001/* 002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * dmetzler 018 */ 019package org.nuxeo.ecm.restapi.server.jaxrs.usermanager; 020 021import javax.ws.rs.DELETE; 022import javax.ws.rs.GET; 023import javax.ws.rs.PUT; 024import javax.ws.rs.core.Response; 025import javax.ws.rs.core.Response.Status; 026 027import org.nuxeo.ecm.core.api.NuxeoException; 028import org.nuxeo.ecm.core.api.NuxeoGroup; 029import org.nuxeo.ecm.core.api.NuxeoPrincipal; 030import org.nuxeo.ecm.platform.usermanager.UserManager; 031import org.nuxeo.ecm.webengine.WebException; 032import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException; 033import org.nuxeo.ecm.webengine.model.impl.DefaultObject; 034import org.nuxeo.runtime.api.Framework; 035 036/** 037 * Abstract WebObject class that handle retrieve, deletion and update of {@link NuxeoPrincipal} or {@link NuxeoGroup}. 038 * 039 * @since 5.7.3 040 */ 041public abstract class AbstractUMObject<T> extends DefaultObject { 042 043 protected T currentArtifact; 044 045 protected UserManager um; 046 047 @SuppressWarnings("unchecked") 048 @Override 049 protected void initialize(Object... args) { 050 if (args.length < 1) { 051 throw new IllegalArgumentException("UserObject takes at least one parameter"); 052 } 053 um = Framework.getLocalService(UserManager.class); 054 currentArtifact = (T) args[0]; 055 } 056 057 @GET 058 public T doGetArtifact() { 059 return currentArtifact; 060 } 061 062 @PUT 063 public T doUpdateArtifact(T principal) { 064 try { 065 checkUpdateGuardPreconditions(); 066 return updateArtifact(principal); 067 } catch (NuxeoException e) { 068 throw WebException.wrap(e); 069 } 070 } 071 072 @DELETE 073 public Response doDeleteArtifact() { 074 try { 075 checkUpdateGuardPreconditions(); 076 deleteArtifact(); 077 return Response.status(Status.NO_CONTENT).build(); 078 } catch (NuxeoException e) { 079 throw WebException.wrap(e); 080 } 081 } 082 083 protected void checkUpdateGuardPreconditions() { 084 NuxeoPrincipal principal = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal(); 085 if (!principal.isAdministrator()) { 086 if ((!principal.isMemberOf("powerusers")) || !isAPowerUserEditableArtifact()) { 087 088 throw new WebSecurityException("User is not allowed to edit users"); 089 } 090 } 091 } 092 093 /** 094 * Check that the current artifact is editable by a power user. Basically this means not an admin user or not an 095 * admin group. 096 * 097 * @return 098 */ 099 protected abstract boolean isAPowerUserEditableArtifact(); 100 101 /** 102 * Updates the current artifact by the one given in parameters in the underlying persistence system. 103 * 104 * @param artifact the artifact that has been retrieved from request. 105 * @return the updated artifact. 106 */ 107 protected abstract T updateArtifact(T artifact); 108 109 /** 110 * Deletes the current artifact in the underlying persistence system. 111 * 112 */ 113 protected abstract void deleteArtifact(); 114 115}