@RequestMapping(value = "/user", method = RequestMethod.PUT) @Transactional public ResponseEntity<Client> doIt(@RequestBody Client client, Authentication authentication) { List<String> errors = DomainValidator.checkForErrors(client); if (!errors.isEmpty()) { return new ResponseEntity<Client>(new Client(client, errors), HttpStatus.BAD_REQUEST); } HttpStatus status = null; List<GrantedAuthority> authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority("USER")); if (ApplicationSecurity.isRoot(authentication)) { if (ApplicationSecurity.isRoot(client.getUsername())) { return new ResponseEntity<Client>( new Client(client, cannotChangeRootPassword), HttpStatus.BAD_REQUEST); } status = upsert(client, authorities); } else if (StringUtils.equals(client.getUsername(), authentication.getName())) { if (!userDetailsManager.userExists(client.getUsername())) { return new ResponseEntity<Client>(new Client(client, mustBeRoot), HttpStatus.BAD_REQUEST); } User user = new User(client.getUsername(), client.getPassword(), authorities); userDetailsManager.updateUser(user); status = HttpStatus.OK; } else { return new ResponseEntity<Client>(HttpStatus.FORBIDDEN); } return new ResponseEntity<Client>(new Client(client), status); }
private HttpStatus upsert(Client client, List<GrantedAuthority> authorities) { HttpStatus status; User user = new User(client.getUsername(), client.getPassword(), authorities); if (userDetailsManager.userExists(client.getUsername())) { userDetailsManager.updateUser(user); status = HttpStatus.OK; } else { userDetailsManager.createUser(user); status = HttpStatus.CREATED; } return status; }