/**
* RESTful API,用POST请求创建一个由服务生成器URI标识的用户。
*
* @param user
* @param password 确认密码
* @return json,假设不是json,那么就会返回一个错误的html页面。
*/
@RequestMapping(value = "/auth_users/create", method = POST, produces = MEDIA_TYPE_JSON)
@ResponseBody
public AuthorizedUser create(
HttpServletRequest request,
@ModelAttribute("user") AuthorizedUser user,
@RequestParam("confirmed_password") String password) {
l.info("trying registration! org: {}, name: {}", user.getOrg(), user.getAuthorizedName());
authService.checkAdmin(request);
authService.create(user, password);
return user;
}
@RequestMapping(value = "/auth_users/{uid}/profile", method = PUT)
@ResponseBody
public String modifyProfile(
HttpServletRequest request,
@PathVariable("uid") long uid,
@RequestParam("about") String about,
@RequestParam("contact") String contact,
@RequestParam("password") String password) {
AuthorizedUser user = authService.checkLogin(request);
checkPermission(user, uid);
user.setAbout(about);
user.setContact(contact);
authService.update(user, password);
return JSON_STATUS_OK;
}
private static void checkPermission(AuthorizedUser user, long uid) {
if (uid != user.getId()) {
throw new SecurityException(Notty.NO_PERMISSION);
}
}
