001/*
002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     bstefanescu
018 *
019 * $Id$
020 */
021
022package org.nuxeo.ecm.core.rest.security;
023
024import java.util.ArrayList;
025import java.util.List;
026
027import javax.servlet.http.HttpServletRequest;
028import javax.ws.rs.GET;
029import javax.ws.rs.POST;
030import javax.ws.rs.Path;
031import javax.ws.rs.core.Response;
032
033import org.nuxeo.ecm.core.api.CoreSession;
034import org.nuxeo.ecm.core.api.DocumentModel;
035import org.nuxeo.ecm.core.api.NuxeoException;
036import org.nuxeo.ecm.core.api.NuxeoGroup;
037import org.nuxeo.ecm.core.api.NuxeoPrincipal;
038import org.nuxeo.ecm.core.api.security.ACE;
039import org.nuxeo.ecm.core.api.security.ACL;
040import org.nuxeo.ecm.core.api.security.ACP;
041import org.nuxeo.ecm.core.api.security.impl.ACLImpl;
042import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
043import org.nuxeo.ecm.platform.usermanager.UserManager;
044import org.nuxeo.ecm.webengine.model.Resource;
045import org.nuxeo.ecm.webengine.model.View;
046import org.nuxeo.ecm.webengine.model.WebAdapter;
047import org.nuxeo.ecm.webengine.model.impl.DefaultAdapter;
048import org.nuxeo.ecm.webengine.util.ACLUtils;
049import org.nuxeo.runtime.api.Framework;
050
051/**
052 * Version Service - manage document versions TODO not yet implemented
053 * <p>
054 * Accepts the following methods:
055 * <ul>
056 * <li>GET - get the last document version
057 * <li>DELETE - delete a version
058 * <li>POST - create a new version
059 * </ul>
060 *
061 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a>
062 */
063@WebAdapter(name = "permissions", type = "PermissionService", targetType = "Document", targetFacets = { "Folderish" })
064public class PermissionService extends DefaultAdapter {
065
066    @GET
067    public Object doGet() {
068        return new View(getTarget(), "permissions").resolve();
069    }
070
071    @POST
072    @Path("add")
073    public Response postPermission() {
074        HttpServletRequest req = ctx.getRequest();
075        String action = req.getParameter("action");
076        String permission = req.getParameter("permission");
077        String username = req.getParameter("user");
078
079        UserManager userManager = Framework.getService(UserManager.class);
080        NuxeoPrincipal user = userManager.getPrincipal(username);
081        if (user == null) {
082            NuxeoGroup group = userManager.getGroup(username);
083            if (group == null) {
084                return Response.status(500).build();
085            }
086        }
087        ACPImpl acp = new ACPImpl();
088        ACLImpl acl = new ACLImpl(ACL.LOCAL_ACL);
089        acp.addACL(acl);
090        boolean granted = "grant".equals(action);
091        ACE ace = new ACE(username, permission, granted);
092        acl.add(ace);
093        CoreSession session = ctx.getCoreSession();
094        Resource target = getTarget();
095        session.setACP(target.getAdapter(DocumentModel.class).getRef(), acp, false);
096        session.save();
097        return redirect(target.getPath());
098    }
099
100    @POST
101    @Path("delete")
102    public Response postDeletePermission() {
103        return deletePermission();
104    }
105
106    @GET
107    @Path("delete")
108    public Response deletePermission() {
109        HttpServletRequest req = ctx.getRequest();
110        String permission = req.getParameter("permission");
111        String username = req.getParameter("user");
112        CoreSession session = ctx.getCoreSession();
113        Resource target = getTarget();
114        ACLUtils.removePermission(session, target.getAdapter(DocumentModel.class).getRef(), username, permission);
115        session.save();
116        return redirect(target.getPath());
117    }
118
119    public List<Permission> getPermissions() {
120        try {
121            ACP acp = ctx.getCoreSession().getACP(getTarget().getAdapter(DocumentModel.class).getRef());
122            List<Permission> permissions = new ArrayList<Permission>();
123            for (ACL acl : acp.getACLs()) {
124                for (ACE ace : acl.getACEs()) {
125                    permissions.add(new Permission(ace.getUsername(), ace.getPermission(), ace.isGranted()));
126                }
127            }
128            return permissions;
129        } catch (NuxeoException e) {
130            e.addInfo("Failed to get ACLs");
131            throw e;
132        }
133    }
134
135}