Source code

001/**
002 * Copyright 2014 Tampere University of Technology, Pori Department
003 * 
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 * 
008 *   http://www.apache.org/licenses/LICENSE-2.0
009 * 
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package service.tut.pori.users;
017
018import service.tut.pori.users.UserCore.Registration;
019import service.tut.pori.users.UserCore.RegistrationStatus;
020import core.tut.pori.http.Response;
021import core.tut.pori.http.Response.Status;
022import core.tut.pori.http.annotations.HTTPAuthenticationParameter;
023import core.tut.pori.http.annotations.HTTPMethodParameter;
024import core.tut.pori.http.annotations.HTTPService;
025import core.tut.pori.http.annotations.HTTPServiceMethod;
026import core.tut.pori.http.parameters.AuthenticationParameter;
027import core.tut.pori.http.parameters.InputStreamParameter;
028import core.tut.pori.http.parameters.LongParameter;
029import core.tut.pori.http.parameters.StringParameter;
030import core.tut.pori.users.ExternalAccountConnection.UserServiceType;
031import core.tut.pori.utils.XMLFormatter;
032
033/**
034 * User Service method declarations.
035 * 
036 * This chapter defines the APIs for registering a new account with the system, removing an existing account and retrieving the basic user details known by the system as well as retrieving a listing of the external accounts connected to a user account
037 *
038 */
039@HTTPService(name=Definitions.SERVICE_USERS) 
040public class UserService {
041  private XMLFormatter _formatter = new XMLFormatter();
042  
043  /**
044   * The request is to be sent in the body of POST method. The Content-Type header MUST be set to "text/xml". The character set MUST be UTF-8. For example, "Content-Type: text/xml; charset=UTF-8".
045   * 
046   * @param xml Details of the new user. See {@link service.tut.pori.users.UserCore.Registration}
047   * @return response
048   */
049  @HTTPServiceMethod(name=Definitions.METHOD_REGISTER, acceptedMethods={core.tut.pori.http.Definitions.METHOD_POST})
050  public Response register(@HTTPMethodParameter(name=InputStreamParameter.PARAMETER_DEFAULT_NAME, bodyParameter=true) InputStreamParameter xml) {
051    RegistrationStatus status = UserCore.register(_formatter.toObject(xml.getValue(), Registration.class));
052    if(status == RegistrationStatus.OK){
053      return new Response(); // 200 OK
054    }else{
055      Response r = new Response(Status.BAD_REQUEST);
056      r.setMessage(status.toStatusString());
057      return r;
058    } 
059  }
060  
061  /**
062   * This method will immediately revoke user login permissions for the authenticated user and schedule the removal of all content owned by the user. The content is removed in phases (service-by-service), and may not happen immediately.
063   * 
064   * @param authenticatedUser
065   */
066  @HTTPServiceMethod(name=Definitions.METHOD_UNREGISTER, acceptedMethods={core.tut.pori.http.Definitions.METHOD_POST})
067  public void unregister(@HTTPAuthenticationParameter AuthenticationParameter authenticatedUser) {
068    UserCore.unregister(authenticatedUser.getUserIdentity());
069  }
070  
071  /**
072   * This method can be used to retrieve all external account connections known by the system for the authenticated user.
073   * 
074   * @param authenticatedUser
075   * @param serviceTypes optional service type filter {@link core.tut.pori.users.ExternalAccountConnection.UserServiceType}
076   * @return See {@link service.tut.pori.users.ExternalAccountConnectionList}
077   */
078  @HTTPServiceMethod(name=Definitions.METHOD_GET_EXTERNAL_ACCOUNT_CONNECTIONS, acceptedMethods={core.tut.pori.http.Definitions.METHOD_GET})
079  public Response getExternalAccountConnections(
080      @HTTPAuthenticationParameter AuthenticationParameter authenticatedUser,
081      @HTTPMethodParameter(name = Definitions.PARAMETER_SERVICE_TYPE, required = false) StringParameter serviceTypes) 
082  {
083    return new Response(UserCore.getExternalAccountConnections(UserServiceType.fromUserServiceTypeStrings(serviceTypes.getValues()), authenticatedUser.getUserIdentity()));
084  }
085  
086  /**
087   * This method can be used to remove external account connection for the authenticated user.
088   * 
089   * @param authenticatedUser
090   * @param serviceTypes the service to remove {@link core.tut.pori.users.ExternalAccountConnection.UserServiceType}
091   */
092  @HTTPServiceMethod(name=Definitions.METHOD_DELETE_EXTERNAL_ACCOUNT_CONNECTION, acceptedMethods = {core.tut.pori.http.Definitions.METHOD_DELETE})
093  public void deleteExternalAccountConnection(
094      @HTTPAuthenticationParameter AuthenticationParameter authenticatedUser,
095      @HTTPMethodParameter(name = Definitions.PARAMETER_SERVICE_TYPE) StringParameter serviceTypes) 
096  {
097    UserCore.deleteExternalAccountConnections(UserServiceType.fromUserServiceTypeStrings(serviceTypes.getValues()), authenticatedUser.getUserIdentity());
098  }
099  
100  /**
101   * This method can be used to retrieve details for users.
102   * 
103   * @param authenticatedUser
104   * @param userIdFilter If parameter is missing, details for the authenticated user will be returned. Normal users only have permissions to their own accounts, an attempt to access details for other users will result in error.
105   * @return See {@link service.tut.pori.users.UserIdentityList}
106   */
107  @HTTPServiceMethod(name=Definitions.METHOD_GET_USER_DETAILS, acceptedMethods={core.tut.pori.http.Definitions.METHOD_GET})
108  public Response getUserDetails(
109      @HTTPAuthenticationParameter AuthenticationParameter authenticatedUser,
110      @HTTPMethodParameter(name=Definitions.PARAMETER_USER_ID, required=false) LongParameter userIdFilter
111      ) 
112  {
113    UserIdentityList list = UserCore.getUserDetails(authenticatedUser.getUserIdentity(), userIdFilter.getValues());
114    if(UserIdentityList.isEmpty(list)){ // if the details could not be retrieved, the user either tried to retrieve non-existing ids or ids he/she does not have permissions to access
115      return new Response(Status.FORBIDDEN);
116    }else{
117      return new Response(list);
118    }
119  }
120}