Improve JCR

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.mvc / src / main / java / org / argeo / security / mvc / UsersRolesController.java

diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
index 8f096937f1fad65f16da22d44eabdd1dfaa04c30..0366096aa6fcfa35a2d90fcc06b371c6f672d4b3 100644 (file)
--- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
+++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java
@@ -5,11 +5,11 @@ import java.util.List;
 
 import org.argeo.security.ArgeoSecurityService;
 import org.argeo.security.ArgeoUser;
+import org.argeo.security.SimpleArgeoUser;
 import org.argeo.server.BooleanAnswer;
+import org.argeo.server.Deserializer;
 import org.argeo.server.ServerAnswer;
-import org.argeo.server.ServerDeserializer;
 import org.argeo.server.mvc.MvcConstants;
-import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -22,30 +22,20 @@ public class UsersRolesController implements MvcConstants {
 
        private ArgeoSecurityService securityService;
 
-       private ServerDeserializer userDeserializer = null;
+       private Deserializer userDeserializer = null;
 
        /* USER */
 
-       @RequestMapping("/getCredentials.security")
+       @RequestMapping("/getCredentials.ria")
        @ModelAttribute(ANSWER_MODEL_KEY)
        public ArgeoUser getCredentials() {
-               return securityService.getSecurityDao().getCurrentUser();
+               ArgeoUser argeoUser = securityService.getSecurityDao().getCurrentUser();
+               if (argeoUser == null)
+                       return new SimpleArgeoUser();
+               else
+                       return argeoUser;
        }
 
-//     @RequestMapping("/login.security")
-//     @ModelAttribute(ANSWER_MODEL_KEY)
-//     public ArgeoUser login(@RequestParam("username") String username,
-//                     @RequestParam("password") String password) {
-//             //SecurityContextHolder.getContext().getAuthentication().
-//             return securityService.getSecurityDao().getCurrentUser();
-//     }
-//
-//     @RequestMapping("/logout.security")
-//     @ModelAttribute(ANSWER_MODEL_KEY)
-//     public ServerAnswer logout() {
-//             return ServerAnswer.ok("Logged out");
-//     }
-
        @RequestMapping("/getUsersList.security")
        @ModelAttribute(ANSWER_MODEL_KEY)
        public List<ArgeoUser> getUsersList() {
@@ -62,7 +52,8 @@ public class UsersRolesController implements MvcConstants {
        @RequestMapping("/createUser.security")
        @ModelAttribute(ANSWER_MODEL_KEY)
        public ArgeoUser createUser(Reader reader) {
-               ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader);
+               ArgeoUser user = userDeserializer.deserialize(reader,
+                               SimpleArgeoUser.class);
                // cleanUserBeforeCreate(user);
                securityService.newUser(user);
                return securityService.getSecurityDao().getUser(user.getUsername());
@@ -71,23 +62,23 @@ public class UsersRolesController implements MvcConstants {
        @RequestMapping("/updateUser.security")
        @ModelAttribute(ANSWER_MODEL_KEY)
        public ArgeoUser updateUser(Reader reader) {
-               ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader);
+               ArgeoUser user = userDeserializer.deserialize(reader,
+                               SimpleArgeoUser.class);
                securityService.updateUser(user);
                return securityService.getSecurityDao().getUser(user.getUsername());
        }
 
-       /*
-        * @RequestMapping("/createUser2.security")
-        * 
-        * @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser
-        * createUser(@RequestParam("body") String body) { if (log.isDebugEnabled())
-        * log.debug("body:\n" + body); StringReader reader = new
-        * StringReader(body); ArgeoUser user = null; try { user = (ArgeoUser)
-        * userDeserializer.deserialize(reader); } finally {
-        * IOUtils.closeQuietly(reader); } cleanUserBeforeCreate(user);
-        * securityService.newUser(user); return
-        * securityService.getSecurityDao().getUser(user.getUsername()); }
-        */
+       @RequestMapping("/updateUserSelf.security")
+       @ModelAttribute(ANSWER_MODEL_KEY)
+       /** Will only update the user natures.*/
+       public ArgeoUser updateUserSelf(Reader reader) {
+               ArgeoUser user = securityService.getSecurityDao().getCurrentUser();
+               ArgeoUser userForNatures = userDeserializer.deserialize(reader,
+                               SimpleArgeoUser.class);
+               user.updateUserNatures(userForNatures.getUserNatures());
+               securityService.updateUser(user);
+               return securityService.getSecurityDao().getUser(user.getUsername());
+       }
 
        @RequestMapping("/deleteUser.security")
        @ModelAttribute(ANSWER_MODEL_KEY)
@@ -135,17 +126,13 @@ public class UsersRolesController implements MvcConstants {
        @RequestMapping("/updatePassword.security")
        @ModelAttribute(ANSWER_MODEL_KEY)
        public ServerAnswer updatePassword(
-                       @RequestParam("password") String password,
-                       @RequestParam("oldPassword") String oldPassword) {
-               securityService.getSecurityDao().updatePassword(oldPassword, password);
+                       @RequestParam("oldPassword") String oldPassword,
+                       @RequestParam("password") String password) {
+               securityService.updateCurrentUserPassword(oldPassword, password);
                return ServerAnswer.ok("Password updated");
        }
 
-       // protected void cleanUserBeforeCreate(ArgeoUser user) {
-       // user.getUserNatures().clear();
-       // }
-
-       public void setUserDeserializer(ServerDeserializer userDeserializer) {
+       public void setUserDeserializer(Deserializer userDeserializer) {
                this.userDeserializer = userDeserializer;
        }