@RequestMapping("/roleeditsubmit")
public ModelAndView roleEditSubmit(
@RequestParam("role") String role, @RequestParam("id") Long userId) {
SecurityContext.assertUserHasPrivilege(Privilege.MANAGE_USERS);
User user = userRepository.find(userId);
user.setRole(Role.valueOf(role));
return createModelAndView(user);
}
@RequestMapping("/privilegeeditsubmit")
public ModelAndView privilegeEditSubmit(@RequestParam Map<String, String> params) {
SecurityContext.assertUserHasPrivilege(Privilege.MANAGE_USERS);
User user = getRequiredEntity(Long.parseLong(params.get("id")));
// ModelAndView mv = new ModelAndView("redirect:user", "username", user.getUserName());
ModelAndView mv = new ModelAndView("redirect:/user/" + user.getUserName());
params.remove("id");
user.getPrivileges().clear();
for (Map.Entry<String, String> entry : params.entrySet()) {
try {
user.getPrivileges().add(Privilege.valueOf(entry.getKey()));
} catch (Exception e) {
throw new IllegalArgumentException("parameters should only contains Id and privileges");
}
}
// em.merge(user); Not needed (we did not modify the user, we changed the .privilege
// collection). Save will happen with dirty checking.
return mv;
}