@PUT @Path("/{id}/password") @PermitAll public Response updatePassword(@PathParam("id") final Long id, final String body) { logger.debug("Updating the password for user {}", id); if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) { if (!isLoggedUser(id)) { return Response.status(HttpCode.FORBIDDEN.getCode()).build(); } } HttpCode httpCode = HttpCode.OK; OperationResult result; try { userService.updatePassword(id, getPasswordFromJson(body)); result = OperationResult.success(); } catch (UserNotFoundException e) { httpCode = HttpCode.NOT_FOUND; logger.error("No user found for the given id", e); result = getOperationResultNotFound(RESOURCE_MESSAGE); } logger.debug("Returning the operation result after updating user password: {}", result); return Response.status(httpCode.getCode()) .entity(OperationResultJsonWriter.toJson(result)) .build(); }
private boolean isLoggedUser(final Long id) { try { final User loggerUser = userService.find(securityContext.getUserPrincipal().getName()); if (loggerUser.getId().equals(id)) { return true; } } catch (final UserNotFoundException e) { } return false; }
@PUT @Path("/{id}") @PermitAll public Response update(@PathParam("id") final Long id, final String body) { logger.debug("Updating the user {} with body {}", id, body); if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) { if (!isLoggedUser(id)) { return Response.status(HttpCode.FORBIDDEN.getCode()).build(); } } final User user = userJsonConverter.convertFrom(body); user.setId(id); HttpCode httpCode = HttpCode.OK; OperationResult result; try { userService.update(user); result = OperationResult.success(); } catch (FieldNotValidException e) { httpCode = HttpCode.VALIDATION_ERROR; logger.error("One of the fields of the user is not valid", e); result = getOperationResultInvalidField(RESOURCE_MESSAGE, e); } catch (UserExistException e) { httpCode = HttpCode.VALIDATION_ERROR; logger.error("There is already an user for the given email", e); result = getOperationResultExists(RESOURCE_MESSAGE, "email"); } catch (UserNotFoundException e) { httpCode = HttpCode.NOT_FOUND; logger.error("No user found for the given id", e); result = getOperationResultNotFound(RESOURCE_MESSAGE); } logger.debug("Returning the operation result after updating user: {}", result); return Response.status(httpCode.getCode()) .entity(OperationResultJsonWriter.toJson(result)) .build(); }