@Path("/user/save")
@POST
@ApiOperation(
value = "Save or update a user",
notes = "Save or update a user. If the id is not specified, a new user will be created")
public Response save(@ApiParam(required = true) UserModel userModel) {
Preconditions.checkNotNull(userModel);
Preconditions.checkNotNull(userModel.getName());
Long id = userModel.getId();
if (id == null) {
Preconditions.checkNotNull(userModel.getPassword());
Set<Role> roles = Sets.newHashSet(Role.USER);
if (userModel.isAdmin()) {
roles.add(Role.ADMIN);
}
try {
userService.register(
userModel.getName(), userModel.getPassword(), userModel.getEmail(), roles, true);
} catch (Exception e) {
return Response.status(Status.CONFLICT).entity(e.getMessage()).build();
}
} else {
User user = userDAO.findById(id);
if (StartupBean.USERNAME_ADMIN.equals(user.getName()) && !userModel.isEnabled()) {
return Response.status(Status.FORBIDDEN)
.entity("You cannot disable the admin user.")
.build();
}
user.setName(userModel.getName());
if (StringUtils.isNotBlank(userModel.getPassword())) {
user.setPassword(
encryptionService.getEncryptedPassword(userModel.getPassword(), user.getSalt()));
}
user.setEmail(userModel.getEmail());
user.setDisabled(!userModel.isEnabled());
userDAO.saveOrUpdate(user);
Set<Role> roles = userRoleDAO.findRoles(user);
if (userModel.isAdmin() && !roles.contains(Role.ADMIN)) {
userRoleDAO.saveOrUpdate(new UserRole(user, Role.ADMIN));
} else if (!userModel.isAdmin() && roles.contains(Role.ADMIN)) {
if (StartupBean.USERNAME_ADMIN.equals(user.getName())) {
return Response.status(Status.FORBIDDEN)
.entity("You cannot remove the admin role from the admin user.")
.build();
}
for (UserRole userRole : userRoleDAO.findAll(user)) {
if (userRole.getRole() == Role.ADMIN) {
userRoleDAO.delete(userRole);
}
}
}
}
return Response.ok(Status.OK).entity("OK").build();
}
@PostConstruct
private void init() {
startupTime = Calendar.getInstance().getTimeInMillis();
if (userDAO.getCount() == 0) {
initialData();
}
initSupportedLanguages();
ApplicationSettings settings = applicationSettingsService.get();
int threads = settings.getBackgroundThreads();
log.info("Starting {} background threads", threads);
executor = Executors.newFixedThreadPool(Math.max(threads, 1));
for (int i = 0; i < threads; i++) {
final int threadId = i;
executor.execute(
new Runnable() {
@Override
public void run() {
FeedRefreshWorker worker = workers.get();
worker.start(running, "Thread " + threadId);
}
});
}
}
public void unregister(User user) {
feedEntryStatusDAO.delete(feedEntryStatusDAO.findAll(user, false, ReadingOrder.desc, false));
feedSubscriptionDAO.delete(feedSubscriptionDAO.findAll(user));
feedCategoryDAO.delete(feedCategoryDAO.findAll(user));
userSettingsDAO.delete(userSettingsDAO.findByUser(user));
userRoleDAO.delete(userRoleDAO.findAll(user));
userDAO.delete(user);
}
public User login(String name, String password) {
if (name == null || password == null) {
return null;
}
User user = userDAO.findByName(name);
if (user != null && !user.isDisabled()) {
boolean authenticated =
encryptionService.authenticate(password, user.getPassword(), user.getSalt());
if (authenticated) {
user.setLastLogin(Calendar.getInstance().getTime());
userDAO.update(user);
return user;
}
}
return null;
}
public User register(String name, String password, String email, Collection<Role> roles) {
Preconditions.checkNotNull(name);
Preconditions.checkNotNull(password);
if (userDAO.findByName(name) != null) {
return null;
}
User user = new User();
byte[] salt = encryptionService.generateSalt();
user.setName(name);
user.setEmail(email);
user.setSalt(salt);
user.setPassword(encryptionService.getEncryptedPassword(password, salt));
for (Role role : roles) {
user.getRoles().add(new UserRole(user, role));
}
userDAO.save(user);
return user;
}
@Path("/user/delete")
@POST
@ApiOperation(value = "Delete a user", notes = "Delete a user, and all his subscriptions")
public Response delete(@ApiParam(required = true) IDRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
User user = userDAO.findById(req.getId());
if (user == null) {
return Response.status(Status.NOT_FOUND).build();
}
if (StartupBean.USERNAME_ADMIN.equals(user.getName())) {
return Response.status(Status.FORBIDDEN).entity("You cannot delete the admin user.").build();
}
userService.unregister(user);
return Response.ok().build();
}
@Path("/user/get/{id}")
@GET
@ApiOperation(
value = "Get user information",
notes = "Get user information",
responseClass = "com.commafeed.frontend.model.UserModel")
public Response getUser(@ApiParam(value = "user id", required = true) @PathParam("id") Long id) {
Preconditions.checkNotNull(id);
User user = userDAO.findById(id);
UserModel userModel = new UserModel();
userModel.setId(user.getId());
userModel.setName(user.getName());
userModel.setEmail(user.getEmail());
userModel.setEnabled(!user.isDisabled());
for (UserRole role : userRoleDAO.findAll(user)) {
if (role.getRole() == Role.ADMIN) {
userModel.setAdmin(true);
}
}
return Response.ok(userModel).build();
}