001/*
002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     bstefanescu
018 *
019 * $Id$
020 */
021
022package org.nuxeo.ecm.core.rest.security;
023
024import java.util.ArrayList;
025import java.util.List;
026
027import javax.servlet.http.HttpServletRequest;
028import javax.ws.rs.GET;
029import javax.ws.rs.POST;
030import javax.ws.rs.Path;
031import javax.ws.rs.core.Response;
032
033import org.nuxeo.ecm.core.api.CoreSession;
034import org.nuxeo.ecm.core.api.DocumentModel;
035import org.nuxeo.ecm.core.api.NuxeoException;
036import org.nuxeo.ecm.core.api.NuxeoGroup;
037import org.nuxeo.ecm.core.api.NuxeoPrincipal;
038import org.nuxeo.ecm.core.api.security.ACE;
039import org.nuxeo.ecm.core.api.security.ACL;
040import org.nuxeo.ecm.core.api.security.ACP;
041import org.nuxeo.ecm.core.api.security.impl.ACLImpl;
042import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
043import org.nuxeo.ecm.platform.usermanager.UserManager;
044import org.nuxeo.ecm.webengine.WebException;
045import org.nuxeo.ecm.webengine.model.Resource;
046import org.nuxeo.ecm.webengine.model.View;
047import org.nuxeo.ecm.webengine.model.WebAdapter;
048import org.nuxeo.ecm.webengine.model.impl.DefaultAdapter;
049import org.nuxeo.ecm.webengine.util.ACLUtils;
050import org.nuxeo.runtime.api.Framework;
051
052/**
053 * Version Service - manage document versions TODO not yet implemented
054 * <p>
055 * Accepts the following methods:
056 * <ul>
057 * <li>GET - get the last document version
058 * <li>DELETE - delete a version
059 * <li>POST - create a new version
060 * </ul>
061 *
062 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a>
063 */
064@WebAdapter(name = "permissions", type = "PermissionService", targetType = "Document", targetFacets = { "Folderish" })
065public class PermissionService extends DefaultAdapter {
066
067    @GET
068    public Object doGet() {
069        return new View(getTarget(), "permissions").resolve();
070    }
071
072    @POST
073    @Path("add")
074    public Response postPermission() {
075        try {
076            HttpServletRequest req = ctx.getRequest();
077            String action = req.getParameter("action");
078            String permission = req.getParameter("permission");
079            String username = req.getParameter("user");
080
081            UserManager userManager = Framework.getService(UserManager.class);
082            NuxeoPrincipal user = userManager.getPrincipal(username);
083            if (user == null) {
084                NuxeoGroup group = userManager.getGroup(username);
085                if (group == null) {
086                    return Response.status(500).build();
087                }
088            }
089            ACPImpl acp = new ACPImpl();
090            ACLImpl acl = new ACLImpl(ACL.LOCAL_ACL);
091            acp.addACL(acl);
092            boolean granted = "grant".equals(action);
093            ACE ace = new ACE(username, permission, granted);
094            acl.add(ace);
095            CoreSession session = ctx.getCoreSession();
096            Resource target = getTarget();
097            session.setACP(target.getAdapter(DocumentModel.class).getRef(), acp, false);
098            session.save();
099            return redirect(target.getPath());
100        } catch (NuxeoException e) {
101            throw WebException.wrap(e);
102        }
103    }
104
105    @POST
106    @Path("delete")
107    public Response postDeletePermission() {
108        return deletePermission();
109    }
110
111    @GET
112    @Path("delete")
113    public Response deletePermission() {
114        try {
115            HttpServletRequest req = ctx.getRequest();
116            String permission = req.getParameter("permission");
117            String username = req.getParameter("user");
118            CoreSession session = ctx.getCoreSession();
119            Resource target = getTarget();
120            ACLUtils.removePermission(session, target.getAdapter(DocumentModel.class).getRef(), username, permission);
121            session.save();
122            return redirect(target.getPath());
123        } catch (NuxeoException e) {
124            throw WebException.wrap(e);
125        }
126    }
127
128    public List<Permission> getPermissions() {
129        try {
130            ACP acp = ctx.getCoreSession().getACP(getTarget().getAdapter(DocumentModel.class).getRef());
131            List<Permission> permissions = new ArrayList<Permission>();
132            for (ACL acl : acp.getACLs()) {
133                for (ACE ace : acl.getACEs()) {
134                    permissions.add(new Permission(ace.getUsername(), ace.getPermission(), ace.isGranted()));
135                }
136            }
137            return permissions;
138        } catch (NuxeoException e) {
139            throw WebException.wrap("Failed to get ACLs", e);
140        }
141    }
142
143}