@RequestMapping(value = "/user", method = RequestMethod.PUT)
@Transactional
public ResponseEntity<Client> doIt(@RequestBody Client client, Authentication authentication) {
List<String> errors = DomainValidator.checkForErrors(client);
if (!errors.isEmpty()) {
return new ResponseEntity<Client>(new Client(client, errors), HttpStatus.BAD_REQUEST);
}
HttpStatus status = null;
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("USER"));
if (ApplicationSecurity.isRoot(authentication)) {
if (ApplicationSecurity.isRoot(client.getUsername())) {
return new ResponseEntity<Client>(
new Client(client, cannotChangeRootPassword), HttpStatus.BAD_REQUEST);
}
status = upsert(client, authorities);
} else if (StringUtils.equals(client.getUsername(), authentication.getName())) {
if (!userDetailsManager.userExists(client.getUsername())) {
return new ResponseEntity<Client>(new Client(client, mustBeRoot), HttpStatus.BAD_REQUEST);
}
User user = new User(client.getUsername(), client.getPassword(), authorities);
userDetailsManager.updateUser(user);
status = HttpStatus.OK;
} else {
return new ResponseEntity<Client>(HttpStatus.FORBIDDEN);
}
return new ResponseEntity<Client>(new Client(client), status);
}
private HttpStatus upsert(Client client, List<GrantedAuthority> authorities) {
HttpStatus status;
User user = new User(client.getUsername(), client.getPassword(), authorities);
if (userDetailsManager.userExists(client.getUsername())) {
userDetailsManager.updateUser(user);
status = HttpStatus.OK;
} else {
userDetailsManager.createUser(user);
status = HttpStatus.CREATED;
}
return status;
}