X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.mvc%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fmvc%2FUsersRolesController.java;h=a4a2e4556360051f0cb078384d2d5c827fa9151c;hb=12f0ab4fa622e3507570f5dcbe586c05131a0050;hp=c95d909841ced8b24d83a6828c3efe949303a317;hpb=00ae7654c948e62c35ef88e7d8d528965d5e0371;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java index c95d90984..a4a2e4556 100644 --- a/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java +++ b/security/runtime/org.argeo.security.mvc/src/main/java/org/argeo/security/mvc/UsersRolesController.java @@ -7,11 +7,10 @@ import java.util.List; import org.apache.commons.io.IOUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.argeo.security.ArgeoSecurityService; import org.argeo.security.ArgeoUser; -import org.argeo.security.BasicArgeoUser; +import org.argeo.security.SimpleArgeoUser; import org.argeo.security.core.ArgeoUserDetails; -import org.argeo.security.dao.RoleDao; -import org.argeo.security.dao.UserDao; import org.argeo.server.BooleanAnswer; import org.argeo.server.DeserializingEditor; import org.argeo.server.ServerAnswer; @@ -31,14 +30,13 @@ public class UsersRolesController implements MvcConstants { private final static Log log = LogFactory .getLog(UsersRolesController.class); - private UserDao userDao; - private RoleDao roleDao; + private ArgeoSecurityService securityService; private ServerDeserializer userDeserializer = null; @InitBinder public void initBinder(WebDataBinder binder) { - binder.registerCustomEditor(BasicArgeoUser.class, + binder.registerCustomEditor(SimpleArgeoUser.class, new DeserializingEditor(userDeserializer)); } @@ -55,34 +53,36 @@ public class UsersRolesController implements MvcConstants { @RequestMapping("/getUsersList.security") @ModelAttribute(ANSWER_MODEL_KEY) public List getUsersList() { - return userDao.listUsers(); + return securityService.getSecurityDao().listUsers(); } @RequestMapping("/userExists.security") @ModelAttribute(ANSWER_MODEL_KEY) public BooleanAnswer userExists(@RequestParam("username") String username) { - return new BooleanAnswer(userDao.userExists(username)); + return new BooleanAnswer(securityService.getSecurityDao().userExists( + username)); } @RequestMapping("/createUser.security") @ModelAttribute(ANSWER_MODEL_KEY) - public ServerAnswer createUser(Reader reader) { + public ArgeoUser createUser(Reader reader) { ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader); - userDao.create(user); - return ServerAnswer.ok("User " + user.getUsername() + " created"); + cleanUserBeforeCreate(user); + securityService.newUser(user); + return securityService.getSecurityDao().getUser(user.getUsername()); } @RequestMapping("/updateUser.security") @ModelAttribute(ANSWER_MODEL_KEY) - public ServerAnswer updateUser(Reader reader) { + public ArgeoUser updateUser(Reader reader) { ArgeoUser user = (ArgeoUser) userDeserializer.deserialize(reader); - userDao.update(user); - return ServerAnswer.ok("User " + user.getUsername() + " updated"); + securityService.getSecurityDao().update(user); + return securityService.getSecurityDao().getUser(user.getUsername()); } @RequestMapping("/createUser2.security") @ModelAttribute(ANSWER_MODEL_KEY) - public ServerAnswer createUser(@RequestParam("body") String body) { + public ArgeoUser createUser(@RequestParam("body") String body) { if (log.isDebugEnabled()) log.debug("body:\n" + body); StringReader reader = new StringReader(body); @@ -92,54 +92,74 @@ public class UsersRolesController implements MvcConstants { } finally { IOUtils.closeQuietly(reader); } - userDao.create(user); - return ServerAnswer.ok("User " + user.getUsername() + " created"); + cleanUserBeforeCreate(user); + securityService.newUser(user); + return securityService.getSecurityDao().getUser(user.getUsername()); } @RequestMapping("/deleteUser.security") @ModelAttribute(ANSWER_MODEL_KEY) public ServerAnswer deleteUser(@RequestParam("username") String username) { - userDao.delete(username); + securityService.getSecurityDao().delete(username); return ServerAnswer.ok("User " + username + " deleted"); } @RequestMapping("/getUserDetails.security") @ModelAttribute(ANSWER_MODEL_KEY) public ArgeoUser getUserDetails(@RequestParam("username") String username) { - return userDao.getUser(username); + return securityService.getSecurityDao().getUser(username); } /* ROLE */ @RequestMapping("/getRolesList.security") @ModelAttribute(ANSWER_MODEL_KEY) public List getEditableRolesList() { - return roleDao.listEditableRoles(); + return securityService.getSecurityDao().listEditableRoles(); } @RequestMapping("/createRole.security") @ModelAttribute(ANSWER_MODEL_KEY) public ServerAnswer createRole(@RequestParam("role") String role) { - roleDao.create(role); + securityService.newRole(role); return ServerAnswer.ok("Role " + role + " created"); } @RequestMapping("/deleteRole.security") @ModelAttribute(ANSWER_MODEL_KEY) public ServerAnswer deleteRole(@RequestParam("role") String role) { - roleDao.delete(role); - return ServerAnswer.ok("Role " + role + " created"); + securityService.getSecurityDao().deleteRole(role); + return ServerAnswer.ok("Role " + role + " deleted"); } - public void setUserDao(UserDao userDao) { - this.userDao = userDao; + @RequestMapping("/updateUserPassword.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public ServerAnswer updateUserPassword( + @RequestParam("username") String username, + @RequestParam("password") String password) { + securityService.updateUserPassword(username, password); + return ServerAnswer.ok("Password updated for user " + username); } - public void setRoleDao(RoleDao roleDao) { - this.roleDao = roleDao; + @RequestMapping("/updatePassword.security") + @ModelAttribute(ANSWER_MODEL_KEY) + public ServerAnswer updatePassword( + @RequestParam("password") String password, + @RequestParam("oldPassword") String oldPassword) { + securityService.getSecurityDao().updatePassword(oldPassword, password); + return ServerAnswer.ok("Password updated"); + } + + protected void cleanUserBeforeCreate(ArgeoUser user) { + user.getUserNatures().clear(); + user.getRoles().clear(); } public void setUserDeserializer(ServerDeserializer userDeserializer) { this.userDeserializer = userDeserializer; } + public void setSecurityService(ArgeoSecurityService securityService) { + this.securityService = securityService; + } + }