Search in sources :

Example 21 with UserModel

use of com.serotonin.m2m2.web.mvc.rest.v1.model.user.UserModel in project ma-modules-public by infiniteautomation.

the class UserRestController method updateUser.

@ApiOperation(value = "Updates a user")
@RequestMapping(method = RequestMethod.PUT, consumes = { "application/json", "text/csv" }, produces = { "application/json", "text/csv" }, value = "/{username}")
public ResponseEntity<UserModel> updateUser(@PathVariable String username, @RequestBody(required = true) UserModel model, UriComponentsBuilder builder, HttpServletRequest request, Authentication authentication) throws RestValidationFailedException {
    RestProcessResult<UserModel> result = new RestProcessResult<UserModel>(HttpStatus.OK);
    User user = this.checkUser(request, result);
    if (result.isOk()) {
        User u = UserDao.instance.getUser(username);
        if (Permissions.hasAdmin(user)) {
            if (u == null) {
                result.addRestMessage(getDoesNotExistMessage());
                return result.createResponseEntity();
            }
            // Cannot make yourself disabled or not admin
            if (user.getId() == u.getId()) {
                if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
                    throw new AccessDeniedException(new TranslatableMessage("rest.error.usernamePasswordOnly"));
                }
                boolean failed = false;
                if (!model.isAdmin()) {
                    model.addValidationMessage(new ProcessMessage("permissions", new TranslatableMessage("users.validate.adminInvalid")));
                    failed = true;
                }
                if (model.getDisabled()) {
                    model.addValidationMessage(new ProcessMessage("disabled", new TranslatableMessage("users.validate.adminDisable")));
                    failed = true;
                }
                if (failed) {
                    result.addRestMessage(getValidationFailedError());
                    return result.createResponseEntity(model);
                }
            }
            // Cannot Rename a User to an existing Username
            if (!model.getUsername().equals(username)) {
                User existingUser = UserDao.instance.getUser(model.getUsername());
                if (existingUser != null) {
                    model.addValidationMessage(new ProcessMessage("username", new TranslatableMessage("users.validate.usernameInUse")));
                    result.addRestMessage(getValidationFailedError());
                    return result.createResponseEntity(model);
                }
            }
            // Set the ID for the user for validation
            model.getData().setId(u.getId());
            if (!model.validate()) {
                result.addRestMessage(this.getValidationFailedError());
            } else {
                User newUser = model.getData();
                newUser.setId(u.getId());
                if (!StringUtils.isBlank(model.getData().getPassword()))
                    newUser.setPassword(Common.encrypt(model.getData().getPassword()));
                else
                    newUser.setPassword(u.getPassword());
                UserDao.instance.saveUser(newUser);
                sessionRegistry.userUpdated(request, newUser);
            }
            return result.createResponseEntity(model);
        } else {
            if (u.getId() != user.getId()) {
                LOG.warn("Non admin user: " + user.getUsername() + " attempted to update user : " + u.getUsername());
                result.addRestMessage(this.getUnauthorizedMessage());
                return result.createResponseEntity();
            } else {
                if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
                    throw new AccessDeniedException(new TranslatableMessage("rest.error.usernamePasswordOnly"));
                }
                // Allow users to update themselves
                User newUser = model.getData();
                newUser.setId(u.getId());
                if (!StringUtils.isBlank(model.getData().getPassword()))
                    newUser.setPassword(Common.encrypt(model.getData().getPassword()));
                else
                    newUser.setPassword(u.getPassword());
                // If we are not Admin we cannot modify our own privs
                if (!u.isAdmin()) {
                    if (!StringUtils.equals(u.getPermissions(), newUser.getPermissions())) {
                        model.addValidationMessage(new ProcessMessage("permissions", new TranslatableMessage("users.validate.cannotChangePermissions")));
                        result.addRestMessage(this.getValidationFailedError());
                        return result.createResponseEntity(model);
                    }
                }
                if (!model.validate()) {
                    result.addRestMessage(this.getValidationFailedError());
                } else {
                    // Cannot make yourself disabled admin or not admin
                    boolean failed = false;
                    if (user.getId() == u.getId()) {
                        if (model.getDisabled()) {
                            model.addValidationMessage(new ProcessMessage("disabled", new TranslatableMessage("users.validate.adminDisable")));
                            failed = true;
                        }
                        if (u.isAdmin()) {
                            // We were superadmin, so we must still have it
                            if (!model.getData().isAdmin()) {
                                model.addValidationMessage(new ProcessMessage("permissions", new TranslatableMessage("users.validate.adminInvalid")));
                                failed = true;
                            }
                        } else {
                            // We were not superadmin so we must not have it
                            if (model.getData().isAdmin()) {
                                model.addValidationMessage(new ProcessMessage("permissions", new TranslatableMessage("users.validate.adminGrantInvalid")));
                                failed = true;
                            }
                        }
                        if (failed) {
                            result.addRestMessage(getValidationFailedError());
                            return result.createResponseEntity(model);
                        }
                    }
                    UserDao.instance.saveUser(newUser);
                    sessionRegistry.userUpdated(request, newUser);
                    URI location = builder.path("v1/users/{username}").buildAndExpand(model.getUsername()).toUri();
                    result.addRestMessage(getResourceCreatedMessage(location));
                }
                return result.createResponseEntity(model);
            }
        }
    }
    return result.createResponseEntity();
}
Also used : UserModel(com.serotonin.m2m2.web.mvc.rest.v1.model.user.UserModel) RestProcessResult(com.serotonin.m2m2.web.mvc.rest.v1.message.RestProcessResult) AccessDeniedException(com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException) User(com.serotonin.m2m2.vo.User) ProcessMessage(com.serotonin.m2m2.i18n.ProcessMessage) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) TranslatableMessage(com.serotonin.m2m2.i18n.TranslatableMessage) URI(java.net.URI) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

UserModel (com.serotonin.m2m2.web.mvc.rest.v1.model.user.UserModel)21 User (com.serotonin.m2m2.vo.User)17 ApiOperation (com.wordnik.swagger.annotations.ApiOperation)14 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)14 RestProcessResult (com.serotonin.m2m2.web.mvc.rest.v1.message.RestProcessResult)11 ArrayList (java.util.ArrayList)7 TranslatableMessage (com.serotonin.m2m2.i18n.TranslatableMessage)5 AccessDeniedException (com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException)4 List (java.util.List)4 ProcessMessage (com.serotonin.m2m2.i18n.ProcessMessage)3 ResponseEntity (org.springframework.http.ResponseEntity)3 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3 AuthenticationException (org.springframework.security.core.AuthenticationException)3 MvcResult (org.springframework.test.web.servlet.MvcResult)3 ObjectWriter (com.fasterxml.jackson.databind.ObjectWriter)2 JsonViews (com.serotonin.m2m2.web.mvc.rest.v1.mapping.JsonViews)2 UserAccessModel (com.serotonin.m2m2.web.mvc.rest.v1.model.user.UserAccessModel)2 URI (java.net.URI)2 InvalidRQLRestException (com.infiniteautomation.mango.rest.v2.exception.InvalidRQLRestException)1 NotFoundRestException (com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException)1