X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.mvc%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fmvc%2FUsersRolesController.java;h=1f9ae609be4037aa4e4b76c3e0142e5c8bccd6c5;hb=490d9907457c43acfa965e7979ce5974bc1ba6ca;hp=88dc15589b33732e071d515a2e2385a94e99e7c6;hpb=e80be147bdb65aa2a0c34e848ca78851b781508d;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java index 88dc15589..1f9ae609b 100644 --- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java +++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java @@ -1,17 +1,30 @@ +/* + * Copyright (C) 2010 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.argeo.security.mvc; import java.io.Reader; -import java.io.StringReader; import java.util.List; -import org.apache.commons.io.IOUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.argeo.security.ArgeoSecurityService; import org.argeo.security.ArgeoUser; +import org.argeo.security.SimpleArgeoUser; import org.argeo.server.BooleanAnswer; +import org.argeo.server.Deserializer; import org.argeo.server.ServerAnswer; -import org.argeo.server.ServerDeserializer; import org.argeo.server.mvc.MvcConstants; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.ModelAttribute; @@ -20,25 +33,23 @@ import org.springframework.web.bind.annotation.RequestParam; @Controller public class UsersRolesController implements MvcConstants { - private final static Log log = LogFactory - .getLog(UsersRolesController.class); + // private final static Log log = LogFactory + // .getLog(UsersRolesController.class); private ArgeoSecurityService securityService; - private ServerDeserializer userDeserializer = null; - - // @InitBinder - // public void initBinder(WebDataBinder binder) { - // binder.registerCustomEditor(SimpleArgeoUser.class, - // new DeserializingEditor(userDeserializer)); - // } + private Deserializer userDeserializer = null; /* USER */ - @RequestMapping("/getCredentials.security") + @RequestMapping("/getCredentials.ria") @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser getCredentials() { - return securityService.getSecurityDao().getCurrentUser(); + ArgeoUser argeoUser = securityService.getSecurityDao().getCurrentUser(); + if (argeoUser == null) + return new SimpleArgeoUser(); + else + return argeoUser; } @RequestMapping("/getUsersList.security") @@ -57,8 +68,9 @@ public class UsersRolesController implements MvcConstants { @RequestMapping("/createUser.security") @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser createUser(Reader reader) { - ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader); - cleanUserBeforeCreate(user); + ArgeoUser user = userDeserializer.deserialize(reader, + SimpleArgeoUser.class); + // cleanUserBeforeCreate(user); securityService.newUser(user); return securityService.getSecurityDao().getUser(user.getUsername()); } @@ -66,25 +78,21 @@ public class UsersRolesController implements MvcConstants { @RequestMapping("/updateUser.security") @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser updateUser(Reader reader) { - ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader); - securityService.getSecurityDao().update(user); + ArgeoUser user = userDeserializer.deserialize(reader, + SimpleArgeoUser.class); + securityService.updateUser(user); return securityService.getSecurityDao().getUser(user.getUsername()); } - @RequestMapping("/createUser2.security") + @RequestMapping("/updateUserSelf.security") @ModelAttribute(ANSWER_MODEL_KEY) - public ArgeoUser createUser(@RequestParam("body") String body) { - if (log.isDebugEnabled()) - log.debug("body:\n" + body); - StringReader reader = new StringReader(body); - ArgeoUser user = null; - try { - user = (ArgeoUser) userDeserializer.deserialize(reader); - } finally { - IOUtils.closeQuietly(reader); - } - cleanUserBeforeCreate(user); - securityService.newUser(user); + /** Will only update the user natures.*/ + public ArgeoUser updateUserSelf(Reader reader) { + ArgeoUser user = securityService.getSecurityDao().getCurrentUser(); + ArgeoUser userForNatures = userDeserializer.deserialize(reader, + SimpleArgeoUser.class); + user.updateUserNatures(userForNatures.getUserNatures()); + securityService.updateUser(user); return securityService.getSecurityDao().getUser(user.getUsername()); } @@ -134,18 +142,13 @@ public class UsersRolesController implements MvcConstants { @RequestMapping("/updatePassword.security") @ModelAttribute(ANSWER_MODEL_KEY) public ServerAnswer updatePassword( - @RequestParam("password") String password, - @RequestParam("oldPassword") String oldPassword) { - securityService.getSecurityDao().updatePassword(oldPassword, password); + @RequestParam("oldPassword") String oldPassword, + @RequestParam("password") String password) { + securityService.updateCurrentUserPassword(oldPassword, password); return ServerAnswer.ok("Password updated"); } - protected void cleanUserBeforeCreate(ArgeoUser user) { - user.getUserNatures().clear(); - user.getRoles().clear(); - } - - public void setUserDeserializer(ServerDeserializer userDeserializer) { + public void setUserDeserializer(Deserializer userDeserializer) { this.userDeserializer = userDeserializer; }