Source code

001/*
002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     dmetzler
018 */
019package org.nuxeo.ecm.restapi.server.jaxrs.usermanager;
020
021import javax.ws.rs.DELETE;
022import javax.ws.rs.GET;
023import javax.ws.rs.PUT;
024import javax.ws.rs.core.Response;
025import javax.ws.rs.core.Response.Status;
026
027import org.nuxeo.ecm.core.api.NuxeoException;
028import org.nuxeo.ecm.core.api.NuxeoGroup;
029import org.nuxeo.ecm.core.api.NuxeoPrincipal;
030import org.nuxeo.ecm.platform.usermanager.UserManager;
031import org.nuxeo.ecm.webengine.WebException;
032import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException;
033import org.nuxeo.ecm.webengine.model.impl.DefaultObject;
034import org.nuxeo.runtime.api.Framework;
035
036/**
037 * Abstract WebObject class that handle retrieve, deletion and update of {@link NuxeoPrincipal} or {@link NuxeoGroup}.
038 *
039 * @since 5.7.3
040 */
041public abstract class AbstractUMObject<T> extends DefaultObject {
042
043    protected T currentArtifact;
044
045    protected UserManager um;
046
047    @SuppressWarnings("unchecked")
048    @Override
049    protected void initialize(Object... args) {
050        if (args.length < 1) {
051            throw new IllegalArgumentException("UserObject takes at least one parameter");
052        }
053        um = Framework.getLocalService(UserManager.class);
054        currentArtifact = (T) args[0];
055    }
056
057    @GET
058    public T doGetArtifact() {
059        return currentArtifact;
060    }
061
062    @PUT
063    public T doUpdateArtifact(T principal) {
064        try {
065            checkUpdateGuardPreconditions();
066            return updateArtifact(principal);
067        } catch (NuxeoException e) {
068            throw WebException.wrap(e);
069        }
070    }
071
072    @DELETE
073    public Response doDeleteArtifact() {
074        try {
075            checkUpdateGuardPreconditions();
076            deleteArtifact();
077            return Response.status(Status.NO_CONTENT).build();
078        } catch (NuxeoException e) {
079            throw WebException.wrap(e);
080        }
081    }
082
083    protected void checkUpdateGuardPreconditions() {
084        NuxeoPrincipal principal = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal();
085        if (!principal.isAdministrator()) {
086            if ((!principal.isMemberOf("powerusers")) || !isAPowerUserEditableArtifact()) {
087
088                throw new WebSecurityException("User is not allowed to edit users");
089            }
090        }
091    }
092
093    /**
094     * Check that the current artifact is editable by a power user. Basically this means not an admin user or not an
095     * admin group.
096     *
097     * @return
098     */
099    protected abstract boolean isAPowerUserEditableArtifact();
100
101    /**
102     * Updates the current artifact by the one given in parameters in the underlying persistence system.
103     *
104     * @param artifact the artifact that has been retrieved from request.
105     * @return the updated artifact.
106     */
107    protected abstract T updateArtifact(T artifact);
108
109    /**
110     * Deletes the current artifact in the underlying persistence system.
111     *
112     */
113    protected abstract void deleteArtifact();
114
115}