package io.irontest.resources; import io.irontest.IronTestConstants; import io.irontest.auth.SimplePrincipal; import io.irontest.db.UserDAO; import io.irontest.models.User; import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; import javax.ws.rs.*; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.SecurityContext; import java.util.List; /** * This resource is only registered in team mode. */ @Path("/users") @Produces({ MediaType.APPLICATION_JSON }) public class UserResource { private final UserDAO userDAO; public UserResource(UserDAO userDAO) { this.userDAO = userDAO; } /** * Return HTTP 200 if user is authenticated; return 401 otherwise. */ @GET @Path("authenticated") @PermitAll public User authenticated(@Context SecurityContext context) { SimplePrincipal principal = (SimplePrincipal) context.getUserPrincipal(); return userDAO.findByUsername(principal.getName()); } @GET @RolesAllowed(IronTestConstants.USER_ROLE_ADMIN) public List<User> findAll() { return userDAO.findAll(); } @POST @RolesAllowed(IronTestConstants.USER_ROLE_ADMIN) public User create(User user) { return userDAO.insert(user.getUsername()); } @DELETE @Path("{userId}") @RolesAllowed(IronTestConstants.USER_ROLE_ADMIN) public void delete(@PathParam("userId") long userId) { User user = userDAO.findById(userId); if (user != null && IronTestConstants.SYSADMIN_USER.equals(user.getUsername())) { throw new RuntimeException("Can not delete " + IronTestConstants.SYSADMIN_USER); } userDAO.deleteById(userId); } @PUT @Path("{userId}/password") @PermitAll public void updatePassword(@PathParam("userId") long userId, @QueryParam("newPassword") String newPassword, @Context SecurityContext context) { SimplePrincipal principal = (SimplePrincipal) context.getUserPrincipal(); User user = userDAO.findByUsername(principal.getName()); if (user.getId() == userId) { userDAO.updatePassword(userId, newPassword); } else { throw new RuntimeException("You can't change other user's password."); } } }