This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository coselmar. See http://git.codelutin.com/coselmar.git commit 844afae500a09f5c8fa15c8eb2f5a9c151d641a2 Author: Yannick Martel <martel@©odelutin.com> Date: Mon Jan 19 13:22:46 2015 +0100 supervisor can create client user --- .../coselmar/services/v1/UsersWebService.java | 34 ++++++++++++++++++++-- .../src/main/webapp/js/coselmar-controllers.js | 9 +++++- .../src/main/webapp/views/users/edituser.html | 13 ++++++++- 3 files changed, 52 insertions(+), 4 deletions(-) diff --git a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java index dcfcdcf..4f31179 100644 --- a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java +++ b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java @@ -93,7 +93,21 @@ public class UsersWebService extends CoselmarWebServiceSupport { return userBean; } - public List<UserBean> getUsers(UserSearchBean search) { + public List<UserBean> getUsers(UserSearchBean search) throws InvalidCredentialException, UnauthorizedException { + + // Check authentication + String authorization = getContext().getHeader("Authorization"); + UserWebToken userWebToken = checkAuthentication(authorization); + + // Who is allowed here ? Admin and user himself + if (!StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.ADMIN.name()) + && !StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.SUPERVISOR.name())) { + if (log.isDebugEnabled()) { + String message = String.format("A non admin, non supervisor user is trying to access users list"); + log.debug(message); + } + throw new UnauthorizedException("Not allowed to see users"); + } List<CoselmarUser> userList; if (search != null) { @@ -123,9 +137,25 @@ public class UsersWebService extends CoselmarWebServiceSupport { return result; } - public void addUser(UserBean user) throws InvalidParameterException { + public void addUser(UserBean user) throws InvalidParameterException, InvalidCredentialException, UnauthorizedException { Preconditions.checkNotNull(user); + // Check authentication + String authorization = getContext().getHeader("Authorization"); + UserWebToken userWebToken = checkAuthentication(authorization); + + // Who is allowed here ? Admin and user himself + if (!StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.ADMIN.name()) + && (StringUtils.equals(userWebToken.getRole(), CoselmarUserRole.SUPERVISOR.name()) + && !StringUtils.equals(user.getRole(), CoselmarUserRole.CLIENT.name())) + ) { + if (log.isDebugEnabled()) { + String message = String.format("A non admin, non supervisor user is trying to access users list"); + log.debug(message); + } + throw new UnauthorizedException("Not allowed to see users"); + } + CoselmarUser userEntity = getCoselmarUserDao().create(); userEntity.setFirstname(user.getFirstName()); diff --git a/coselmar-ui/src/main/webapp/js/coselmar-controllers.js b/coselmar-ui/src/main/webapp/js/coselmar-controllers.js index 849873f..d1ae64b 100644 --- a/coselmar-ui/src/main/webapp/js/coselmar-controllers.js +++ b/coselmar-ui/src/main/webapp/js/coselmar-controllers.js @@ -286,7 +286,14 @@ coselmarControllers.controller("UsersCtrl", ['$scope', '$route', '$routeParams', // Controller for new user View coselmarControllers.controller("NewUserCtrl", ['$scope', '$route', '$location', 'userService', function($scope, $route, $location, userService){ - $scope.user = {'role' : 'EXPERT'}; + console.log($scope.currentUser); + if ($scope.currentUser.role == 'ADMIN') { + $scope.user = {'role' : 'EXPERT'}; + } else if ($scope.currentUser.role == 'SUPERVISOR') { + $scope.user = {'role' : 'CLIENT'}; + } else { + $location.path("403"); + } $scope.saveUser = function(isValidForm){ diff --git a/coselmar-ui/src/main/webapp/views/users/edituser.html b/coselmar-ui/src/main/webapp/views/users/edituser.html index 4bc5827..0c9f91e 100644 --- a/coselmar-ui/src/main/webapp/views/users/edituser.html +++ b/coselmar-ui/src/main/webapp/views/users/edituser.html @@ -21,7 +21,7 @@ <http://www.gnu.org/licenses/gpl-3.0.html>. #L% --> - <div class=""> + <div class="" ng-if="currentUser.role == 'ADMIN' || currentUser.role == 'SUPERVISOR'"> <form name="userForm" class="form-horizontal" role="form" ng-submit="saveUser(userForm.$valid)"> @@ -62,6 +62,17 @@ </div> + <div class="form-group" ng-if="currentUser.role == 'SUPERVISOR'"> + <label class="col-md-4 control-label">Role *</label> + + <div class="col-md-5"> + <select class="form-control" name="role" ng-model="user.role" required> + <option value="CLIENT">Client</option> + </select> + </div> + + </div> + <div class="form-group" ng-class="{'has-error' : userForm.mail.$invalid && !userForm.mail.$pristine}"> <label class="col-md-4 control-label">Mail *</label> -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.