@POST
public Response add(final String body) {
logger.debug("Adding a new user with body {}", body);
User user = userJsonConverter.convertFrom(body);
if (user.getUserType().equals(User.UserType.EMPLOYEE)) {
return Response.status(HttpCode.FORBIDDEN.getCode()).build();
}
HttpCode httpCode = HttpCode.CREATED;
OperationResult result;
try {
user = userService.add(user);
result = OperationResult.success(JsonUtils.getJsonElementWithId(user.getId()));
} catch (final FieldNotValidException e) {
httpCode = HttpCode.VALIDATION_ERROR;
logger.error("One of the fields of the user is not valid", e);
result = getOperationResultInvalidField(RESOURCE_MESSAGE, e);
} catch (final UserExistException e) {
httpCode = HttpCode.VALIDATION_ERROR;
logger.error("There is already an user for the given email", e);
result = getOperationResultExists(RESOURCE_MESSAGE, "email");
}
logger.debug("Returning the operation result after adding user: {}", result);
return Response.status(httpCode.getCode())
.entity(OperationResultJsonWriter.toJson(result))
.build();
}
@PUT
@Path("/{id}/password")
@PermitAll
public Response updatePassword(@PathParam("id") final Long id, final String body) {
logger.debug("Updating the password for user {}", id);
if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) {
if (!isLoggedUser(id)) {
return Response.status(HttpCode.FORBIDDEN.getCode()).build();
}
}
HttpCode httpCode = HttpCode.OK;
OperationResult result;
try {
userService.updatePassword(id, getPasswordFromJson(body));
result = OperationResult.success();
} catch (UserNotFoundException e) {
httpCode = HttpCode.NOT_FOUND;
logger.error("No user found for the given id", e);
result = getOperationResultNotFound(RESOURCE_MESSAGE);
}
logger.debug("Returning the operation result after updating user password: {}", result);
return Response.status(httpCode.getCode())
.entity(OperationResultJsonWriter.toJson(result))
.build();
}
@PUT
@Path("/{id}")
@PermitAll
public Response update(@PathParam("id") final Long id, final String body) {
logger.debug("Updating the user {} with body {}", id, body);
if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) {
if (!isLoggedUser(id)) {
return Response.status(HttpCode.FORBIDDEN.getCode()).build();
}
}
final User user = userJsonConverter.convertFrom(body);
user.setId(id);
HttpCode httpCode = HttpCode.OK;
OperationResult result;
try {
userService.update(user);
result = OperationResult.success();
} catch (FieldNotValidException e) {
httpCode = HttpCode.VALIDATION_ERROR;
logger.error("One of the fields of the user is not valid", e);
result = getOperationResultInvalidField(RESOURCE_MESSAGE, e);
} catch (UserExistException e) {
httpCode = HttpCode.VALIDATION_ERROR;
logger.error("There is already an user for the given email", e);
result = getOperationResultExists(RESOURCE_MESSAGE, "email");
} catch (UserNotFoundException e) {
httpCode = HttpCode.NOT_FOUND;
logger.error("No user found for the given id", e);
result = getOperationResultNotFound(RESOURCE_MESSAGE);
}
logger.debug("Returning the operation result after updating user: {}", result);
return Response.status(httpCode.getCode())
.entity(OperationResultJsonWriter.toJson(result))
.build();
}