1 package com.atlassian.refapp.auth.internal.rest;
2
3 import com.atlassian.refapp.auth.internal.RefappPermissions;
4 import com.atlassian.refapp.auth.internal.UserContextHelper;
5 import com.atlassian.seraph.auth.AuthenticationContext;
6 import com.atlassian.user.EntityException;
7 import com.atlassian.user.GroupManager;
8 import com.atlassian.user.User;
9 import com.atlassian.user.UserManager;
10 import com.atlassian.user.search.page.PagerUtils;
11 import com.google.common.collect.ImmutableList;
12 import com.google.common.collect.Ordering;
13 import org.apache.commons.lang.StringUtils;
14
15 import javax.ws.rs.Consumes;
16 import javax.ws.rs.DELETE;
17 import javax.ws.rs.GET;
18 import javax.ws.rs.PUT;
19 import javax.ws.rs.Path;
20 import javax.ws.rs.PathParam;
21 import javax.ws.rs.Produces;
22 import javax.ws.rs.WebApplicationException;
23 import javax.ws.rs.core.CacheControl;
24 import javax.ws.rs.core.MediaType;
25 import javax.ws.rs.core.Response;
26 import java.net.URI;
27 import java.util.List;
28
29 import static com.google.common.base.MoreObjects.firstNonNull;
30 import static java.util.Arrays.asList;
31 import static javax.ws.rs.core.Response.Status.BAD_REQUEST;
32 import static javax.ws.rs.core.Response.Status.FORBIDDEN;
33 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
34 import static org.apache.commons.lang.StringUtils.capitalize;
35
36
37
38
39
40
41 @Consumes(MediaType.APPLICATION_JSON)
42 @Produces(MediaType.APPLICATION_JSON)
43 @Path("users")
44 public class UserManagementResource {
45
46 private final UserManager userManager;
47 private final GroupManager groupManager;
48
49 private final UserContextHelper userContextHelper;
50
51 public UserManagementResource(AuthenticationContext authenticationContext, UserManager userManager,
52 GroupManager groupManager) {
53 this.userManager = userManager;
54 this.groupManager = groupManager;
55
56 this.userContextHelper = new UserContextHelper(authenticationContext, userManager, groupManager);
57 }
58
59 @GET
60 @SuppressWarnings("unchecked")
61 public Response getAllUsers() throws Exception {
62 checkAdminPermission();
63
64 List<User> users = PagerUtils.toList(userManager.getUsers());
65 ImmutableList.Builder<RestUser> restUsers = ImmutableList.builder();
66 for (User user : users) {
67 restUsers.add(createRestUser(user, getPermissionLevel(user)));
68 }
69
70 return Response.ok(restUsers.build()).build();
71 }
72
73 @GET
74 @Path("{username}")
75 public Response getUser(@PathParam("username") String username) throws Exception {
76 checkAdminPermission();
77 checkUsername(username);
78
79 User user = userManager.getUser(username);
80 if (user == null) {
81 return Response.status(NOT_FOUND)
82 .cacheControl(noCache())
83 .entity(new RestError(null, String.format("User with username '%s' not found", username)))
84 .build();
85 }
86
87 return Response.ok(createRestUser(user, getPermissionLevel(user))).build();
88 }
89
90 @PUT
91 @Path("{username}")
92 public Response createOrUpdateUser(@PathParam("username") String username, RestUser userData) throws Exception {
93 checkAdminPermission();
94 checkUsername(username);
95
96 String email = firstNonNull(userData.email, username + "@example.com");
97 String fullName = firstNonNull(userData.fullName, capitalize(username));
98 RefappPermissions permissionLevel = firstNonNull(userData.permissionLevel, RefappPermissions.USER);
99
100 User user = userManager.createUser(username);
101 user.setEmail(email);
102 user.setFullName(fullName);
103 userManager.saveUser(user);
104 userManager.alterPassword(user, username);
105
106 for (RefappPermissions permission : RefappPermissions.values()) {
107 if (permission.compareTo(permissionLevel) <= 0) {
108 addMembership(permission.groupName(), user);
109 }
110 }
111
112
113 return Response.created(URI.create("")).entity(createRestUser(user, permissionLevel)).build();
114 }
115
116 @DELETE
117 @Path("{username}")
118 public Response removeUser(@PathParam("username") String username) throws Exception {
119 checkAdminPermission();
120 checkUsername(username);
121
122 User user = userManager.getUser(username);
123 if (user != null) {
124 userManager.removeUser(user);
125 }
126
127 return Response.noContent().build();
128 }
129
130 private void checkAdminPermission() {
131 if (!userContextHelper.isRemoteUserSystemAdministrator() && !userContextHelper.isRemoteUserAdministrator()) {
132 throw new WebApplicationException(Response.status(FORBIDDEN)
133 .entity(new RestError(null, "You need administrator permission to access this resource"))
134 .cacheControl(noCache())
135 .build());
136 }
137 }
138
139 private void checkUsername(@PathParam("username") String username) {
140 if (StringUtils.isEmpty(username)) {
141 throw new WebApplicationException(Response.status(BAD_REQUEST)
142 .entity(new RestError("username", "Username not set"))
143 .cacheControl(noCache())
144 .build());
145 }
146 }
147
148 private RestUser createRestUser(User user, RefappPermissions permissionLevel) {
149 RestUser restUser = new RestUser();
150 restUser.name = user.getName();
151 restUser.fullName = user.getFullName();
152 restUser.email = user.getEmail();
153 restUser.permissionLevel = permissionLevel;
154
155 return restUser;
156 }
157
158 private void addMembership(String groupName, User user) throws EntityException {
159 groupManager.addMembership(groupManager.getGroup(groupName), user);
160 }
161
162 private RefappPermissions getPermissionLevel(User user) throws EntityException {
163 for (RefappPermissions permission : Ordering.natural().reverse().immutableSortedCopy(asList(RefappPermissions.values()))) {
164 if (isMember(user, permission.groupName())) {
165 return permission;
166 }
167 }
168 return RefappPermissions.USER;
169 }
170
171 private boolean isMember(User user, String group) throws EntityException {
172 return groupManager.hasMembership(groupManager.getGroup(group), user);
173 }
174
175 private static CacheControl noCache() {
176 CacheControl cacheControl = new CacheControl();
177 cacheControl.setNoCache(true);
178 cacheControl.setNoStore(true);
179 return cacheControl;
180 }
181 }