Source code

001/*
002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     dmetzler
018 */
019package org.nuxeo.ecm.restapi.server.jaxrs.usermanager;
020
021import java.util.List;
022
023import javax.ws.rs.Produces;
024import javax.ws.rs.core.MediaType;
025import javax.ws.rs.core.Response;
026
027import org.nuxeo.ecm.core.api.NuxeoPrincipal;
028import org.nuxeo.ecm.platform.query.api.PageProviderDefinition;
029import org.nuxeo.ecm.platform.query.api.PageProviderService;
030import org.nuxeo.ecm.platform.usermanager.UserManager;
031import org.nuxeo.ecm.webengine.WebException;
032import org.nuxeo.ecm.webengine.model.WebObject;
033import org.nuxeo.runtime.api.Framework;
034
035/**
036 * @since 5.7.3
037 */
038@WebObject(type = "users")
039@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_JSON + "+nxentity" })
040public class UserRootObject extends AbstractUMRootObject<NuxeoPrincipal> {
041
042    public static final String PAGE_PROVIDER_NAME = "nuxeo_principals_listing";
043
044    @Override
045    protected NuxeoPrincipal getArtifact(String id) {
046        return um.getPrincipal(id);
047    }
048
049    @Override
050    protected String getArtifactType() {
051        return "user";
052    }
053
054    @Override
055    protected void checkPrecondition(NuxeoPrincipal principal) {
056        checkCurrentUserCanCreateArtifact(principal);
057        checkPrincipalDoesNotAlreadyExists(principal, um);
058        checkPrincipalHasAName(principal);
059    }
060
061    @Override
062    protected NuxeoPrincipal createArtifact(NuxeoPrincipal principal) {
063        um.createUser(principal.getModel());
064        return um.getPrincipal(principal.getName());
065    }
066
067    private void checkPrincipalDoesNotAlreadyExists(NuxeoPrincipal principal, UserManager um) {
068        NuxeoPrincipal user = um.getPrincipal(principal.getName());
069        if (user != null) {
070            throw new WebException("User already exists", Response.Status.PRECONDITION_FAILED.getStatusCode());
071        }
072    }
073
074    private void checkPrincipalHasAName(NuxeoPrincipal principal) {
075        if (principal.getName() == null) {
076            throw new WebException("User MUST have a name", Response.Status.PRECONDITION_FAILED.getStatusCode());
077        }
078    }
079
080    @Override
081    boolean isAPowerUserEditableArtifact(NuxeoPrincipal artifact) {
082        return isAPowerUserEditableUser(artifact);
083    }
084
085    static boolean isAPowerUserEditableUser(NuxeoPrincipal user) {
086        UserManager um = Framework.getLocalService(UserManager.class);
087        List<String> adminGroups = um.getAdministratorsGroups();
088        for (String adminGroup : adminGroups) {
089            if (user.getAllGroups().contains(adminGroup)) {
090                return false;
091            }
092        }
093        return true;
094    }
095
096    @Override
097    protected PageProviderDefinition getPageProviderDefinition() {
098        PageProviderService ppService = Framework.getLocalService(PageProviderService.class);
099        return ppService.getPageProviderDefinition(PAGE_PROVIDER_NAME);
100    }
101
102    @Override
103    protected Object[] getParams() {
104        return new Object[] { query };
105    }
106
107}