001/* 002 * (C) Copyright 2015 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Nuxeo - initial API and implementation 016 * 017 */ 018 019package org.nuxeo.scim.server.jaxrs.usermanager; 020 021import javax.ws.rs.core.MediaType; 022 023import org.apache.commons.logging.Log; 024import org.apache.commons.logging.LogFactory; 025import org.nuxeo.ecm.core.api.ClientException; 026import org.nuxeo.ecm.core.api.NuxeoPrincipal; 027import org.nuxeo.ecm.platform.usermanager.UserManager; 028import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper; 029import org.nuxeo.ecm.webengine.WebEngine; 030import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException; 031import org.nuxeo.ecm.webengine.model.impl.DefaultObject; 032import org.nuxeo.runtime.api.Framework; 033import org.nuxeo.scim.server.mapper.AbstractMapper; 034import org.nuxeo.scim.server.mapper.UserMapperFactory; 035 036/** 037 * Base class used for all WebObject associated to SCIM Domain model 038 * 039 * @author tiry 040 * @since 7.4 041 */ 042 043public abstract class BaseUMObject extends DefaultObject { 044 045 protected static Log log = LogFactory.getLog(SCIMUserWebObject.class); 046 047 protected UserManager um; 048 049 protected AbstractMapper mapper; 050 051 protected String baseUrl; 052 053 // default to JSON 054 protected MediaType fixeMediaType = null; 055 056 public BaseUMObject() { 057 super(); 058 } 059 060 protected abstract String getPrefix(); 061 062 @Override 063 protected void initialize(Object... args) { 064 um = Framework.getLocalService(UserManager.class); 065 // build base url 066 baseUrl = VirtualHostHelper.getBaseURL(WebEngine.getActiveContext().getRequest()); 067 while (baseUrl.endsWith("/")) { 068 baseUrl = baseUrl.substring(0, baseUrl.length() - 1); 069 } 070 baseUrl = baseUrl + WebEngine.getActiveContext().getUrlPath(); 071 // remove end of url 072 int idx = baseUrl.lastIndexOf(getPrefix()); 073 if (idx > 0) { 074 baseUrl = baseUrl.substring(0, idx + getPrefix().length()); 075 } 076 mapper = UserMapperFactory.getMapper(baseUrl); 077 078 if (args != null && args.length > 0) { 079 fixeMediaType = (MediaType) args[0]; 080 } 081 if (fixeMediaType == null) { 082 String accept = WebEngine.getActiveContext().getRequest().getHeader("Accept"); 083 if (accept != null && accept.toLowerCase().contains("application/xml")) { 084 fixeMediaType = MediaType.APPLICATION_XML_TYPE; 085 } else { 086 fixeMediaType = MediaType.APPLICATION_JSON_TYPE; 087 } 088 } 089 } 090 091 protected void checkUpdateGuardPreconditions() throws ClientException { 092 NuxeoPrincipal principal = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal(); 093 if (!principal.isAdministrator()) { 094 if ((!principal.isMemberOf("powerusers")) || !isAPowerUserEditableArtifact()) { 095 096 throw new WebSecurityException("User is not allowed to edit users"); 097 } 098 } 099 } 100 101 /** 102 * Check that the current artifact is editable by a power user. Basically this means not an admin user or not an 103 * admin group. 104 * 105 * @return 106 */ 107 protected boolean isAPowerUserEditableArtifact() { 108 return false; 109 } 110 111}