/** * @see org.sakaiproject.api.common.edu.person.SakaiPersonManager#create(java.lang.String, * java.lang.String, org.sakaiproject.api.common.type.Type) */ public SakaiPerson create(String userId, Type recordType) { if (LOG.isDebugEnabled()) { LOG.debug("create(String " + userId + ", Type " + recordType + ")"); } if (userId == null || userId.length() < 1) throw new IllegalArgumentException("Illegal agentUuid argument passed!"); ; // a null uid is valid if (!isSupportedType(recordType)) throw new IllegalArgumentException("Illegal recordType argument passed!"); SakaiPersonImpl spi = new SakaiPersonImpl(); persistableHelper.createPersistableFields(spi); spi.setUuid(IdManager.createUuid()); spi.setAgentUuid(userId); spi.setUid(userId); spi.setTypeUuid(recordType.getUuid()); spi.setLocked(Boolean.valueOf(false)); this.getHibernateTemplate().save(spi); // log the event String ref = getReference(spi); eventTrackingService.post(eventTrackingService.newEvent("profile.new", ref, true)); // do not do this for system profiles if (serverConfigurationService.getBoolean("profile.updateUser", false)) { try { User u = userDirectoryService.getUser(userId); spi.setGivenName(u.getFirstName()); spi.setSurname(u.getLastName()); spi.setMail(u.getEmail()); } catch (UserNotDefinedException uue) { LOG.error("User " + userId + "doesn't exist"); } } LOG.debug("return spi;"); return spi; }
/** @see SakaiPersonManager#save(SakaiPerson) */ public void save(SakaiPerson sakaiPerson) { if (LOG.isDebugEnabled()) { LOG.debug("save(SakaiPerson " + sakaiPerson + ")"); } if (sakaiPerson == null) throw new IllegalArgumentException("Illegal sakaiPerson argument passed!"); if (!isSupportedType(sakaiPerson.getTypeUuid())) throw new IllegalArgumentException("The sakaiPerson argument contains an invalid Type!"); // AuthZ // Only superusers can update system records if (getSystemMutableType().getUuid().equals(sakaiPerson.getTypeUuid()) && !SecurityService.isSuperUser()) { throw new IllegalAccessError("System mutable records cannot be updated."); } // if it is a user mutable record, ensure the user is updating their own record // this can be overriden with a security advisor so the admin user to allow access if (!SecurityService.unlock( UserDirectoryService.ADMIN_ID, SakaiPerson.PROFILE_SAVE_PERMISSION, sakaiPerson.getAgentUuid())) { if (!StringUtils.equals(SessionManager.getCurrentSessionUserId(), sakaiPerson.getAgentUuid()) && !SecurityService.isSuperUser()) { // AuthZ - Ensure the current user is updating their own record if (!StringUtils.equals( SessionManager.getCurrentSessionUserId(), sakaiPerson.getAgentUuid())) { throw new IllegalAccessError("You do not have permissions to update this record!"); } } } // store record if (!(sakaiPerson instanceof SakaiPersonImpl)) { // TODO support alternate implementations of SakaiPerson // copy bean properties into new SakaiPersonImpl with beanutils? throw new UnsupportedOperationException("Unknown SakaiPerson implementation found!"); } else { // update lastModifiedDate SakaiPersonImpl spi = (SakaiPersonImpl) sakaiPerson; persistableHelper.modifyPersistableFields(spi); // if the repository path is set save if there if (photoService.overRidesDefault()) { photoService.savePhoto(spi.getJpegPhoto(), spi.getAgentUuid()); spi.setJpegPhoto(null); } // use update(..) method to ensure someone does not try to insert a // prototype. getHibernateTemplate().update(spi); // set the event String ref = getReference(spi); LOG.debug("got ref of: " + ref + " about to set events"); eventTrackingService.post(eventTrackingService.newEvent("profile.update", ref, true)); LOG.debug("User record updated for Id :-" + spi.getAgentUuid()); // update the account too -only if not system profile if (serverConfigurationService.getBoolean("profile.updateUser", false) && spi.getTypeUuid().equals(this.userMutableType.getUuid())) { try { UserEdit userEdit = null; userEdit = userDirectoryService.editUser(spi.getAgentUuid()); userEdit.setFirstName(spi.getGivenName()); userEdit.setLastName(spi.getSurname()); userEdit.setEmail(spi.getMail()); userDirectoryService.commitEdit(userEdit); LOG.debug("Saved user object"); } catch (Exception e) { e.printStackTrace(); } } } }