diff --git a/src/main/java/cz/cvut/kbss/study/rest/OidcUserController.java b/src/main/java/cz/cvut/kbss/study/rest/OidcUserController.java index 0c01c193..d2388d20 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/OidcUserController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/OidcUserController.java @@ -3,19 +3,21 @@ import cz.cvut.kbss.study.exception.NotFoundException; import cz.cvut.kbss.study.model.Institution; import cz.cvut.kbss.study.model.User; +import cz.cvut.kbss.study.model.util.HasUri; +import cz.cvut.kbss.study.rest.exception.BadRequestException; import cz.cvut.kbss.study.security.SecurityConstants; import cz.cvut.kbss.study.service.InstitutionService; import cz.cvut.kbss.study.service.UserService; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; +import java.net.URI; import java.util.List; +import java.util.Objects; +import java.util.Optional; /** * API for getting basic user info. @@ -61,6 +63,48 @@ public List getUsers(@RequestParam(value = "institution", required = false return institutionKey != null ? getByInstitution(institutionKey) : userService.findAll(); } + @PreAuthorize("hasRole('" + SecurityConstants.ROLE_ADMIN + "') or #username == authentication.name") + @PutMapping(value = "/{username}", consumes = MediaType.APPLICATION_JSON_VALUE) + @ResponseStatus(HttpStatus.NO_CONTENT) + public void updateUser(@PathVariable("username") String username, @RequestBody User user, + @RequestParam(value = "email", defaultValue = "true") boolean sendEmail) { + if (!username.equals(user.getUsername())) { + throw new BadRequestException("The passed user's username is different from the specified one."); + } + final User original = getByUsername(username); + + assert original != null; + Institution newInstitution = user.getInstitution(); + Institution oldInstitution = original.getInstitution(); + original.setInstitution(newInstitution); + userService.update(original, sendEmail, "profileUpdate"); + + if (LOG.isTraceEnabled() && ! equals(newInstitution, oldInstitution)) { + LOG.trace("Set user institution {} to institution {} successfully.", user, oldInstitution, newInstitution); + } + } + + /** + * Input arguments can be null and getUri can be null. + * @param entity1 + * @param entity2 + * @return true if the URIs of the input arguments are equal, false otherwise. + */ + private boolean equals(HasUri entity1, HasUri entity2){ + URI u1 = getURI(entity1); + URI u2 = getURI(entity2); + return Objects.equals(u1, u2); + } + + /** + * Retrieves the URI of entity argument. entity can be null. + * @param entity + * @return the URI of the entity or null if entity is null. + */ + private URI getURI(HasUri entity){ + return Optional.of(entity).map(HasUri::getUri).orElse(null); + } + private List getByInstitution(String institutionKey) { assert institutionKey != null; final Institution institution = institutionService.findByKey(institutionKey);