001/* 002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * dmetzler 018 */ 019package org.nuxeo.ecm.restapi.server.jaxrs.usermanager; 020 021import java.util.List; 022 023import javax.ws.rs.Produces; 024import javax.ws.rs.core.MediaType; 025import javax.ws.rs.core.Response; 026 027import org.nuxeo.ecm.core.api.NuxeoPrincipal; 028import org.nuxeo.ecm.platform.query.api.PageProviderDefinition; 029import org.nuxeo.ecm.platform.query.api.PageProviderService; 030import org.nuxeo.ecm.platform.usermanager.UserManager; 031import org.nuxeo.ecm.webengine.WebException; 032import org.nuxeo.ecm.webengine.model.WebObject; 033import org.nuxeo.runtime.api.Framework; 034 035/** 036 * @since 5.7.3 037 */ 038@WebObject(type = "users") 039@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_JSON + "+nxentity" }) 040public class UserRootObject extends AbstractUMRootObject<NuxeoPrincipal> { 041 042 public static final String PAGE_PROVIDER_NAME = "nuxeo_principals_listing"; 043 044 @Override 045 protected NuxeoPrincipal getArtifact(String id) { 046 return um.getPrincipal(id); 047 } 048 049 @Override 050 protected String getArtifactType() { 051 return "user"; 052 } 053 054 @Override 055 protected void checkPrecondition(NuxeoPrincipal principal) { 056 checkCurrentUserCanCreateArtifact(principal); 057 checkPrincipalDoesNotAlreadyExists(principal, um); 058 checkPrincipalHasAName(principal); 059 } 060 061 @Override 062 protected NuxeoPrincipal createArtifact(NuxeoPrincipal principal) { 063 um.createUser(principal.getModel()); 064 return um.getPrincipal(principal.getName()); 065 } 066 067 private void checkPrincipalDoesNotAlreadyExists(NuxeoPrincipal principal, UserManager um) { 068 NuxeoPrincipal user = um.getPrincipal(principal.getName()); 069 if (user != null) { 070 throw new WebException("User already exists", Response.Status.PRECONDITION_FAILED.getStatusCode()); 071 } 072 } 073 074 private void checkPrincipalHasAName(NuxeoPrincipal principal) { 075 if (principal.getName() == null) { 076 throw new WebException("User MUST have a name", Response.Status.PRECONDITION_FAILED.getStatusCode()); 077 } 078 } 079 080 @Override 081 boolean isAPowerUserEditableArtifact(NuxeoPrincipal artifact) { 082 return isAPowerUserEditableUser(artifact); 083 } 084 085 static boolean isAPowerUserEditableUser(NuxeoPrincipal user) { 086 UserManager um = Framework.getLocalService(UserManager.class); 087 List<String> adminGroups = um.getAdministratorsGroups(); 088 for (String adminGroup : adminGroups) { 089 if (user.getAllGroups().contains(adminGroup)) { 090 return false; 091 } 092 } 093 return true; 094 } 095 096 @Override 097 protected PageProviderDefinition getPageProviderDefinition() { 098 PageProviderService ppService = Framework.getLocalService(PageProviderService.class); 099 return ppService.getPageProviderDefinition(PAGE_PROVIDER_NAME); 100 } 101 102 @Override 103 protected Object[] getParams() { 104 return new Object[] { query }; 105 } 106 107}