/**
*
* Copyright (c) 2009-2016 Freedomotic team http://freedomotic.com
*
* This file is part of Freedomotic
*
* This Program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2, or (at your option) any later version.
*
* This Program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Freedomotic; see the file COPYING. If not, see
* <http://www.gnu.org/licenses/>.
*/
package com.freedomotic.plugins.devices.restapiv3.resources.atmosphere;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.AnnotationIntrospector;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.introspect.AnnotationIntrospectorPair;
import com.fasterxml.jackson.databind.introspect.JacksonAnnotationIntrospector;
import com.fasterxml.jackson.databind.type.TypeFactory;
import com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector;
import com.freedomotic.api.API;
import com.freedomotic.api.EventTemplate;
import com.freedomotic.app.FreedomoticInjector;
import com.freedomotic.plugins.devices.restapiv3.RestAPIv3;
import com.freedomotic.plugins.devices.restapiv3.representations.PermissionCheckRepresentation;
import com.freedomotic.security.User;
import com.google.inject.Guice;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.wordnik.swagger.annotations.Api;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import org.apache.shiro.subject.Subject;
import org.atmosphere.config.service.AtmosphereService;
import org.atmosphere.cpr.ApplicationConfig;
import org.atmosphere.cpr.AtmosphereResource;
import org.atmosphere.cpr.FrameworkConfig;
import org.atmosphere.interceptor.AtmosphereResourceLifecycleInterceptor;
import org.atmosphere.interceptor.ShiroInterceptor;
/**
*
* @author Matteo Mazzoni
*/
@Path(AtmospherePermissionCheckResource.PATH)
@Api(value = "ws_permissionCheck", description = "WS for checking current user permissions", position = 10)
@AtmosphereService(
dispatch = false,
interceptors = {AtmosphereResourceLifecycleInterceptor.class, ShiroInterceptor.class},
path = "/" + RestAPIv3.API_VERSION + "/ws/" + AtmospherePermissionCheckResource.PATH,
servlet = "org.glassfish.jersey.servlet.ServletContainer")
public class AtmospherePermissionCheckResource {
public final static String PATH = "ispermitted";
private final static Injector INJECTOR = Guice.createInjector(new FreedomoticInjector());
private final static API api = INJECTOR.getInstance(API.class);
protected ObjectMapper om;
public AtmospherePermissionCheckResource() {
om = new ObjectMapper();
// JAXB annotation
AnnotationIntrospector jaxbIntrospector = new JaxbAnnotationIntrospector(TypeFactory.defaultInstance());
AnnotationIntrospector jacksonIntrospector = new JacksonAnnotationIntrospector();
om.setAnnotationIntrospector(new AnnotationIntrospectorPair(jaxbIntrospector, jacksonIntrospector));
}
@Context
private HttpServletRequest request;
@POST
public void query(String permission) {
if (api != null) {
AtmosphereResource r = (AtmosphereResource) request.getAttribute(ApplicationConfig.ATMOSPHERE_RESOURCE);
if (r != null) {
Subject sub = (Subject) r.getRequest().getAttribute(FrameworkConfig.SECURITY_SUBJECT);
User u = api.getAuth().getUser(sub.getPrincipal().toString());
Boolean permOK = u.isPermitted(permission);
PermissionCheckRepresentation p = new PermissionCheckRepresentation(u.getName(), permission, permOK);
try {
r.getResponse().write(om.writeValueAsString(p));
} catch (JsonProcessingException ex) {
}
} else {
throw new IllegalStateException();
}
}
}
}