private void getSiteParticipantList(String siteId, HttpServletResponse res) {
    // get the user id
    String userId = SessionManager.getCurrentSessionUserId();

    if (userId == null) {
      // fail the request, user not logged in yet.
      log.warn(
          this
              + " HttpAccess for printing participant of site id ="
              + siteId
              + " without user loggin. ");
    } else {
      String siteReference = SiteService.siteReference(siteId);
      // check whether the user has permission to view the site roster or is super user
      if (SecurityService.unlock(userId, SiteService.SECURE_VIEW_ROSTER, siteReference)
          || SecurityService.isSuperUser()) {
        print_participant(siteId);
      } else {
        log.warn(
            this
                + " HttpAccess for printing participant of site id ="
                + siteId
                + " with user id = "
                + userId
                + ": user does not have permission to view roster. ");
      }
    }
  }
  /** @see SakaiPersonManager#save(SakaiPerson) */
  public void save(SakaiPerson sakaiPerson) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("save(SakaiPerson " + sakaiPerson + ")");
    }
    if (sakaiPerson == null)
      throw new IllegalArgumentException("Illegal sakaiPerson argument passed!");
    if (!isSupportedType(sakaiPerson.getTypeUuid()))
      throw new IllegalArgumentException("The sakaiPerson argument contains an invalid Type!");

    // AuthZ
    // Only superusers can update system records
    if (getSystemMutableType().getUuid().equals(sakaiPerson.getTypeUuid())
        && !SecurityService.isSuperUser()) {
      throw new IllegalAccessError("System mutable records cannot be updated.");
    }

    // if it is a user mutable record, ensure the user is updating their own record
    // this can be overriden with a security advisor so the admin user to allow access
    if (!SecurityService.unlock(
        UserDirectoryService.ADMIN_ID,
        SakaiPerson.PROFILE_SAVE_PERMISSION,
        sakaiPerson.getAgentUuid())) {

      if (!StringUtils.equals(SessionManager.getCurrentSessionUserId(), sakaiPerson.getAgentUuid())
          && !SecurityService.isSuperUser()) {
        // AuthZ - Ensure the current user is updating their own record
        if (!StringUtils.equals(
            SessionManager.getCurrentSessionUserId(), sakaiPerson.getAgentUuid())) {
          throw new IllegalAccessError("You do not have permissions to update this record!");
        }
      }
    }

    // store record
    if (!(sakaiPerson instanceof SakaiPersonImpl)) {
      // TODO support alternate implementations of SakaiPerson
      // copy bean properties into new SakaiPersonImpl with beanutils?
      throw new UnsupportedOperationException("Unknown SakaiPerson implementation found!");
    } else {
      // update lastModifiedDate
      SakaiPersonImpl spi = (SakaiPersonImpl) sakaiPerson;
      persistableHelper.modifyPersistableFields(spi);
      // if the repository path is set save if there
      if (photoService.overRidesDefault()) {
        photoService.savePhoto(spi.getJpegPhoto(), spi.getAgentUuid());
        spi.setJpegPhoto(null);
      }

      // use update(..) method to ensure someone does not try to insert a
      // prototype.
      getHibernateTemplate().update(spi);

      // set the event
      String ref = getReference(spi);
      LOG.debug("got ref of: " + ref + " about to set events");

      eventTrackingService.post(eventTrackingService.newEvent("profile.update", ref, true));

      LOG.debug("User record updated for Id :-" + spi.getAgentUuid());
      // update the account too -only if not system profile
      if (serverConfigurationService.getBoolean("profile.updateUser", false)
          && spi.getTypeUuid().equals(this.userMutableType.getUuid())) {
        try {
          UserEdit userEdit = null;
          userEdit = userDirectoryService.editUser(spi.getAgentUuid());
          userEdit.setFirstName(spi.getGivenName());
          userEdit.setLastName(spi.getSurname());
          userEdit.setEmail(spi.getMail());
          userDirectoryService.commitEdit(userEdit);
          LOG.debug("Saved user object");
        } catch (Exception e) {
          e.printStackTrace();
        }
      }
    }
  }