dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #29040
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14603: support user-creation/-update in userController, password will be taken from userCredentials part...
------------------------------------------------------------
revno: 14603
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2014-04-02 17:51:13 +0700
message:
support user-creation/-update in userController, password will be taken from userCredentials part and encoded using passwordManager (same with update)
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java 2014-04-02 10:51:13 +0000
@@ -508,4 +508,31 @@
organisationUnits.addAll( user.getOrganisationUnits() );
}
}
+
+ @Override
+ public String toString()
+ {
+ return "User{" +
+ "surname='" + surname + '\'' +
+ ", firstName='" + firstName + '\'' +
+ ", email='" + email + '\'' +
+ ", phoneNumber='" + phoneNumber + '\'' +
+ ", jobTitle='" + jobTitle + '\'' +
+ ", introduction='" + introduction + '\'' +
+ ", gender='" + gender + '\'' +
+ ", birthday=" + birthday +
+ ", nationality='" + nationality + '\'' +
+ ", employer='" + employer + '\'' +
+ ", education='" + education + '\'' +
+ ", interests='" + interests + '\'' +
+ ", languages='" + languages + '\'' +
+ ", lastCheckedInterpretations=" + lastCheckedInterpretations +
+ ", userCredentials=" + userCredentials +
+ ", groups=" + groups +
+ ", organisationUnits=" + organisationUnits +
+ ", dataViewOrganisationUnits=" + dataViewOrganisationUnits +
+ ", attributeValues=" + attributeValues +
+ ", apps=" + apps +
+ '}';
+ }
}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java 2014-03-26 12:33:30 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java 2014-04-02 10:51:13 +0000
@@ -32,19 +32,28 @@
import org.hisp.dhis.api.controller.AbstractCrudController;
import org.hisp.dhis.api.controller.WebMetaData;
import org.hisp.dhis.api.controller.WebOptions;
+import org.hisp.dhis.api.utils.ContextUtils;
import org.hisp.dhis.common.Pager;
+import org.hisp.dhis.dxf2.metadata.ImportTypeSummary;
+import org.hisp.dhis.hibernate.exception.CreateAccessDeniedException;
+import org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException;
+import org.hisp.dhis.security.PasswordManager;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserService;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseStatus;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@@ -53,7 +62,7 @@
* @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
*/
@Controller
-@RequestMapping( value = UserController.RESOURCE_PATH )
+@RequestMapping(value = UserController.RESOURCE_PATH)
public class UserController
extends AbstractCrudController<User>
{
@@ -62,16 +71,19 @@
@Autowired
private UserService userService;
+ @Autowired
+ private PasswordManager passwordManager;
+
@Override
- @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_USER_VIEW')")
public String getObjectList( @RequestParam Map<String, String> parameters, Model model, HttpServletResponse response, HttpServletRequest request )
{
return super.getObjectList( parameters, model, response, request );
}
@Override
- @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" )
- public String getObject( @PathVariable( "uid" ) String uid, @RequestParam Map<String, String> parameters, Model model,
+ @PreAuthorize("hasRole('ALL') or hasRole('F_USER_VIEW')")
+ public String getObject( @PathVariable("uid") String uid, @RequestParam Map<String, String> parameters, Model model,
HttpServletRequest request, HttpServletResponse response ) throws Exception
{
return super.getObject( uid, parameters, model, request, response );
@@ -108,4 +120,108 @@
{
return userService.getUser( uid );
}
+
+ //--------------------------------------------------------------------------
+ // POST
+ //--------------------------------------------------------------------------
+
+ @Override
+ @RequestMapping( method = RequestMethod.POST, consumes = { "application/xml", "text/xml" } )
+ public void postXmlObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
+ {
+ if ( !aclService.canCreate( currentUserService.getCurrentUser(), getEntityClass() ) )
+ {
+ throw new CreateAccessDeniedException( "You don't have the proper permissions to create this object." );
+ }
+
+ User user = renderService.fromXml( request.getInputStream(), getEntityClass() );
+
+ String encodePassword = passwordManager.encodePassword( user.getUsername(),
+ user.getUserCredentials().getPassword() );
+ user.getUserCredentials().setPassword( encodePassword );
+
+ ImportTypeSummary summary = importService.importObject( currentUserService.getCurrentUser().getUid(), user );
+ renderService.toJson( response.getOutputStream(), summary );
+ }
+
+ @Override
+ @RequestMapping( method = RequestMethod.POST, consumes = "application/json" )
+ public void postJsonObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
+ {
+ if ( !aclService.canCreate( currentUserService.getCurrentUser(), getEntityClass() ) )
+ {
+ throw new CreateAccessDeniedException( "You don't have the proper permissions to create this object." );
+ }
+
+ User user = renderService.fromJson( request.getInputStream(), getEntityClass() );
+
+ String encodePassword = passwordManager.encodePassword( user.getUsername(),
+ user.getUserCredentials().getPassword() );
+ user.getUserCredentials().setPassword( encodePassword );
+
+ ImportTypeSummary summary = importService.importObject( currentUserService.getCurrentUser().getUid(), user );
+ renderService.toJson( response.getOutputStream(), summary );
+ }
+
+ //--------------------------------------------------------------------------
+ // PUT
+ //--------------------------------------------------------------------------
+
+ @RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = { "application/xml", "text/xml" } )
+ @ResponseStatus( value = HttpStatus.NO_CONTENT )
+ public void putXmlObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid, InputStream
+ input ) throws Exception
+ {
+ User object = getEntity( uid );
+
+ if ( object == null )
+ {
+ ContextUtils.conflictResponse( response, getEntityName() + " does not exist: " + uid );
+ return;
+ }
+
+ if ( !aclService.canUpdate( currentUserService.getCurrentUser(), object ) )
+ {
+ throw new UpdateAccessDeniedException( "You don't have the proper permissions to update this object." );
+ }
+
+ User parsed = renderService.fromXml( request.getInputStream(), getEntityClass() );
+ parsed.setUid( uid );
+
+ String encodePassword = passwordManager.encodePassword( parsed.getUsername(),
+ parsed.getUserCredentials().getPassword() );
+ parsed.getUserCredentials().setPassword( encodePassword );
+
+ ImportTypeSummary summary = importService.importObject( currentUserService.getCurrentUser().getUid(), parsed );
+ renderService.toJson( response.getOutputStream(), summary );
+ }
+
+ @RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = "application/json" )
+ @ResponseStatus( value = HttpStatus.NO_CONTENT )
+ public void putJsonObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid, InputStream
+ input ) throws Exception
+ {
+ User object = getEntity( uid );
+
+ if ( object == null )
+ {
+ ContextUtils.conflictResponse( response, getEntityName() + " does not exist: " + uid );
+ return;
+ }
+
+ if ( !aclService.canUpdate( currentUserService.getCurrentUser(), object ) )
+ {
+ throw new UpdateAccessDeniedException( "You don't have the proper permissions to update this object." );
+ }
+
+ User parsed = renderService.fromJson( request.getInputStream(), getEntityClass() );
+ parsed.setUid( uid );
+
+ String encodePassword = passwordManager.encodePassword( parsed.getUsername(),
+ parsed.getUserCredentials().getPassword() );
+ parsed.getUserCredentials().setPassword( encodePassword );
+
+ ImportTypeSummary summary = importService.importObject( currentUserService.getCurrentUser().getUid(), parsed );
+ renderService.toJson( response.getOutputStream(), summary );
+ }
}