diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/person/people.post.json.js b/config/alfresco/templates/webscripts/org/alfresco/repository/person/people.post.json.js index b3d0d48ba9..8f04e9cdc2 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/person/people.post.json.js +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/person/people.post.json.js @@ -22,9 +22,15 @@ function main() return; } + if ((json.isNull("email")) || (json.get("email").length() == 0)) + { + status.setCode(status.STATUS_BAD_REQUEST, "Email missing when creating person"); + return; + } + // Create the person with the supplied user name var userName = json.get("userName"); - var person = people.createPerson(userName); + var person = people.createPerson(userName, json.get("firstName"), json.get("lastName"), json.get("email")); // return error message if a person with that user name could not be created if (person === null) @@ -33,17 +39,23 @@ function main() return; } - // assign values to the person's properties - person.properties["title"] = json.get("title"); - person.properties["firstName"] = json.get("firstName"); - person.properties["lastName"] = json.get("lastName"); - person.properties["organization"] = json.get("organisation"); - person.properties["jobtitle"] = json.get("jobtitle"); - person.properties["email"] = json.get("email"); + // assign values to the person's properties + if (json.has("title")) + { + person.properties["title"] = json.get("title"); + } + if (json.has("organisation")) + { + person.properties["organization"] = json.get("organisation"); + } + if (json.has("jobtitle")) + { + person.properties["jobtitle"] = json.get("jobtitle"); + } person.save(); // Put the created person into the model model.person = person; } -main(); +main(); \ No newline at end of file diff --git a/config/alfresco/web-scripts-application-context.xml b/config/alfresco/web-scripts-application-context.xml index b8919f647b..7cd6e6f528 100644 --- a/config/alfresco/web-scripts-application-context.xml +++ b/config/alfresco/web-scripts-application-context.xml @@ -436,7 +436,8 @@ - + + diff --git a/source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java b/source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java index 8fe18668cb..d5862f0731 100644 --- a/source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java +++ b/source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java @@ -30,6 +30,7 @@ import java.util.Map; import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.service.cmr.security.AuthenticationService; +import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.util.Content; import org.alfresco.web.scripts.DeclarativeWebScript; import org.alfresco.web.scripts.Status; @@ -45,7 +46,10 @@ import org.json.JSONObject; */ public class ChangePasswordPost extends DeclarativeWebScript { + private static final String PARAM_NEWPW = "newpw"; + private static final String PARAM_OLDPW = "oldpw"; private AuthenticationService authenticationService; + private AuthorityService authorityService; /** @@ -55,8 +59,16 @@ public class ChangePasswordPost extends DeclarativeWebScript { this.authenticationService = authenticationService; } - - + + /** + * @param authorityService the AuthorityService to set + */ + public void setAuthorityService(AuthorityService authorityService) + { + this.authorityService = authorityService; + } + + /* (non-Javadoc) * @see org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.Status) */ @@ -70,30 +82,43 @@ public class ChangePasswordPost extends DeclarativeWebScript Content c = req.getContent(); if (c == null) { - throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, - "Missing POST body."); + throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, "Missing POST body."); } JSONObject json; try { json = new JSONObject(c.getContent()); - String oldPassword = json.getString("oldpw"); - String newPassword = json.getString("newpw"); + String oldPassword = null; + String newPassword; - if (oldPassword == null || oldPassword.length() == 0) + // admin users can change/set a password without knowing the old one + boolean isAdmin = authorityService.hasAdminAuthority(); + if (!isAdmin) + { + if (!json.has(PARAM_OLDPW) || json.getString(PARAM_OLDPW).length() == 0) + { + throw new WebScriptException(Status.STATUS_BAD_REQUEST, + "Old password 'oldpw' is a required POST parameter."); + } + oldPassword = json.getString(PARAM_OLDPW); + } + if (!json.has(PARAM_NEWPW) || json.getString(PARAM_NEWPW).length() == 0) { throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "Old password 'oldpw' is a required POST parameter."); - } - if (newPassword == null || newPassword.length() == 0) - { - throw new WebScriptException(Status.STATUS_BAD_REQUEST, - "New password 'newpw' is a required POST parameter."); + "New password 'newpw' is a required POST parameter."); } + newPassword = json.getString(PARAM_NEWPW); // update the password - authenticationService.updateAuthentication(userName, oldPassword.toCharArray(), newPassword.toCharArray()); + if (!isAdmin) + { + authenticationService.updateAuthentication(userName, oldPassword.toCharArray(), newPassword.toCharArray()); + } + else + { + authenticationService.setAuthentication(userName, newPassword.toCharArray()); + } } catch (AuthenticationException err) { @@ -115,4 +140,4 @@ public class ChangePasswordPost extends DeclarativeWebScript model.put("success", Boolean.TRUE); return model; } -} +} \ No newline at end of file