Skip to content

Antti Väyrynen / Moya

Go to a project
Commit 29987f1f by Juho Juopperi
Options

check permissions for rest api ops

1 parent 8c0322bd
Inline Side-by-side
Showing with 14 additions and 9 deletions
code/moya-beans-client/ejbModule/fi/codecrew/moya/beans/UserBeanLocal.java
...@@ -159,7 +159,7 @@ public interface UserBeanLocal { ...@@ -159,7 +159,7 @@ public interface UserBeanLocal {
* </ul> * </ul>
* *
* @param source * @param source
* @param dst * @param dstEventuser
* @return Saldo transferred. Zero if no transfer was made, Null if there * @return Saldo transferred. Zero if no transfer was made, Null if there
* was error.. * was error..
*/ */
...@@ -181,9 +181,9 @@ public interface UserBeanLocal { ...@@ -181,9 +181,9 @@ public interface UserBeanLocal {
/** /**
* Check that user's password matches. * Check that user's password matches.
* @param userId * @param eventUser
* @param password * @param password
* @return true if matches, false if does not, null if user not found. * @return true if matches, false if does not, null if user not found.
*/ */
Boolean checkPassword(Integer userId, String password); Boolean checkPassword(EventUser eventUser, String password);
} }
code/moya-beans/ejbModule/fi/codecrew/moya/beans/UserBean.java
...@@ -464,8 +464,12 @@ public class UserBean implements UserBeanLocal { ...@@ -464,8 +464,12 @@ public class UserBean implements UserBeanLocal {
} }
@Override @Override
@RolesAllowed(UserPermission.S_MODIFY)
public boolean resetPassword(User user, String password) { public boolean resetPassword(User user, String password) {
return false; logger.debug("Changing user {} password", user);
user.resetPassword(password);
userFacade.merge(user);
return true;
} }
@Override @Override
...@@ -1116,10 +1120,10 @@ public class UserBean implements UserBeanLocal { ...@@ -1116,10 +1120,10 @@ public class UserBean implements UserBeanLocal {
} }
@Override @Override
public Boolean checkPassword(Integer userId, String password) { @RolesAllowed(UserPermission.S_VIEW_ALL)
User user = userFacade.find(userId); public Boolean checkPassword(EventUser eventUser, String password) {
if (user != null) { if (eventUser != null) {
return user.checkPassword(password); return eventUser.checkPassword(password);
} }
return null; return null;
} }
......
code/moya-web/src/main/java/fi/codecrew/moya/rest/UserRestView.java
...@@ -321,7 +321,8 @@ public class UserRestView { ...@@ -321,7 +321,8 @@ public class UserRestView {
return Response.status(Status.NOT_FOUND).build(); return Response.status(Status.NOT_FOUND).build();
} }
boolean passwordOk = user.checkPassword(password); //boolean passwordOk = user.checkPassword(password);
boolean passwordOk = userbean.checkPassword(user, password);
if (passwordOk) { if (passwordOk) {
return Response.ok(PojoUtils.initEventUserRestPojo(user), MediaType.APPLICATION_JSON_TYPE).build(); return Response.ok(PojoUtils.initEventUserRestPojo(user), MediaType.APPLICATION_JSON_TYPE).build();
} }
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!