// find a single user by the userId
 @RequestMapping(method = RequestMethod.GET, value = "/{id}")
 @ResponseBody
 public Map<String, UserDto> findUser(@PathVariable("id") Long id) {
   final Map<String, UserDto> response = new HashMap<String, UserDto>();
   User u = userDao.getByKey(id);
   UserDto dto = null;
   if (u != null) {
     dto = new UserDto();
     BeanUtils.copyProperties(u, dto, new String[] {"config"});
     if (u.getKey() != null) {
       dto.setKeyId(u.getKey().getId());
     }
   }
   response.put("user", dto);
   return response;
 }
  // update existing user
  @RequestMapping(method = RequestMethod.PUT, value = "/{id}")
  @ResponseBody
  public Map<String, Object> saveExistingUser(@RequestBody UserPayload payLoad) {
    final UserDto userDto = payLoad.getUser();
    final Map<String, Object> response = new HashMap<String, Object>();
    UserDto dto = null;

    RestStatusDto statusDto = new RestStatusDto();
    statusDto.setStatus("failed");

    // if the POST data contains a valid userDto, continue.
    // Otherwise, server will respond with 400 Bad Request
    if (userDto != null) {
      Long keyId = userDto.getKeyId();
      User u;

      // if the userDto has a key, try to get the user.
      if (keyId != null) {
        u = userDao.getByKey(keyId);
        // if we find the user, update it's properties
        if (u != null) {
          // copy the properties, except the createdDateTime property,
          // because it is set in the Dao.
          BeanUtils.copyProperties(userDto, u, new String[] {"createdDateTime", "config"});

          if (u.getPermissionList().equals(String.valueOf(AppRole.SUPER_ADMIN.getLevel()))) {
            u.setPermissionList(String.valueOf(AppRole.USER.getLevel()));
          }

          u = userDao.save(u);
          dto = new UserDto();
          BeanUtils.copyProperties(u, dto, new String[] {"config"});
          if (u.getKey() != null) {
            dto.setKeyId(u.getKey().getId());
          }
          statusDto.setStatus("ok");
        }
      }
    }
    response.put("meta", statusDto);
    response.put("user", dto);
    return response;
  }
  // TODO put in meta information?
  // list all users
  @RequestMapping(method = RequestMethod.GET, value = "")
  @ResponseBody
  public Map<String, List<UserDto>> listUsers(
      @RequestParam(value = "currUser", defaultValue = "") String currUser) {
    final Map<String, List<UserDto>> response = new HashMap<String, List<UserDto>>();
    List<UserDto> results = new ArrayList<UserDto>();

    // TODO check if this part works
    if ("true".equals(currUser)) {
      com.google.appengine.api.users.UserService userService = UserServiceFactory.getUserService();
      com.google.appengine.api.users.User currentUser = userService.getCurrentUser();
      if (currentUser != null) {
        UserDto dto = new UserDto();
        dto.setEmailAddress(currentUser.getEmail());
        dto.setUserName(currentUser.getFederatedIdentity());
        results.add(dto);
      }

    } else {
      List<User> users = userDao.list(Constants.ALL_RESULTS);
      if (users != null) {
        for (User u : users) {
          if ("0".equals(u.getPermissionList()) || Boolean.TRUE.equals(u.isSuperAdmin())) {
            continue;
          }
          UserDto dto = new UserDto();
          BeanUtils.copyProperties(u, dto, new String[] {"config"});
          if (u.getKey() != null) {
            dto.setKeyId(u.getKey().getId());
          }
          results.add(dto);
        }
      }
    }

    response.put("users", results);
    return response;
  }