getParameter("permission");
115            String username = req.getParameter("user");
116            CoreSession session = ctx.getCoreSession();
117            Resource target = getTarget();
118            ACLUtils.removePermission(session, target.getAdapter(DocumentModel.class).getRef(), username, permission);
119            session.save();
120            return redirect(target.getPath());
121        } catch (NuxeoException e) {
122            throw WebException.wrap(e);
123        }
124    }
125
126    public List<Permission> getPermissions() {
127        try {
128            ACP acp = ctx.getCoreSession().getACP(getTarget().getAdapter(DocumentModel.class).getRef());
129            List<Permission> permissions = new ArrayList<Permission>();
130            for (ACL acl : acp.getACLs()) {
131                for (ACE ace : acl.getACEs()) {
132                    permissions.add(new Permission(ace.getUsername(), ace.getPermission(), ace.isGranted()));
133                }
134            }
135            return permissions;
136        } catch (NuxeoException e) {
137            throw WebException.wrap("Failed to get ACLs", e);
138        }
139    }
140
141}