Commit 543342bd authored by Matija Obreza's avatar Matija Obreza
Browse files

BasicUserService updates

- @PreAuthorize checks
- updateUser reloads record from the database before updating #fullName and #email
parent f575f633
......@@ -81,9 +81,10 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
* @param email new email address
* @param fullName new fullName
* @return the t
* @throws NotUniqueUserException the not unique user exception
* @throws NotUniqueUserException when email address is already registered
* @throws UserException
*/
T updateUser(T user, String email, String fullName) throws NotUniqueUserException;
T updateUser(T user, String email, String fullName) throws NotUniqueUserException, UserException;
/**
* Change password.
......
......@@ -19,7 +19,10 @@ import java.util.Date;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.genesys.blocks.security.NoUserFoundException;
import org.genesys.blocks.security.NotUniqueUserException;
import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.model.BasicUser;
import org.genesys.blocks.security.model.BasicUser.AccountType;
import org.genesys.blocks.security.persistence.AclEntryPersistence;
......@@ -118,6 +121,10 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
@Override
public T getUser(final long id) {
final T user = userRepository.findOne(id);
return deepLoad(user);
}
public T deepLoad(final T user) {
if (user != null) {
user.getRoles().size();
}
......@@ -132,10 +139,19 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
*/
@Override
@Transactional
public T updateUser(final T user, final String email, final String fullName) {
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.id == #user.id")
public T updateUser(T user, final String email, final String fullName) throws NotUniqueUserException, UserException {
// reload
user = userRepository.findOne(user.getId());
if (!StringUtils.equals(email, user.getEmail()) && getUserByEmail(email) != null) {
throw new NotUniqueUserException("Email address already registered");
}
user.setEmail(email);
user.setFullName(fullName);
return userRepository.save(user);
return deepLoad(userRepository.save(user));
}
/*
......@@ -146,6 +162,7 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR')")
public void deleteUser(final T user) {
userRepository.delete(user);
}
......@@ -158,7 +175,7 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
*/
@Override
@Transactional
// FIXME Needs permission check
@PreAuthorize("hasRole('ADMINISTRATOR')")
public T setRoles(T user, final Set<R> newRoles) {
user = userRepository.findOne(user.getId());
......@@ -172,7 +189,7 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
user.getRoles().addAll(newRoles);
user.getRoles().add(getDefaultUserRole());
LOG.info("Setting roles for user {} to {}", user.getEmail(), user.getRoles());
return userRepository.save(user);
return deepLoad(userRepository.save(user));
}
/*
......@@ -182,10 +199,11 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.id == #user.id")
public T changePassword(final T user, final String password) throws PasswordPolicyException {
if (user.getAccountType() == AccountType.LOCAL) {
setPassword(user, password);
return userRepository.save(user);
return deepLoad(userRepository.save(user));
} else {
throw new PasswordPolicyException("Password can be set only for LOCAL account types");
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment