001/* 002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * bstefanescu 018 * 019 * $Id$ 020 */ 021 022package org.nuxeo.ecm.core.rest.security; 023 024import java.util.ArrayList; 025import java.util.List; 026 027import javax.servlet.http.HttpServletRequest; 028import javax.ws.rs.GET; 029import javax.ws.rs.POST; 030import javax.ws.rs.Path; 031import javax.ws.rs.core.Response; 032 033import org.nuxeo.ecm.core.api.CoreSession; 034import org.nuxeo.ecm.core.api.DocumentModel; 035import org.nuxeo.ecm.core.api.NuxeoException; 036import org.nuxeo.ecm.core.api.NuxeoGroup; 037import org.nuxeo.ecm.core.api.NuxeoPrincipal; 038import org.nuxeo.ecm.core.api.security.ACE; 039import org.nuxeo.ecm.core.api.security.ACL; 040import org.nuxeo.ecm.core.api.security.ACP; 041import org.nuxeo.ecm.core.api.security.impl.ACLImpl; 042import org.nuxeo.ecm.core.api.security.impl.ACPImpl; 043import org.nuxeo.ecm.platform.usermanager.UserManager; 044import org.nuxeo.ecm.webengine.WebException; 045import org.nuxeo.ecm.webengine.model.Resource; 046import org.nuxeo.ecm.webengine.model.View; 047import org.nuxeo.ecm.webengine.model.WebAdapter; 048import org.nuxeo.ecm.webengine.model.impl.DefaultAdapter; 049import org.nuxeo.ecm.webengine.util.ACLUtils; 050import org.nuxeo.runtime.api.Framework; 051 052/** 053 * Version Service - manage document versions TODO not yet implemented 054 * <p> 055 * Accepts the following methods: 056 * <ul> 057 * <li>GET - get the last document version 058 * <li>DELETE - delete a version 059 * <li>POST - create a new version 060 * </ul> 061 * 062 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a> 063 */ 064@WebAdapter(name = "permissions", type = "PermissionService", targetType = "Document", targetFacets = { "Folderish" }) 065public class PermissionService extends DefaultAdapter { 066 067 @GET 068 public Object doGet() { 069 return new View(getTarget(), "permissions").resolve(); 070 } 071 072 @POST 073 @Path("add") 074 public Response postPermission() { 075 try { 076 HttpServletRequest req = ctx.getRequest(); 077 String action = req.getParameter("action"); 078 String permission = req.getParameter("permission"); 079 String username = req.getParameter("user"); 080 081 UserManager userManager = Framework.getService(UserManager.class); 082 NuxeoPrincipal user = userManager.getPrincipal(username); 083 if (user == null) { 084 NuxeoGroup group = userManager.getGroup(username); 085 if (group == null) { 086 return Response.status(500).build(); 087 } 088 } 089 ACPImpl acp = new ACPImpl(); 090 ACLImpl acl = new ACLImpl(ACL.LOCAL_ACL); 091 acp.addACL(acl); 092 boolean granted = "grant".equals(action); 093 ACE ace = new ACE(username, permission, granted); 094 acl.add(ace); 095 CoreSession session = ctx.getCoreSession(); 096 Resource target = getTarget(); 097 session.setACP(target.getAdapter(DocumentModel.class).getRef(), acp, false); 098 session.save(); 099 return redirect(target.getPath()); 100 } catch (NuxeoException e) { 101 throw WebException.wrap(e); 102 } 103 } 104 105 @POST 106 @Path("delete") 107 public Response postDeletePermission() { 108 return deletePermission(); 109 } 110 111 @GET 112 @Path("delete") 113 public Response deletePermission() { 114 try { 115 HttpServletRequest req = ctx.getRequest(); 116 String permission = req.getParameter("permission"); 117 String username = req.getParameter("user"); 118 CoreSession session = ctx.getCoreSession(); 119 Resource target = getTarget(); 120 ACLUtils.removePermission(session, target.getAdapter(DocumentModel.class).getRef(), username, permission); 121 session.save(); 122 return redirect(target.getPath()); 123 } catch (NuxeoException e) { 124 throw WebException.wrap(e); 125 } 126 } 127 128 public List<Permission> getPermissions() { 129 try { 130 ACP acp = ctx.getCoreSession().getACP(getTarget().getAdapter(DocumentModel.class).getRef()); 131 List<Permission> permissions = new ArrayList<Permission>(); 132 for (ACL acl : acp.getACLs()) { 133 for (ACE ace : acl.getACEs()) { 134 permissions.add(new Permission(ace.getUsername(), ace.getPermission(), ace.isGranted())); 135 } 136 } 137 return permissions; 138 } catch (NuxeoException e) { 139 throw WebException.wrap("Failed to get ACLs", e); 140 } 141 } 142 143}