@Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER"})
  @RequestMapping(method = RequestMethod.POST)
  public @ResponseBody void createUser(@RequestBody UserDto dto, Principal principal) {
    PipUser user = new PipUser();
    user.setEmail(dto.getEmail());
    Set<OrganisazionDto> organizations = dto.getOrganizations();
    if (organizations.isEmpty()) {
      PipUser currentUser =
          PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult();
      List<Organisazion> organisazions = currentUser.getOrganisazions();
      if (!organisazions.isEmpty()) {
        user.getOrganisazions().add(organisazions.get(0));
      }
    } else {
      Organisazion organisazion =
          Organisazion.findOrganisazionsByName(
                  new ArrayList<OrganisazionDto>(organizations).get(0).getName())
              .getSingleResult();
      user.getOrganisazions().add(organisazion);
    }

    String randomPassword = RandomStringUtils.randomAlphanumeric(6);
    user.setPassword(encoder.encode(randomPassword));
    user.setRole(PipRole.USER.getName());
    user.persist();
    mailingUtil.sendCreationMail(user, randomPassword);
  }
 @Secured(value = {"ROLE_ADMIN"})
 @RequestMapping(method = RequestMethod.PUT, value = "user/demote")
 public @ResponseBody void demote(@RequestBody String email) throws IOException {
   PipUser user = PipUser.findPipUsersByEmailEquals(email).getSingleResult();
   if (user.getRole() != PipRole.ADMIN.getName()) {
     user.setRole(PipRole.USER.getName());
     user.merge();
   }
 }
  @Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER", "ROLE_MANAGER"})
  @RequestMapping(method = RequestMethod.GET, value = "list")
  public @ResponseBody ResponseEntity<List<UserDto>> getUsers(Principal principal) {
    PipUser prince = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult();

    List<UserDto> list = new ArrayList<UserDto>();
    List<PipUser> users;
    if (PipRole.ADMIN.getName().equals(prince.getRole()))
      users = PipUser.findAllPipUsers("name", "asc");
    else {
      users =
          PipUser.findPipUserByOrganisazionAndRole(
              prince.getOrganisazions().get(0), PipRole.USER.getName());
    }
    list = DtoCastUtil.castUser(users);
    return new ResponseEntity<List<UserDto>>(list, HttpStatus.OK);
  }