UserToGroupObject.java

/*
 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Contributors:
 *     dmetzler
 */
package org.nuxeo.ecm.restapi.server.jaxrs.usermanager;

import java.util.List;

import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;

import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.core.api.NuxeoGroup;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.ecm.webengine.WebException;
import org.nuxeo.ecm.webengine.model.WebObject;
import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException;
import org.nuxeo.ecm.webengine.model.impl.DefaultObject;
import org.nuxeo.runtime.api.Framework;

/**
 * @since 5.7.3
 */
@WebObject(type = "userToGroup")
public class UserToGroupObject extends DefaultObject {

    private NuxeoGroup group;

    private NuxeoPrincipal principal;

    @Override
    protected void initialize(Object... args) {
        if (args.length != 2) {
            throw new IllegalArgumentException("UserToGroup object takes two parameters");
        }
        principal = (NuxeoPrincipal) args[0];
        group = (NuxeoGroup) args[1];
    }

    @POST
    public Response doAddUserToGroup() {
        try {
            UserManager um = Framework.getLocalService(UserManager.class);
            checkPrincipalCanAdministerGroupAndUser(um);

            List<String> groups = principal.getGroups();
            groups.add(group.getName());
            principal.setGroups(groups);
            um.updateUser(principal.getModel());
            return Response.status(Status.CREATED).entity(um.getPrincipal(principal.getName())).build();
        } catch (NuxeoException e) {
            throw WebException.wrap(e);
        }
    }

    private void checkPrincipalCanAdministerGroupAndUser(UserManager um) {
        NuxeoPrincipal currentPrincipal = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal();
        if (!currentPrincipal.isAdministrator()) {
            if (!currentPrincipal.isMemberOf("powerusers") || !UserRootObject.isAPowerUserEditableUser(principal)
                    || !GroupRootObject.isAPowerUserEditableGroup(group)) {
                throw new WebSecurityException("Cannot edit user");
            }
        }

    }

    @DELETE
    public Response doRemoveUserFromGroup() {
        try {
            UserManager um = Framework.getLocalService(UserManager.class);
            checkPrincipalCanAdministerGroupAndUser(um);
            List<String> groups = principal.getGroups();
            groups.remove(group.getName());
            principal.setGroups(groups);
            um.updateUser(principal.getModel());
            return Response.ok(principal.getName()).build();
        } catch (NuxeoException e) {
            throw WebException.wrap(e);
        }
    }
}