Skip to content
Toggle navigation
Projects
Groups
Snippets
Help
Codecrew
/
Moya
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
30
Merge Requests
2
Wiki
Snippets
Settings
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit f193b250
authored
Mar 29, 2015
by
Juho Juopperi
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
permission checks
1 parent
29987f1f
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
20 additions
and
2 deletions
code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java
code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java
View file @
f193b25
...
@@ -37,6 +37,7 @@ import javax.ws.rs.core.Response;
...
@@ -37,6 +37,7 @@ import javax.ws.rs.core.Response;
import
javax.ws.rs.core.Response.ResponseBuilder
;
import
javax.ws.rs.core.Response.ResponseBuilder
;
import
javax.ws.rs.core.Response.Status
;
import
javax.ws.rs.core.Response.Status
;
import
fi.codecrew.moya.enums.apps.UserPermission
;
import
fi.codecrew.moya.model.*
;
import
fi.codecrew.moya.model.*
;
import
org.slf4j.Logger
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.slf4j.LoggerFactory
;
...
@@ -274,8 +275,13 @@ public class UserRestView {
...
@@ -274,8 +275,13 @@ public class UserRestView {
@Produces
({
MediaType
.
APPLICATION_JSON
})
@Produces
({
MediaType
.
APPLICATION_JSON
})
@Consumes
(
MediaType
.
APPLICATION_FORM_URLENCODED
)
@Consumes
(
MediaType
.
APPLICATION_FORM_URLENCODED
)
@ApiOperation
(
value
=
"Create user"
,
response
=
EventUserRestPojo
.
class
)
@ApiOperation
(
value
=
"Create user"
,
response
=
EventUserRestPojo
.
class
)
public
EventUserRestPojo
createEventUser
()
{
public
Response
createEventUser
()
{
return
null
;
if
(
permbean
.
hasPermission
(
UserPermission
.
CREATE_NEW
)
==
false
)
{
return
Response
.
status
(
Status
.
FORBIDDEN
).
build
();
}
return
Response
.
status
(
Status
.
NOT_IMPLEMENTED
).
build
();
}
}
...
@@ -286,6 +292,9 @@ public class UserRestView {
...
@@ -286,6 +292,9 @@ public class UserRestView {
public
Response
getEventUser
(
@QueryParam
(
"email"
)
@ApiParam
(
"Email address"
)
String
email
,
public
Response
getEventUser
(
@QueryParam
(
"email"
)
@ApiParam
(
"Email address"
)
String
email
,
@QueryParam
(
"login"
)
@ApiParam
(
"Username"
)
String
userName
)
{
@QueryParam
(
"login"
)
@ApiParam
(
"Username"
)
String
userName
)
{
try
{
try
{
if
(
permbean
.
hasPermission
(
UserPermission
.
VIEW_ALL
)
==
false
)
{
return
Response
.
status
(
Status
.
FORBIDDEN
).
build
();
}
// If username not given, try to find username by email
// If username not given, try to find username by email
if
(
userName
==
null
||
userName
.
isEmpty
())
{
if
(
userName
==
null
||
userName
.
isEmpty
())
{
...
@@ -315,6 +324,9 @@ public class UserRestView {
...
@@ -315,6 +324,9 @@ public class UserRestView {
public
Response
checkPassword
(
@PathParam
(
"userid"
)
@ApiParam
(
"User ID"
)
Integer
userId
,
public
Response
checkPassword
(
@PathParam
(
"userid"
)
@ApiParam
(
"User ID"
)
Integer
userId
,
@FormParam
(
"password"
)
@ApiParam
(
"Password"
)
String
password
)
{
@FormParam
(
"password"
)
@ApiParam
(
"Password"
)
String
password
)
{
try
{
try
{
if
(
permbean
.
hasPermission
(
UserPermission
.
VIEW_ALL
)
==
false
)
{
return
Response
.
status
(
Status
.
FORBIDDEN
).
build
();
}
EventUser
user
=
userbean
.
findByUserId
(
userId
,
true
);
EventUser
user
=
userbean
.
findByUserId
(
userId
,
true
);
if
(
user
==
null
)
{
if
(
user
==
null
)
{
...
@@ -343,6 +355,9 @@ public class UserRestView {
...
@@ -343,6 +355,9 @@ public class UserRestView {
public
Response
resetPassword
(
@PathParam
(
"userid"
)
@ApiParam
(
"User ID"
)
Integer
userId
,
public
Response
resetPassword
(
@PathParam
(
"userid"
)
@ApiParam
(
"User ID"
)
Integer
userId
,
@FormParam
(
"password"
)
@ApiParam
(
"New password"
)
String
password
)
{
@FormParam
(
"password"
)
@ApiParam
(
"New password"
)
String
password
)
{
try
{
try
{
if
(
permbean
.
hasPermission
(
UserPermission
.
MODIFY
)
==
false
||
permbean
.
hasPermission
(
UserPermission
.
VIEW_ALL
))
{
return
Response
.
status
(
Status
.
FORBIDDEN
).
build
();
}
EventUser
eventUser
=
userbean
.
findByUserId
(
userId
,
true
);
EventUser
eventUser
=
userbean
.
findByUserId
(
userId
,
true
);
User
user
=
eventUser
.
getUser
();
User
user
=
eventUser
.
getUser
();
userbean
.
resetPassword
(
user
,
password
);
userbean
.
resetPassword
(
user
,
password
);
...
@@ -367,6 +382,9 @@ public class UserRestView {
...
@@ -367,6 +382,9 @@ public class UserRestView {
public
Response
updateUserImage
(
@Context
HttpServletRequest
request
,
public
Response
updateUserImage
(
@Context
HttpServletRequest
request
,
@PathParam
(
"userid"
)
@ApiParam
(
"User ID"
)
Integer
userId
)
throws
IOException
{
@PathParam
(
"userid"
)
@ApiParam
(
"User ID"
)
Integer
userId
)
throws
IOException
{
try
{
try
{
if
(
permbean
.
hasPermission
(
UserPermission
.
MODIFY
)
==
false
||
permbean
.
hasPermission
(
UserPermission
.
VIEW_ALL
))
{
return
Response
.
status
(
Status
.
FORBIDDEN
).
build
();
}
Part
imagePart
=
request
.
getPart
(
"image"
);
Part
imagePart
=
request
.
getPart
(
"image"
);
EventUser
eventUser
=
userbean
.
findByUserId
(
userId
,
true
);
EventUser
eventUser
=
userbean
.
findByUserId
(
userId
,
true
);
UserImage
userImage
=
userbean
.
uploadImage
(
eventUser
,
imagePart
.
getContentType
(),
UserImage
userImage
=
userbean
.
uploadImage
(
eventUser
,
imagePart
.
getContentType
(),
...
...
Write
Preview
Markdown
is supported
Attach a file
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to post a comment
