@POST public Response add(final String body) { logger.debug("Adding a new user with body {}", body); User user = userJsonConverter.convertFrom(body); if (user.getUserType().equals(User.UserType.EMPLOYEE)) { return Response.status(HttpCode.FORBIDDEN.getCode()).build(); } HttpCode httpCode = HttpCode.CREATED; OperationResult result; try { user = userService.add(user); result = OperationResult.success(JsonUtils.getJsonElementWithId(user.getId())); } catch (final FieldNotValidException e) { httpCode = HttpCode.VALIDATION_ERROR; logger.error("One of the fields of the user is not valid", e); result = getOperationResultInvalidField(RESOURCE_MESSAGE, e); } catch (final UserExistException e) { httpCode = HttpCode.VALIDATION_ERROR; logger.error("There is already an user for the given email", e); result = getOperationResultExists(RESOURCE_MESSAGE, "email"); } logger.debug("Returning the operation result after adding user: {}", result); return Response.status(httpCode.getCode()) .entity(OperationResultJsonWriter.toJson(result)) .build(); }
@PUT @Path("/{id}/password") @PermitAll public Response updatePassword(@PathParam("id") final Long id, final String body) { logger.debug("Updating the password for user {}", id); if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) { if (!isLoggedUser(id)) { return Response.status(HttpCode.FORBIDDEN.getCode()).build(); } } HttpCode httpCode = HttpCode.OK; OperationResult result; try { userService.updatePassword(id, getPasswordFromJson(body)); result = OperationResult.success(); } catch (UserNotFoundException e) { httpCode = HttpCode.NOT_FOUND; logger.error("No user found for the given id", e); result = getOperationResultNotFound(RESOURCE_MESSAGE); } logger.debug("Returning the operation result after updating user password: {}", result); return Response.status(httpCode.getCode()) .entity(OperationResultJsonWriter.toJson(result)) .build(); }
@PUT @Path("/{id}") @PermitAll public Response update(@PathParam("id") final Long id, final String body) { logger.debug("Updating the user {} with body {}", id, body); if (!securityContext.isUserInRole(Roles.ADMINISTRATOR.name())) { if (!isLoggedUser(id)) { return Response.status(HttpCode.FORBIDDEN.getCode()).build(); } } final User user = userJsonConverter.convertFrom(body); user.setId(id); HttpCode httpCode = HttpCode.OK; OperationResult result; try { userService.update(user); result = OperationResult.success(); } catch (FieldNotValidException e) { httpCode = HttpCode.VALIDATION_ERROR; logger.error("One of the fields of the user is not valid", e); result = getOperationResultInvalidField(RESOURCE_MESSAGE, e); } catch (UserExistException e) { httpCode = HttpCode.VALIDATION_ERROR; logger.error("There is already an user for the given email", e); result = getOperationResultExists(RESOURCE_MESSAGE, "email"); } catch (UserNotFoundException e) { httpCode = HttpCode.NOT_FOUND; logger.error("No user found for the given id", e); result = getOperationResultNotFound(RESOURCE_MESSAGE); } logger.debug("Returning the operation result after updating user: {}", result); return Response.status(httpCode.getCode()) .entity(OperationResultJsonWriter.toJson(result)) .build(); }