package org.gcube.gcat.rest.administration; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; import javax.ws.rs.ForbiddenException; import javax.ws.rs.GET; //import javax.ws.rs.NotAuthorizedException; import javax.ws.rs.POST; import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import org.gcube.common.authorization.utils.manager.SecretManager; import org.gcube.common.authorization.utils.manager.SecretManagerProvider; import org.gcube.gcat.annotation.PURGE; //import org.gcube.common.authorization.control.annotations.AuthorizationControl; import org.gcube.gcat.api.GCatConstants; import org.gcube.gcat.api.roles.Role; //import org.gcube.gcat.api.roles.Role; import org.gcube.gcat.persistence.ckan.CKANUser; import org.gcube.gcat.persistence.ckan.CKANUserCache; import org.gcube.gcat.rest.REST; import com.webcohesion.enunciate.metadata.rs.ResourceGroup; import com.webcohesion.enunciate.metadata.rs.ResourceLabel; /** * @author Luca Frosini (ISTI - CNR) */ @Path(User.USERS) @ResourceGroup("Administration APIs") @ResourceLabel("User APIs") public class User extends REST implements org.gcube.gcat.api.interfaces.User { protected static final String GCUBE_USERNAME_PARAMETER = "GCUBE_USERNAME"; protected static final String CKAN_USER_ID_PARAMETER = "USER_ID"; public User() { super(USERS, CKAN_USER_ID_PARAMETER, CKANUser.class); } @GET @Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8) // @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class) public String list() { return super.list(-1, -1); } @POST @Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8) @Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8) @Override // @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class) public Response create(String json) { return super.create(json); } @GET @Path("/{" + CKAN_USER_ID_PARAMETER + "}") @Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8) @Override // @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class) public String read(@PathParam(CKAN_USER_ID_PARAMETER) String username) { return super.read(username); } @PUT @Path("/{" + CKAN_USER_ID_PARAMETER + "}") @Consumes(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8) @Produces(GCatConstants.APPLICATION_JSON_CHARSET_UTF_8) @Override // @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class) public String update(@PathParam(CKAN_USER_ID_PARAMETER) String username, String json) { return super.update(username, json); } @PURGE @Path("/{" + CKAN_USER_ID_PARAMETER + "}") // @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class) public Response purge(@PathParam(CKAN_USER_ID_PARAMETER) String username) { return super.delete(username, true); } @DELETE // @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class) public Response removeCallerFromCache() { SecretManager secretManager = SecretManagerProvider.instance.get(); org.gcube.common.authorization.utils.user.User user = secretManager.getUser(); if(user.getRoles().contains(Role.MANAGER.getPortalRole())) { CKANUserCache.removeUserFromCache(); }else { throw new ForbiddenException("Only " + Role.MANAGER.getPortalRole() + "s are authorized to remove an user from the cache"); } return Response.status(Status.NO_CONTENT).build(); } @DELETE @Path("/{" + GCUBE_USERNAME_PARAMETER + "}") // @AuthorizationControl(allowedRoles={Role.CATALOGUE_MANAGER}, exception=NotAuthorizedException.class) public Response removeUserFromCache(@PathParam(GCUBE_USERNAME_PARAMETER) String username) { SecretManager secretManager = SecretManagerProvider.instance.get(); org.gcube.common.authorization.utils.user.User user = secretManager.getUser(); if(user.getRoles().contains(Role.MANAGER.getPortalRole())) { CKANUserCache.removeUserFromCache(username); }else { throw new ForbiddenException("Only " + Role.MANAGER.getPortalRole() + "s are authorized to remove an user from the cache"); } return Response.status(Status.NO_CONTENT).build(); } }