@POST
public Response add(final String body) {
logger.debug("Adding a new user with body {}", body);
User user = userJsonConverter.convertFrom(body);
if (user.getUserType().equals(User.UserType.EMPLOYEE)) {
return Response.status(HttpCode.FORBIDDEN.getCode()).build();
}
HttpCode httpCode = HttpCode.CREATED;
OperationResult result;
try {
user = userService.add(user);
result = OperationResult.success(JsonUtils.getJsonElementWithId(user.getId()));
} catch (final FieldNotValidException e) {
httpCode = HttpCode.VALIDATION_ERROR;
logger.error("One of the fields of the user is not valid", e);
result = getOperationResultInvalidField(RESOURCE_MESSAGE, e);
} catch (final UserExistException e) {
httpCode = HttpCode.VALIDATION_ERROR;
logger.error("There is already an user for the given email", e);
result = getOperationResultExists(RESOURCE_MESSAGE, "email");
}
logger.debug("Returning the operation result after adding user: {}", result);
return Response.status(httpCode.getCode())
.entity(OperationResultJsonWriter.toJson(result))
.build();
}
private User getUserWithEmailAndPasswordFromJson(final String body) {
final User user = new Customer(); // The implementation does not matter
final JsonObject jsonObject = JsonReader.readAsJsonObject(body);
user.setEmail(JsonReader.getStringOrNull(jsonObject, "email"));
user.setPassword(JsonReader.getStringOrNull(jsonObject, "password"));
return user;
}
private boolean isLoggedUser(final Long id) {
try {
final User loggerUser = userService.find(securityContext.getUserPrincipal().getName());
if (loggerUser.getId().equals(id)) {
return true;
}
} catch (final UserNotFoundException e) {
}
return false;
}
@PUT
@Path("/{id}")
@PermitAll
public Response update(@PathParam("id") final Long id, final String body) {
logger.debug("Updating the user {} with body {}", id, body);
if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) {
if (!isLoggedUser(id)) {
return Response.status(HttpCode.FORBIDDEN.getCode()).build();
}
}
final User user = userJsonConverter.convertFrom(body);
user.setId(id);
HttpCode httpCode = HttpCode.OK;
OperationResult result;
try {
userService.update(user);
result = OperationResult.success();
} catch (FieldNotValidException e) {
httpCode = HttpCode.VALIDATION_ERROR;
logger.error("One of the fields of the user is not valid", e);
result = getOperationResultInvalidField(RESOURCE_MESSAGE, e);
} catch (UserExistException e) {
httpCode = HttpCode.VALIDATION_ERROR;
logger.error("There is already an user for the given email", e);
result = getOperationResultExists(RESOURCE_MESSAGE, "email");
} catch (UserNotFoundException e) {
httpCode = HttpCode.NOT_FOUND;
logger.error("No user found for the given id", e);
result = getOperationResultNotFound(RESOURCE_MESSAGE);
}
logger.debug("Returning the operation result after updating user: {}", result);
return Response.status(httpCode.getCode())
.entity(OperationResultJsonWriter.toJson(result))
.build();
}
@POST
@Path("/authenticate")
@PermitAll
public Response findByEmailAndPassword(final String body) {
logger.debug("Find user by email and password");
Response.ResponseBuilder responseBuilder;
try {
User userWithEmailAndPassword = getUserWithEmailAndPasswordFromJson(body);
User user =
userService.find(
userWithEmailAndPassword.getEmail(), userWithEmailAndPassword.getPassword());
OperationResult result =
OperationResult.success(userJsonConverter.convertToJsonElement(user));
responseBuilder =
Response.status(HttpCode.OK.getCode()).entity(OperationResultJsonWriter.toJson(result));
logger.debug("User found by email/password: {}", user);
} catch (UserNotFoundException e) {
logger.error("No user found for email/password");
responseBuilder = Response.status(HttpCode.NOT_FOUND.getCode());
}
return responseBuilder.build();
}