PermissionService.java

/*
 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Contributors:
 *     bstefanescu
 *
 * $Id$
 */

package org.nuxeo.ecm.core.rest.security;

import java.util.ArrayList;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Response;

import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.core.api.NuxeoGroup;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.impl.ACLImpl;
import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.ecm.webengine.WebException;
import org.nuxeo.ecm.webengine.model.Resource;
import org.nuxeo.ecm.webengine.model.View;
import org.nuxeo.ecm.webengine.model.WebAdapter;
import org.nuxeo.ecm.webengine.model.impl.DefaultAdapter;
import org.nuxeo.ecm.webengine.util.ACLUtils;
import org.nuxeo.runtime.api.Framework;

/**
 * Version Service - manage document versions TODO not yet implemented
 * <p>
 * Accepts the following methods:
 * <ul>
 * <li>GET - get the last document version
 * <li>DELETE - delete a version
 * <li>POST - create a new version
 * </ul>
 *
 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a>
 */
@WebAdapter(name = "permissions", type = "PermissionService", targetType = "Document", targetFacets = { "Folderish" })
public class PermissionService extends DefaultAdapter {

    @GET
    public Object doGet() {
        return new View(getTarget(), "permissions").resolve();
    }

    @POST
    @Path("add")
    public Response postPermission() {
        try {
            HttpServletRequest req = ctx.getRequest();
            String action = req.getParameter("action");
            String permission = req.getParameter("permission");
            String username = req.getParameter("user");

            UserManager userManager = Framework.getService(UserManager.class);
            NuxeoPrincipal user = userManager.getPrincipal(username);
            if (user == null) {
                NuxeoGroup group = userManager.getGroup(username);
                if (group == null) {
                    return Response.status(500).build();
                }
            }
            ACPImpl acp = new ACPImpl();
            ACLImpl acl = new ACLImpl(ACL.LOCAL_ACL);
            acp.addACL(acl);
            boolean granted = "grant".equals(action);
            ACE ace = new ACE(username, permission, granted);
            acl.add(ace);
            CoreSession session = ctx.getCoreSession();
            Resource target = getTarget();
            session.setACP(target.getAdapter(DocumentModel.class).getRef(), acp, false);
            session.save();
            return redirect(target.getPath());
        } catch (NuxeoException e) {
            throw WebException.wrap(e);
        }
    }

    @POST
    @Path("delete")
    public Response postDeletePermission() {
        return deletePermission();
    }

    @GET
    @Path("delete")
    public Response deletePermission() {
        try {
            HttpServletRequest req = ctx.getRequest();
            String permission = req.getParameter("permission");
            String username = req.getParameter("user");
            CoreSession session = ctx.getCoreSession();
            Resource target = getTarget();
            ACLUtils.removePermission(session, target.getAdapter(DocumentModel.class).getRef(), username, permission);
            session.save();
            return redirect(target.getPath());
        } catch (NuxeoException e) {
            throw WebException.wrap(e);
        }
    }

    public List<Permission> getPermissions() {
        try {
            ACP acp = ctx.getCoreSession().getACP(getTarget().getAdapter(DocumentModel.class).getRef());
            List<Permission> permissions = new ArrayList<Permission>();
            for (ACL acl : acp.getACLs()) {
                for (ACE ace : acl.getACEs()) {
                    permissions.add(new Permission(ace.getUsername(), ace.getPermission(), ace.isGranted()));
                }
            }
            return permissions;
        } catch (NuxeoException e) {
            throw WebException.wrap("Failed to get ACLs", e);
        }
    }

}