From 24a4547b3bb943d3f071f33d078258be19c3275f Mon Sep 17 00:00:00 2001 From: Alan Davis Date: Thu, 10 Nov 2016 16:57:57 +0000 Subject: [PATCH] Merged 5.2.N (5.2.1) to HEAD (5.2) 132406 cturlica: REPO-1506: Update Person - implement - restrict rest api update person password for no authorization git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@132664 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- config/alfresco/public-rest-context.xml | 1 + .../org/alfresco/rest/api/impl/PeopleImpl.java | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/config/alfresco/public-rest-context.xml b/config/alfresco/public-rest-context.xml index c6b8a48c28..6b329f99c1 100644 --- a/config/alfresco/public-rest-context.xml +++ b/config/alfresco/public-rest-context.xml @@ -627,6 +627,7 @@ + diff --git a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java index 3357ba73fc..40f2e3ba3a 100644 --- a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java +++ b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java @@ -45,6 +45,7 @@ import org.alfresco.rest.api.model.Person; import org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException; import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException; import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException; +import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException; import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo; import org.alfresco.rest.framework.resource.parameters.Paging; import org.alfresco.rest.framework.resource.parameters.Parameters; @@ -57,6 +58,7 @@ import org.alfresco.service.cmr.repository.ContentWriter; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.security.AuthenticationService; +import org.alfresco.service.cmr.security.AuthorityService; import org.alfresco.service.cmr.security.MutableAuthenticationService; import org.alfresco.service.cmr.security.NoSuchPersonException; import org.alfresco.service.cmr.security.PersonService; @@ -81,6 +83,7 @@ public class PeopleImpl implements People protected NodeService nodeService; protected PersonService personService; protected AuthenticationService authenticationService; + protected AuthorityService authorityService; protected ContentUsageService contentUsageService; protected ContentService contentService; protected ThumbnailService thumbnailService; @@ -125,7 +128,12 @@ public class PeopleImpl implements People this.authenticationService = authenticationService; } - public void setContentUsageService(ContentUsageService contentUsageService) + public void setAuthorityService(AuthorityService authorityService) + { + this.authorityService = authorityService; + } + + public void setContentUsageService(ContentUsageService contentUsageService) { this.contentUsageService = contentUsageService; } @@ -444,6 +452,12 @@ public class PeopleImpl implements People { MutableAuthenticationService mutableAuthenticationService = (MutableAuthenticationService) authenticationService; + boolean isAdmin = authorityService.hasAdminAuthority(); + if (!isAdmin) + { + throw new PermissionDeniedException(); + } + final String personIdToUpdate = validatePerson(personId); final Map properties = person.toProperties();