Skip to content

Riina Antikainen / Moya

Go to a project
Commit 29987f1f by Juho Juopperi
Options

check permissions for rest api ops

1 parent 8c0322bd
Inline Side-by-side
Showing with 14 additions and 9 deletions
code/moya-beans-client/ejbModule/fi/codecrew/moya/beans/UserBeanLocal.java
......@@ -159,7 +159,7 @@ public interface UserBeanLocal {
* </ul>
*
* @param source
* @param dst
* @param dstEventuser
* @return Saldo transferred. Zero if no transfer was made, Null if there
* was error..
*/
......@@ -181,9 +181,9 @@ public interface UserBeanLocal {
/**
* Check that user's password matches.
* @param userId
* @param eventUser
* @param password
* @return true if matches, false if does not, null if user not found.
*/
Boolean checkPassword(Integer userId, String password);
Boolean checkPassword(EventUser eventUser, String password);
}
code/moya-beans/ejbModule/fi/codecrew/moya/beans/UserBean.java
......@@ -464,8 +464,12 @@ public class UserBean implements UserBeanLocal {
}
@Override
@RolesAllowed(UserPermission.S_MODIFY)
public boolean resetPassword(User user, String password) {
return false;
logger.debug("Changing user {} password", user);
user.resetPassword(password);
userFacade.merge(user);
return true;
}
@Override
......@@ -1116,10 +1120,10 @@ public class UserBean implements UserBeanLocal {
}
@Override
public Boolean checkPassword(Integer userId, String password) {
User user = userFacade.find(userId);
if (user != null) {
return user.checkPassword(password);
@RolesAllowed(UserPermission.S_VIEW_ALL)
public Boolean checkPassword(EventUser eventUser, String password) {
if (eventUser != null) {
return eventUser.checkPassword(password);
}
return null;
}
......
code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java
......@@ -321,7 +321,8 @@ public class UserRestView {
return Response.status(Status.NOT_FOUND).build();
}
boolean passwordOk = user.checkPassword(password);
//boolean passwordOk = user.checkPassword(password);
boolean passwordOk = userbean.checkPassword(user, password);
if (passwordOk) {
return Response.ok(PojoUtils.initEventUserRestPojo(user), MediaType.APPLICATION_JSON_TYPE).build();
}
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!