001/* 002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * dmetzler 018 */ 019package org.nuxeo.ecm.restapi.server.jaxrs.usermanager; 020 021import java.util.List; 022 023import javax.servlet.http.HttpServletRequest; 024import javax.ws.rs.GET; 025import javax.ws.rs.POST; 026import javax.ws.rs.Path; 027import javax.ws.rs.PathParam; 028import javax.ws.rs.core.Response; 029import javax.ws.rs.core.Response.Status; 030 031import org.nuxeo.ecm.core.api.NuxeoPrincipal; 032import org.nuxeo.ecm.platform.usermanager.UserManager; 033import org.nuxeo.ecm.restapi.server.jaxrs.PaginableObject; 034import org.nuxeo.ecm.webengine.model.exceptions.WebResourceNotFoundException; 035import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException; 036import org.nuxeo.runtime.api.Framework; 037 038public abstract class AbstractUMRootObject<T> extends PaginableObject<T> { 039 040 protected String query; 041 042 protected UserManager um; 043 044 @Override 045 protected void initialize(Object... args) { 046 super.initialize(args); 047 um = Framework.getService(UserManager.class); 048 049 final HttpServletRequest request = ctx.getRequest(); 050 query = request.getParameter("q"); 051 } 052 053 // match everything until: 054 // - '/@' for web adapters 055 // - '/user/' or '/group/' when adding a user to a group 056 @Path("{artName:((?:(?!(/@|(/user/|/group/))).)*)}") 057 public Object getArtifactWebObject(@PathParam("artName") String artName) { 058 T artifact = getArtifact(artName); 059 if (artifact == null) { 060 throw new WebResourceNotFoundException(getArtifactType() + " does not exist"); 061 } 062 return newObject(getArtifactType(), artifact); 063 } 064 065 @POST 066 public Response createNew(T artifact) { 067 checkPrecondition(artifact); 068 artifact = createArtifact(artifact); 069 return Response.status(Status.CREATED).entity(artifact).build(); 070 } 071 072 @GET 073 @Path("search") 074 public List<T> search() { 075 return getPaginableEntries(); 076 } 077 078 @Override 079 protected Object[] getParams() { 080 return new Object[] { query }; 081 } 082 083 /** 084 * Returns the artifact given its id. 085 */ 086 protected abstract T getArtifact(String id); 087 088 /** 089 * Returns the type of the current artifact needed for {@link #newObject(String, Object...)}. 090 */ 091 protected abstract String getArtifactType(); 092 093 /** 094 * Checks the precondition to create an artifact (for instance validity, duplicate detection, guards...). 095 */ 096 protected abstract void checkPrecondition(T artifact); 097 098 /** 099 * Persist an artifact in the underlying persistence system. 100 */ 101 protected abstract T createArtifact(T artifact); 102 103 protected void checkCurrentUserCanCreateArtifact(T artifact) { 104 NuxeoPrincipal currentUser = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal(); 105 if (!currentUser.isAdministrator()) { 106 if (!currentUser.isMemberOf("powerusers") || !isAPowerUserEditableArtifact(artifact)) { 107 throw new WebSecurityException("Cannot create artifact"); 108 } 109 } 110 } 111 112 abstract boolean isAPowerUserEditableArtifact(T artifact); 113 114}