001/*
002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     dmetzler
018 */
019package org.nuxeo.ecm.restapi.server.jaxrs.usermanager;
020
021import java.util.List;
022
023import javax.servlet.http.HttpServletRequest;
024import javax.ws.rs.GET;
025import javax.ws.rs.POST;
026import javax.ws.rs.Path;
027import javax.ws.rs.PathParam;
028import javax.ws.rs.core.Response;
029import javax.ws.rs.core.Response.Status;
030
031import org.nuxeo.ecm.core.api.NuxeoPrincipal;
032import org.nuxeo.ecm.platform.usermanager.UserManager;
033import org.nuxeo.ecm.restapi.server.jaxrs.PaginableObject;
034import org.nuxeo.ecm.webengine.model.exceptions.WebResourceNotFoundException;
035import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException;
036import org.nuxeo.runtime.api.Framework;
037
038public abstract class AbstractUMRootObject<T> extends PaginableObject<T> {
039
040    protected String query;
041
042    protected UserManager um;
043
044    @Override
045    protected void initialize(Object... args) {
046        super.initialize(args);
047        um = Framework.getService(UserManager.class);
048
049        final HttpServletRequest request = ctx.getRequest();
050        query = request.getParameter("q");
051    }
052
053    // match everything until:
054    // - '/@' for web adapters
055    // - '/user/' or '/group/' when adding a user to a group
056    @Path("{artName:((?:(?!(/@|(/user/|/group/))).)*)}")
057    public Object getArtifactWebObject(@PathParam("artName") String artName) {
058        T artifact = getArtifact(artName);
059        if (artifact == null) {
060            throw new WebResourceNotFoundException(getArtifactType() + " does not exist");
061        }
062        return newObject(getArtifactType(), artifact);
063    }
064
065    @POST
066    public Response createNew(T artifact) {
067        checkPrecondition(artifact);
068        artifact = createArtifact(artifact);
069        return Response.status(Status.CREATED).entity(artifact).build();
070    }
071
072    @GET
073    @Path("search")
074    public List<T> search() {
075        return getPaginableEntries();
076    }
077
078    @Override
079    protected Object[] getParams() {
080        return new Object[] { query };
081    }
082
083    /**
084     * Returns the artifact given its id.
085     */
086    protected abstract T getArtifact(String id);
087
088    /**
089     * Returns the type of the current artifact needed for {@link #newObject(String, Object...)}.
090     */
091    protected abstract String getArtifactType();
092
093    /**
094     * Checks the precondition to create an artifact (for instance validity, duplicate detection, guards...).
095     */
096    protected abstract void checkPrecondition(T artifact);
097
098    /**
099     * Persist an artifact in the underlying persistence system.
100     */
101    protected abstract T createArtifact(T artifact);
102
103    protected void checkCurrentUserCanCreateArtifact(T artifact) {
104        NuxeoPrincipal currentUser = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal();
105        if (!currentUser.isAdministrator()) {
106            if (!currentUser.isMemberOf("powerusers") || !isAPowerUserEditableArtifact(artifact)) {
107                throw new WebSecurityException("Cannot create artifact");
108            }
109        }
110    }
111
112    abstract boolean isAPowerUserEditableArtifact(T artifact);
113
114}