001/* 002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl-2.1.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * dmetzler 016 */ 017package org.nuxeo.ecm.restapi.server.jaxrs.usermanager; 018 019import java.util.List; 020 021import javax.ws.rs.DELETE; 022import javax.ws.rs.POST; 023import javax.ws.rs.core.Response; 024import javax.ws.rs.core.Response.Status; 025 026import org.nuxeo.ecm.core.api.NuxeoException; 027import org.nuxeo.ecm.core.api.NuxeoGroup; 028import org.nuxeo.ecm.core.api.NuxeoPrincipal; 029import org.nuxeo.ecm.platform.usermanager.UserManager; 030import org.nuxeo.ecm.webengine.WebException; 031import org.nuxeo.ecm.webengine.model.WebObject; 032import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException; 033import org.nuxeo.ecm.webengine.model.impl.DefaultObject; 034import org.nuxeo.runtime.api.Framework; 035 036/** 037 * @since 5.7.3 038 */ 039@WebObject(type = "userToGroup") 040public class UserToGroupObject extends DefaultObject { 041 042 private NuxeoGroup group; 043 044 private NuxeoPrincipal principal; 045 046 @Override 047 protected void initialize(Object... args) { 048 if (args.length != 2) { 049 throw new IllegalArgumentException("UserToGroup object takes two parameters"); 050 } 051 principal = (NuxeoPrincipal) args[0]; 052 group = (NuxeoGroup) args[1]; 053 } 054 055 @POST 056 public Response doAddUserToGroup() { 057 try { 058 UserManager um = Framework.getLocalService(UserManager.class); 059 checkPrincipalCanAdministerGroupAndUser(um); 060 061 List<String> groups = principal.getGroups(); 062 groups.add(group.getName()); 063 principal.setGroups(groups); 064 um.updateUser(principal.getModel()); 065 return Response.status(Status.CREATED).entity(um.getPrincipal(principal.getName())).build(); 066 } catch (NuxeoException e) { 067 throw WebException.wrap(e); 068 } 069 } 070 071 private void checkPrincipalCanAdministerGroupAndUser(UserManager um) { 072 NuxeoPrincipal currentPrincipal = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal(); 073 if (!currentPrincipal.isAdministrator()) { 074 if (!principal.isMemberOf("powerusers") || !UserRootObject.isAPowerUserEditableUser(principal) 075 || !GroupRootObject.isAPowerUserEditableGroup(group)) { 076 throw new WebSecurityException("Cannot edit user"); 077 } 078 } 079 080 } 081 082 @DELETE 083 public Response doRemoveUserFromGroup() { 084 try { 085 UserManager um = Framework.getLocalService(UserManager.class); 086 checkPrincipalCanAdministerGroupAndUser(um); 087 List<String> groups = principal.getGroups(); 088 groups.remove(group.getName()); 089 principal.setGroups(groups); 090 um.updateUser(principal.getModel()); 091 return Response.ok(principal.getName()).build(); 092 } catch (NuxeoException e) { 093 throw WebException.wrap(e); 094 } 095 } 096}