Source code

001/*
002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     dmetzler
018 */
019package org.nuxeo.ecm.restapi.server.jaxrs.usermanager;
020
021import java.util.List;
022
023import javax.ws.rs.DELETE;
024import javax.ws.rs.POST;
025import javax.ws.rs.core.Response;
026import javax.ws.rs.core.Response.Status;
027
028import org.nuxeo.ecm.core.api.NuxeoException;
029import org.nuxeo.ecm.core.api.NuxeoGroup;
030import org.nuxeo.ecm.core.api.NuxeoPrincipal;
031import org.nuxeo.ecm.platform.usermanager.UserManager;
032import org.nuxeo.ecm.webengine.WebException;
033import org.nuxeo.ecm.webengine.model.WebObject;
034import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException;
035import org.nuxeo.ecm.webengine.model.impl.DefaultObject;
036import org.nuxeo.runtime.api.Framework;
037
038/**
039 * @since 5.7.3
040 */
041@WebObject(type = "userToGroup")
042public class UserToGroupObject extends DefaultObject {
043
044    private NuxeoGroup group;
045
046    private NuxeoPrincipal principal;
047
048    @Override
049    protected void initialize(Object... args) {
050        if (args.length != 2) {
051            throw new IllegalArgumentException("UserToGroup object takes two parameters");
052        }
053        principal = (NuxeoPrincipal) args[0];
054        group = (NuxeoGroup) args[1];
055    }
056
057    @POST
058    public Response doAddUserToGroup() {
059        try {
060            UserManager um = Framework.getLocalService(UserManager.class);
061            checkPrincipalCanAdministerGroupAndUser(um);
062
063            List<String> groups = principal.getGroups();
064            groups.add(group.getName());
065            principal.setGroups(groups);
066            um.updateUser(principal.getModel());
067            return Response.status(Status.CREATED).entity(um.getPrincipal(principal.getName())).build();
068        } catch (NuxeoException e) {
069            throw WebException.wrap(e);
070        }
071    }
072
073    private void checkPrincipalCanAdministerGroupAndUser(UserManager um) {
074        NuxeoPrincipal currentPrincipal = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal();
075        if (!currentPrincipal.isAdministrator()) {
076            if (!principal.isMemberOf("powerusers") || !UserRootObject.isAPowerUserEditableUser(principal)
077                    || !GroupRootObject.isAPowerUserEditableGroup(group)) {
078                throw new WebSecurityException("Cannot edit user");
079            }
080        }
081
082    }
083
084    @DELETE
085    public Response doRemoveUserFromGroup() {
086        try {
087            UserManager um = Framework.getLocalService(UserManager.class);
088            checkPrincipalCanAdministerGroupAndUser(um);
089            List<String> groups = principal.getGroups();
090            groups.remove(group.getName());
091            principal.setGroups(groups);
092            um.updateUser(principal.getModel());
093            return Response.ok(principal.getName()).build();
094        } catch (NuxeoException e) {
095            throw WebException.wrap(e);
096        }
097    }
098}