001/* 002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * dmetzler 018 */ 019package org.nuxeo.ecm.restapi.server.jaxrs.usermanager; 020 021import java.util.List; 022 023import javax.ws.rs.DELETE; 024import javax.ws.rs.POST; 025import javax.ws.rs.core.Response; 026import javax.ws.rs.core.Response.Status; 027 028import org.nuxeo.ecm.core.api.NuxeoException; 029import org.nuxeo.ecm.core.api.NuxeoGroup; 030import org.nuxeo.ecm.core.api.NuxeoPrincipal; 031import org.nuxeo.ecm.platform.usermanager.UserManager; 032import org.nuxeo.ecm.webengine.WebException; 033import org.nuxeo.ecm.webengine.model.WebObject; 034import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException; 035import org.nuxeo.ecm.webengine.model.impl.DefaultObject; 036import org.nuxeo.runtime.api.Framework; 037 038/** 039 * @since 5.7.3 040 */ 041@WebObject(type = "userToGroup") 042public class UserToGroupObject extends DefaultObject { 043 044 private NuxeoGroup group; 045 046 private NuxeoPrincipal principal; 047 048 @Override 049 protected void initialize(Object... args) { 050 if (args.length != 2) { 051 throw new IllegalArgumentException("UserToGroup object takes two parameters"); 052 } 053 principal = (NuxeoPrincipal) args[0]; 054 group = (NuxeoGroup) args[1]; 055 } 056 057 @POST 058 public Response doAddUserToGroup() { 059 try { 060 UserManager um = Framework.getLocalService(UserManager.class); 061 checkPrincipalCanAdministerGroupAndUser(um); 062 063 List<String> groups = principal.getGroups(); 064 groups.add(group.getName()); 065 principal.setGroups(groups); 066 um.updateUser(principal.getModel()); 067 return Response.status(Status.CREATED).entity(um.getPrincipal(principal.getName())).build(); 068 } catch (NuxeoException e) { 069 throw WebException.wrap(e); 070 } 071 } 072 073 private void checkPrincipalCanAdministerGroupAndUser(UserManager um) { 074 NuxeoPrincipal currentPrincipal = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal(); 075 if (!currentPrincipal.isAdministrator()) { 076 if (!currentPrincipal.isMemberOf("powerusers") || !UserRootObject.isAPowerUserEditableUser(principal) 077 || !GroupRootObject.isAPowerUserEditableGroup(group)) { 078 throw new WebSecurityException("Cannot edit user"); 079 } 080 } 081 082 } 083 084 @DELETE 085 public Response doRemoveUserFromGroup() { 086 try { 087 UserManager um = Framework.getLocalService(UserManager.class); 088 checkPrincipalCanAdministerGroupAndUser(um); 089 List<String> groups = principal.getGroups(); 090 groups.remove(group.getName()); 091 principal.setGroups(groups); 092 um.updateUser(principal.getModel()); 093 return Response.ok(principal.getName()).build(); 094 } catch (NuxeoException e) { 095 throw WebException.wrap(e); 096 } 097 } 098}