X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.mvc%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fmvc%2FUsersRolesController.java;h=8e4b574c7c58581bc6319ed5d93b1575a0ab9685;hb=a373533a833e21ff90439ef82254091f7dac6f52;hp=505f0094f118829ef37a25aa4389f50d6785db3b;hpb=8220766ace9f3bde3a9d69890cd8307c34fe8ddd;p=lgpl%2Fargeo-commons.git

diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
index 505f0094f..8e4b574c7 100644
--- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
+++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
@@ -1,65 +1,154 @@
 package org.argeo.security.mvc;
 
+import java.io.Reader;
 import java.util.List;
 
+import org.argeo.security.ArgeoSecurityService;
 import org.argeo.security.ArgeoUser;
-import org.argeo.security.core.ArgeoUserDetails;
-import org.argeo.security.dao.RoleDao;
-import org.argeo.security.dao.UserDao;
 import org.argeo.server.BooleanAnswer;
 import org.argeo.server.ServerAnswer;
-import org.springframework.security.Authentication;
-import org.springframework.security.context.SecurityContextHolder;
+import org.argeo.server.ServerDeserializer;
+import org.argeo.server.mvc.MvcConstants;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 
 @Controller
-public class UsersRolesController {
-	private UserDao userDao;
-	private RoleDao roleDao;
+public class UsersRolesController implements MvcConstants {
+	// private final static Log log = LogFactory
+	// .getLog(UsersRolesController.class);
+
+	private ArgeoSecurityService securityService;
+
+	private ServerDeserializer userDeserializer = null;
+
+	/* USER */
 
 	@RequestMapping("/getCredentials.security")
-	@ModelAttribute("getCredentials")
+	@ModelAttribute(ANSWER_MODEL_KEY)
 	public ArgeoUser getCredentials() {
-		Authentication authentication = SecurityContextHolder.getContext()
-				.getAuthentication();
+		return securityService.getSecurityDao().getCurrentUser();
+	}
+
+	@RequestMapping("/login.security")
+	@ModelAttribute(ANSWER_MODEL_KEY)
+	public ArgeoUser login(@RequestParam("username") String username,
+			@RequestParam("password") String password) {
+		return securityService.getSecurityDao().getCurrentUser();
+	}
 
-		return ArgeoUserDetails.asArgeoUser(authentication);
+	@RequestMapping("/logout.security")
+	@ModelAttribute(ANSWER_MODEL_KEY)
+	public ServerAnswer logout() {
+		return ServerAnswer.ok("Logged out");
 	}
 
 	@RequestMapping("/getUsersList.security")
-	@ModelAttribute("getUsersList")
+	@ModelAttribute(ANSWER_MODEL_KEY)
 	public List<ArgeoUser> getUsersList() {
-		return userDao.listUsers();
+		return securityService.getSecurityDao().listUsers();
 	}
 
 	@RequestMapping("/userExists.security")
-	@ModelAttribute("userExists")
+	@ModelAttribute(ANSWER_MODEL_KEY)
 	public BooleanAnswer userExists(@RequestParam("username") String username) {
-		return new BooleanAnswer(userDao.userExists(username));
+		return new BooleanAnswer(securityService.getSecurityDao().userExists(
+				username));
 	}
 
+	@RequestMapping("/createUser.security")
+	@ModelAttribute(ANSWER_MODEL_KEY)
+	public ArgeoUser createUser(Reader reader) {
+		ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader);
+		// cleanUserBeforeCreate(user);
+		securityService.newUser(user);
+		return securityService.getSecurityDao().getUser(user.getUsername());
+	}
+
+	@RequestMapping("/updateUser.security")
+	@ModelAttribute(ANSWER_MODEL_KEY)
+	public ArgeoUser updateUser(Reader reader) {
+		ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader);
+		securityService.updateUser(user);
+		return securityService.getSecurityDao().getUser(user.getUsername());
+	}
+
+	/*
+	 * @RequestMapping("/createUser2.security")
+	 * 
+	 * @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser
+	 * createUser(@RequestParam("body") String body) { if (log.isDebugEnabled())
+	 * log.debug("body:\n" + body); StringReader reader = new
+	 * StringReader(body); ArgeoUser user = null; try { user = (ArgeoUser)
+	 * userDeserializer.deserialize(reader); } finally {
+	 * IOUtils.closeQuietly(reader); } cleanUserBeforeCreate(user);
+	 * securityService.newUser(user); return
+	 * securityService.getSecurityDao().getUser(user.getUsername()); }
+	 */
+
 	@RequestMapping("/deleteUser.security")
-	@ModelAttribute("deleteUser")
+	@ModelAttribute(ANSWER_MODEL_KEY)
 	public ServerAnswer deleteUser(@RequestParam("username") String username) {
-		userDao.delete(username);
-		return ServerAnswer.ok(username + " deleted");
+		securityService.getSecurityDao().delete(username);
+		return ServerAnswer.ok("User " + username + " deleted");
 	}
 
 	@RequestMapping("/getUserDetails.security")
-	@ModelAttribute("getUserDetails")
+	@ModelAttribute(ANSWER_MODEL_KEY)
 	public ArgeoUser getUserDetails(@RequestParam("username") String username) {
-		return userDao.getUser(username);
+		return securityService.getSecurityDao().getUser(username);
 	}
 
-	public void setUserDao(UserDao userDao) {
-		this.userDao = userDao;
+	/* ROLE */
+	@RequestMapping("/getRolesList.security")
+	@ModelAttribute(ANSWER_MODEL_KEY)
+	public List<String> getEditableRolesList() {
+		return securityService.getSecurityDao().listEditableRoles();
+	}
+
+	@RequestMapping("/createRole.security")
+	@ModelAttribute(ANSWER_MODEL_KEY)
+	public ServerAnswer createRole(@RequestParam("role") String role) {
+		securityService.newRole(role);
+		return ServerAnswer.ok("Role " + role + " created");
+	}
+
+	@RequestMapping("/deleteRole.security")
+	@ModelAttribute(ANSWER_MODEL_KEY)
+	public ServerAnswer deleteRole(@RequestParam("role") String role) {
+		securityService.getSecurityDao().deleteRole(role);
+		return ServerAnswer.ok("Role " + role + " deleted");
+	}
+
+	@RequestMapping("/updateUserPassword.security")
+	@ModelAttribute(ANSWER_MODEL_KEY)
+	public ServerAnswer updateUserPassword(
+			@RequestParam("username") String username,
+			@RequestParam("password") String password) {
+		securityService.updateUserPassword(username, password);
+		return ServerAnswer.ok("Password updated for user " + username);
+	}
+
+	@RequestMapping("/updatePassword.security")
+	@ModelAttribute(ANSWER_MODEL_KEY)
+	public ServerAnswer updatePassword(
+			@RequestParam("password") String password,
+			@RequestParam("oldPassword") String oldPassword) {
+		securityService.getSecurityDao().updatePassword(oldPassword, password);
+		return ServerAnswer.ok("Password updated");
+	}
+
+	// protected void cleanUserBeforeCreate(ArgeoUser user) {
+	// user.getUserNatures().clear();
+	// }
+
+	public void setUserDeserializer(ServerDeserializer userDeserializer) {
+		this.userDeserializer = userDeserializer;
 	}
 
-	public void setRoleDao(RoleDao roleDao) {
-		this.roleDao = roleDao;
+	public void setSecurityService(ArgeoSecurityService securityService) {
+		this.securityService = securityService;
 	}
 
 }