001/* 002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl-2.1.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * dmetzler 016 */ 017package org.nuxeo.ecm.restapi.server.jaxrs.usermanager; 018 019import java.util.List; 020 021import javax.ws.rs.Produces; 022import javax.ws.rs.core.MediaType; 023import javax.ws.rs.core.Response; 024 025import org.nuxeo.ecm.core.api.NuxeoPrincipal; 026import org.nuxeo.ecm.platform.query.api.PageProviderDefinition; 027import org.nuxeo.ecm.platform.query.api.PageProviderService; 028import org.nuxeo.ecm.platform.usermanager.UserManager; 029import org.nuxeo.ecm.webengine.WebException; 030import org.nuxeo.ecm.webengine.model.WebObject; 031import org.nuxeo.runtime.api.Framework; 032 033/** 034 * @since 5.7.3 035 */ 036@WebObject(type = "users") 037@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_JSON + "+nxentity" }) 038public class UserRootObject extends AbstractUMRootObject<NuxeoPrincipal> { 039 040 public static final String PAGE_PROVIDER_NAME = "nuxeo_principals_listing"; 041 042 @Override 043 protected NuxeoPrincipal getArtifact(String id) { 044 return um.getPrincipal(id); 045 } 046 047 @Override 048 protected String getArtifactType() { 049 return "user"; 050 } 051 052 @Override 053 protected void checkPrecondition(NuxeoPrincipal principal) { 054 checkCurrentUserCanCreateArtifact(principal); 055 checkPrincipalDoesNotAlreadyExists(principal, um); 056 checkPrincipalHasAName(principal); 057 } 058 059 @Override 060 protected NuxeoPrincipal createArtifact(NuxeoPrincipal principal) { 061 um.createUser(principal.getModel()); 062 return um.getPrincipal(principal.getName()); 063 } 064 065 private void checkPrincipalDoesNotAlreadyExists(NuxeoPrincipal principal, UserManager um) { 066 NuxeoPrincipal user = um.getPrincipal(principal.getName()); 067 if (user != null) { 068 throw new WebException("User already exists", Response.Status.PRECONDITION_FAILED.getStatusCode()); 069 } 070 } 071 072 private void checkPrincipalHasAName(NuxeoPrincipal principal) { 073 if (principal.getName() == null) { 074 throw new WebException("User MUST have a name", Response.Status.PRECONDITION_FAILED.getStatusCode()); 075 } 076 } 077 078 @Override 079 boolean isAPowerUserEditableArtifact(NuxeoPrincipal artifact) { 080 return isAPowerUserEditableUser(artifact); 081 } 082 083 static boolean isAPowerUserEditableUser(NuxeoPrincipal user) { 084 UserManager um = Framework.getLocalService(UserManager.class); 085 List<String> adminGroups = um.getAdministratorsGroups(); 086 for (String adminGroup : adminGroups) { 087 if (user.getAllGroups().contains(adminGroup)) { 088 return false; 089 } 090 } 091 return true; 092 } 093 094 @Override 095 protected PageProviderDefinition getPageProviderDefinition() { 096 PageProviderService ppService = Framework.getLocalService(PageProviderService.class); 097 return ppService.getPageProviderDefinition(PAGE_PROVIDER_NAME); 098 } 099 100 @Override 101 protected Object[] getParams() { 102 return new Object[] { query }; 103 } 104 105}