@Override @Transactional(propagation = Propagation.REQUIRED, readOnly = false) public void update(long userId, EditUser editUserForm) { User loggedIn = MyTools.getSessionUser(); MyTools.validate(loggedIn.getId() == userId, "noPermission"); User user = userRepo.findOne(userId); user.setName(editUserForm.getName()); userRepo.save(user); }
@Override public User findOne(long userId) { User loggedIn = MyTools.getSessionUser(); User user = userRepo.findOne(userId); // if nobody is logged in or if the user is not seeing is own profile if (loggedIn == null || loggedIn.getId() != user.getId()) user.setEmail("********"); return user; }