001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 */ 020 021package org.nuxeo.scim.server.jaxrs.usermanager; 022 023import javax.ws.rs.core.MediaType; 024 025import org.apache.commons.logging.Log; 026import org.apache.commons.logging.LogFactory; 027import org.nuxeo.ecm.core.api.NuxeoPrincipal; 028import org.nuxeo.ecm.platform.usermanager.UserManager; 029import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper; 030import org.nuxeo.ecm.webengine.WebEngine; 031import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException; 032import org.nuxeo.ecm.webengine.model.impl.DefaultObject; 033import org.nuxeo.runtime.api.Framework; 034import org.nuxeo.scim.server.mapper.AbstractMapper; 035import org.nuxeo.scim.server.mapper.UserMapperFactory; 036 037/** 038 * Base class used for all WebObject associated to SCIM Domain model 039 * 040 * @author tiry 041 * @since 7.4 042 */ 043 044public abstract class BaseUMObject extends DefaultObject { 045 046 protected static Log log = LogFactory.getLog(SCIMUserWebObject.class); 047 048 protected UserManager um; 049 050 protected AbstractMapper mapper; 051 052 protected String baseUrl; 053 054 // default to JSON 055 protected MediaType fixeMediaType = null; 056 057 public BaseUMObject() { 058 super(); 059 } 060 061 protected abstract String getPrefix(); 062 063 @Override 064 protected void initialize(Object... args) { 065 um = Framework.getService(UserManager.class); 066 // build base url 067 baseUrl = VirtualHostHelper.getBaseURL(WebEngine.getActiveContext().getRequest()); 068 while (baseUrl.endsWith("/")) { 069 baseUrl = baseUrl.substring(0, baseUrl.length() - 1); 070 } 071 baseUrl = baseUrl + WebEngine.getActiveContext().getUrlPath(); 072 // remove end of url 073 int idx = baseUrl.lastIndexOf(getPrefix()); 074 if (idx > 0) { 075 baseUrl = baseUrl.substring(0, idx + getPrefix().length()); 076 } 077 mapper = UserMapperFactory.getMapper(baseUrl); 078 079 if (args != null && args.length > 0) { 080 fixeMediaType = (MediaType) args[0]; 081 } 082 if (fixeMediaType == null) { 083 String accept = WebEngine.getActiveContext().getRequest().getHeader("Accept"); 084 if (accept != null && accept.toLowerCase().contains("application/xml")) { 085 fixeMediaType = MediaType.APPLICATION_XML_TYPE; 086 } else { 087 fixeMediaType = MediaType.APPLICATION_JSON_TYPE; 088 } 089 } 090 } 091 092 protected void checkUpdateGuardPreconditions() { 093 NuxeoPrincipal principal = getContext().getCoreSession().getPrincipal(); 094 if (!principal.isAdministrator()) { 095 if ((!principal.isMemberOf("powerusers")) || !isAPowerUserEditableArtifact()) { 096 097 throw new WebSecurityException("User is not allowed to edit users"); 098 } 099 } 100 } 101 102 /** 103 * Check that the current artifact is editable by a power user. Basically this means not an admin user or not an 104 * admin group. 105 */ 106 protected boolean isAPowerUserEditableArtifact() { 107 return false; 108 } 109 110}