Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Genesys PGR
Genesys Backend
Commits
399faa81
Commit
399faa81
authored
Jul 07, 2016
by
Matija Obreza
Browse files
Removed obsolete code being a potential security risk
parent
ab3812c6
Changes
1
Hide whitespace changes
Inline
Side-by-side
src/main/java/org/genesys2/server/servlet/controller/
UsersRest
Controller.java
→
src/main/java/org/genesys2/server/servlet/controller/
WidgetApi
Controller.java
View file @
399faa81
...
...
@@ -18,89 +18,31 @@ package org.genesys2.server.servlet.controller;
import
java.util.List
;
import
org.genesys2.server.exception.NotUniqueUserException
;
import
org.genesys2.server.exception.UserException
;
import
org.genesys2.server.model.impl.User
;
import
org.genesys2.server.model.oauth.OAuthClientDetails
;
import
org.genesys2.server.service.OAuth2ClientDetailsService
;
import
org.genesys2.server.service.UserService
;
import
org.genesys2.server.servlet.model.UserList
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.dao.DataIntegrityViolationException
;
import
org.springframework.http.MediaType
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.oauth2.provider.ClientDetails
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.ui.Model
;
import
org.springframework.validation.annotation.Validated
;
import
org.springframework.web.bind.annotation.PathVariable
;
import
org.springframework.web.bind.annotation.RequestBody
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.RequestParam
;
import
org.springframework.web.bind.annotation.ResponseBody
;
/**
* User REST-controller. It produces and consumes JSON. For "USER" role all
* actions are read-only.
* Produce the Javascript code for Webapi widget.
*
* @see org.genesys2.auth.common.service.UserService
*/
@Controller
public
class
UsersRest
Controller
extends
BaseController
{
public
class
WidgetApi
Controller
extends
BaseController
{
@Value
(
"${base.url}"
)
private
String
baseUrl
;
@Autowired
protected
UserService
userService
;
@Autowired
private
OAuth2ClientDetailsService
clientDetailsService
;
@RequestMapping
(
value
=
"/users"
,
method
=
RequestMethod
.
GET
,
produces
=
{
MediaType
.
APPLICATION_JSON_VALUE
})
@ResponseBody
@PreAuthorize
(
"hasRole('ADMINISTRATOR')"
)
public
Object
getUsers
(
@RequestParam
(
value
=
"startRow"
,
required
=
false
,
defaultValue
=
"0"
)
Integer
startRow
,
@RequestParam
(
value
=
"pageSize"
,
required
=
false
,
defaultValue
=
"0"
)
Integer
pageSize
)
throws
UserException
{
return
new
UserList
(
userService
.
listWrapped
(
startRow
,
pageSize
));
}
@RequestMapping
(
value
=
"/users/{id}"
,
method
=
RequestMethod
.
GET
,
produces
=
{
MediaType
.
APPLICATION_JSON_VALUE
})
@ResponseBody
@PreAuthorize
(
"hasRole('ADMINISTRATOR')"
)
public
Object
getUser
(
@PathVariable
Long
id
)
throws
UserException
{
return
userService
.
getWrappedById
(
id
);
}
@RequestMapping
(
value
=
"/users"
,
method
=
RequestMethod
.
PUT
,
consumes
=
{
MediaType
.
APPLICATION_JSON_VALUE
})
@ResponseBody
public
void
saveUser
(
@RequestBody
@Validated
User
user
)
throws
UserException
{
userService
.
addUser
(
user
);
}
@RequestMapping
(
value
=
"/users"
,
method
=
RequestMethod
.
POST
,
consumes
=
{
MediaType
.
APPLICATION_JSON_VALUE
})
@ResponseBody
public
void
updateUser
(
@RequestBody
@Validated
User
user
)
throws
UserException
{
try
{
userService
.
updateUser
(
user
);
}
catch
(
final
DataIntegrityViolationException
e
)
{
// for some reasons it's
// not caught in service
throw
new
NotUniqueUserException
(
e
,
user
.
getEmail
());
}
}
@RequestMapping
(
value
=
"/users"
,
/* method = RequestMethod.DELETE) */
// only GET, POST, PUT allowed
method
=
RequestMethod
.
POST
)
@PreAuthorize
(
"hasRole('ADMINISTRATOR')"
)
@ResponseBody
public
void
removeUser
(
@RequestParam
(
"id"
)
Long
userId
)
throws
UserException
{
userService
.
removeUserById
(
userId
);
}
@RequestMapping
(
value
=
"/get_widget"
)
@PreAuthorize
(
"hasRole('ADMINISTRATOR')"
)
public
String
getWidget
(
Model
model
,
@RequestParam
(
value
=
"clientId"
,
required
=
false
)
String
clientId
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment