001/*
002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     dmetzler
018 */
019package org.nuxeo.ecm.restapi.server.jaxrs.usermanager;
020
021import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
022import static javax.servlet.http.HttpServletResponse.SC_CONFLICT;
023
024import java.util.List;
025
026import javax.ws.rs.Produces;
027import javax.ws.rs.core.MediaType;
028
029import org.nuxeo.ecm.core.api.NuxeoException;
030import org.nuxeo.ecm.core.api.NuxeoPrincipal;
031import org.nuxeo.ecm.platform.query.api.PageProviderDefinition;
032import org.nuxeo.ecm.platform.query.api.PageProviderService;
033import org.nuxeo.ecm.platform.usermanager.UserManager;
034import org.nuxeo.ecm.webengine.model.WebObject;
035import org.nuxeo.runtime.api.Framework;
036
037/**
038 * @since 5.7.3
039 */
040@WebObject(type = "users")
041@Produces(MediaType.APPLICATION_JSON)
042public class UserRootObject extends AbstractUMRootObject<NuxeoPrincipal> {
043
044    public static final String PAGE_PROVIDER_NAME = "nuxeo_principals_listing";
045
046    @Override
047    protected NuxeoPrincipal getArtifact(String id) {
048        return um.getPrincipal(id);
049    }
050
051    @Override
052    protected String getArtifactType() {
053        return "user";
054    }
055
056    @Override
057    protected void checkPrecondition(NuxeoPrincipal principal) {
058        checkCurrentUserCanCreateArtifact(principal);
059        checkPrincipalDoesNotAlreadyExists(principal, um);
060        checkPrincipalHasAName(principal);
061    }
062
063    @Override
064    protected NuxeoPrincipal createArtifact(NuxeoPrincipal principal) {
065        um.createUser(principal.getModel());
066        return um.getPrincipal(principal.getName());
067    }
068
069    private void checkPrincipalDoesNotAlreadyExists(NuxeoPrincipal principal, UserManager um) {
070        NuxeoPrincipal user = um.getPrincipal(principal.getName());
071        if (user != null) {
072            throw new NuxeoException("User already exists", SC_CONFLICT);
073        }
074    }
075
076    private void checkPrincipalHasAName(NuxeoPrincipal principal) {
077        if (principal.getName() == null) {
078            throw new NuxeoException("User MUST have a name", SC_BAD_REQUEST);
079        }
080    }
081
082    @Override
083    boolean isAPowerUserEditableArtifact(NuxeoPrincipal artifact) {
084        return isAPowerUserEditableUser(artifact);
085    }
086
087    static boolean isAPowerUserEditableUser(NuxeoPrincipal user) {
088        UserManager um = Framework.getService(UserManager.class);
089        List<String> adminGroups = um.getAdministratorsGroups();
090        for (String adminGroup : adminGroups) {
091            if (user.getAllGroups().contains(adminGroup)) {
092                return false;
093            }
094        }
095        return true;
096    }
097
098    @Override
099    protected PageProviderDefinition getPageProviderDefinition() {
100        PageProviderService ppService = Framework.getService(PageProviderService.class);
101        return ppService.getPageProviderDefinition(PAGE_PROVIDER_NAME);
102    }
103
104    @Override
105    protected Object[] getParams() {
106        return new Object[] { query };
107    }
108
109}