Commit d45f2317 authored by Maxym Borodenko's avatar Maxym Borodenko
Browse files

The ability to edit a user profile is not available.

parent de211740
......@@ -107,7 +107,7 @@ public class UserProfileController extends BaseController {
}
@RequestMapping("/{uuid:.+}/edit")
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.uuid == #uuid")
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.uuid == #uuid")
public String edit(ModelMap model, @PathVariable("uuid") String uuid) {
someProfile(model, uuid);
model.addAttribute("availableRoles", userService.listAvailableRoles());
......@@ -115,7 +115,7 @@ public class UserProfileController extends BaseController {
}
@RequestMapping(value = "/{uuid}/send", method = RequestMethod.GET)
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.uuid == #uuid")
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.uuid == #uuid")
public String sendEmail(ModelMap model, @PathVariable("uuid") String uuid) {
final User user = userService.getUserByUuid(uuid);
......@@ -223,7 +223,7 @@ public class UserProfileController extends BaseController {
}
@RequestMapping(value = "/{uuid:.+}/update", method = { RequestMethod.POST })
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.uuid == #uuid")
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.uuid == #uuid")
public String update(ModelMap model, @PathVariable("uuid") String uuid, @RequestParam("name") String name,
@RequestParam("email") String email, @RequestParam(value = "currentPwd", required = false) String currentPwd,
@RequestParam(value = "pwd1", required = false) String pwd1, @RequestParam(value = "pwd2", required = false) String pwd2,
......
......@@ -102,7 +102,7 @@ public class OAuthManagementController extends BaseController {
}
@RequestMapping("/user/{uuid}/tokens")
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.uuid == #uuid")
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.uuid == #uuid")
public String getIssuedTokens(@PathVariable("uuid") String uuid, Model model) {
final Collection<OAuthAccessToken> tokens = clientDetailsService.findTokensByUserUuid(uuid);
model.addAttribute("tokens", tokens);
......@@ -110,7 +110,7 @@ public class OAuthManagementController extends BaseController {
}
@RequestMapping("/user/{uuid}/{tokenId}/remove")
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.uuid == #uuid")
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.uuid == #uuid")
public String removeUsersAccessToken(@PathVariable("tokenId") long tokenId, @PathVariable("uuid") String uuid) {
tokenStore.removeAccessToken(tokenId);
return "redirect:" + CONTROLLER_PATH + "/user/" + uuid + "/tokens";
......
......@@ -2637,6 +2637,9 @@ table.accessions {
}
}
}
.edit-btn {
margin-top: 15px;
}
.btn-default {
border: 1px solid #999895;
display: inline-block;
......
......@@ -10,7 +10,9 @@
<cms:informative-h1 title="userprofile.page.title" fancy="true" info="userprofile.page.intro" />
<security:authorize access="hasRole('ADMINISTRATOR') || (isAuthenticated() && principal.id == #user.id)">
<a href="<c:url value="/profile/${user.uuid}/edit" />" class="close"> <spring:message code="edit" /></a>
<a href="<c:url value="/profile/${user.uuid}/edit" />" class="btn btn-default pull-right edit-btn">
<spring:message code="edit" />
</a>
</security:authorize>
<div class="form-horizontal">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment