001/* 002 * (C) Copyright 2006-2008 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * bstefanescu 016 * 017 * $Id$ 018 */ 019 020package org.nuxeo.ecm.core.rest.security; 021 022import java.util.ArrayList; 023import java.util.List; 024 025import javax.servlet.http.HttpServletRequest; 026import javax.ws.rs.GET; 027import javax.ws.rs.POST; 028import javax.ws.rs.Path; 029import javax.ws.rs.core.Response; 030 031import org.nuxeo.ecm.core.api.CoreSession; 032import org.nuxeo.ecm.core.api.DocumentModel; 033import org.nuxeo.ecm.core.api.NuxeoException; 034import org.nuxeo.ecm.core.api.NuxeoGroup; 035import org.nuxeo.ecm.core.api.NuxeoPrincipal; 036import org.nuxeo.ecm.core.api.security.ACE; 037import org.nuxeo.ecm.core.api.security.ACL; 038import org.nuxeo.ecm.core.api.security.ACP; 039import org.nuxeo.ecm.core.api.security.impl.ACLImpl; 040import org.nuxeo.ecm.core.api.security.impl.ACPImpl; 041import org.nuxeo.ecm.platform.usermanager.UserManager; 042import org.nuxeo.ecm.webengine.WebException; 043import org.nuxeo.ecm.webengine.model.Resource; 044import org.nuxeo.ecm.webengine.model.View; 045import org.nuxeo.ecm.webengine.model.WebAdapter; 046import org.nuxeo.ecm.webengine.model.impl.DefaultAdapter; 047import org.nuxeo.ecm.webengine.util.ACLUtils; 048import org.nuxeo.runtime.api.Framework; 049 050/** 051 * Version Service - manage document versions TODO not yet implemented 052 * <p> 053 * Accepts the following methods: 054 * <ul> 055 * <li>GET - get the last document version 056 * <li>DELETE - delete a version 057 * <li>POST - create a new version 058 * </ul> 059 * 060 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a> 061 */ 062@WebAdapter(name = "permissions", type = "PermissionService", targetType = "Document", targetFacets = { "Folderish" }) 063public class PermissionService extends DefaultAdapter { 064 065 @GET 066 public Object doGet() { 067 return new View(getTarget(), "permissions").resolve(); 068 } 069 070 @POST 071 @Path("add") 072 public Response postPermission() { 073 try { 074 HttpServletRequest req = ctx.getRequest(); 075 String action = req.getParameter("action"); 076 String permission = req.getParameter("permission"); 077 String username = req.getParameter("user"); 078 079 UserManager userManager = Framework.getService(UserManager.class); 080 NuxeoPrincipal user = userManager.getPrincipal(username); 081 if (user == null) { 082 NuxeoGroup group = userManager.getGroup(username); 083 if (group == null) { 084 return Response.status(500).build(); 085 } 086 } 087 ACPImpl acp = new ACPImpl(); 088 ACLImpl acl = new ACLImpl(ACL.LOCAL_ACL); 089 acp.addACL(acl); 090 boolean granted = "grant".equals(action); 091 ACE ace = new ACE(username, permission, granted); 092 acl.add(ace); 093 CoreSession session = ctx.getCoreSession(); 094 Resource target = getTarget(); 095 session.setACP(target.getAdapter(DocumentModel.class).getRef(), acp, false); 096 session.save(); 097 return redirect(target.getPath()); 098 } catch (NuxeoException e) { 099 throw WebException.wrap(e); 100 } 101 } 102 103 @POST 104 @Path("delete") 105 public Response postDeletePermission() { 106 return deletePermission(); 107 } 108 109 @GET 110 @Path("delete") 111 public Response deletePermission() { 112 try { 113 HttpServletRequest req = ctx.getRequest(); 114 String permission = req.getParameter("permission"); 115 String username = req.getParameter("user"); 116 CoreSession session = ctx.getCoreSession(); 117 Resource target = getTarget(); 118 ACLUtils.removePermission(session, target.getAdapter(DocumentModel.class).getRef(), username, permission); 119 session.save(); 120 return redirect(target.getPath()); 121 } catch (NuxeoException e) { 122 throw WebException.wrap(e); 123 } 124 } 125 126 public List<Permission> getPermissions() { 127 try { 128 ACP acp = ctx.getCoreSession().getACP(getTarget().getAdapter(DocumentModel.class).getRef()); 129 List<Permission> permissions = new ArrayList<Permission>(); 130 for (ACL acl : acp.getACLs()) { 131 for (ACE ace : acl.getACEs()) { 132 permissions.add(new Permission(ace.getUsername(), ace.getPermission(), ace.isGranted())); 133 } 134 } 135 return permissions; 136 } catch (NuxeoException e) { 137 throw WebException.wrap("Failed to get ACLs", e); 138 } 139 } 140 141}