Merged 5.2.N (5.2.2) to HEAD (5.2)

133997 mward: REPO-1660: REST API - update person should also accept "-me-"


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137331 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrei Rebegea
2017-06-14 16:55:47 +00:00
parent 344d17ad43
commit f7989073a7
2 changed files with 39 additions and 21 deletions

View File

@@ -158,6 +158,12 @@ public class PeopleImpl implements People
this.thumbnailService = thumbnailService; this.thumbnailService = thumbnailService;
} }
/**
* Validate, perform -me- substitution and canonicalize the person ID.
*
* @param personId
* @return The validated and processed ID.
*/
public String validatePerson(String personId) public String validatePerson(String personId)
{ {
return validatePerson(personId, false); return validatePerson(personId, false);
@@ -555,10 +561,12 @@ public class PeopleImpl implements People
public Person update(String personId, final Person person) public Person update(String personId, final Person person)
{ {
boolean isAdmin = isAdminAuthority(); // Validate, perform -me- substitution and canonicalize the person ID.
personId = validatePerson(personId);
validateUpdatePersonData(person); validateUpdatePersonData(person);
boolean isAdmin = isAdminAuthority();
String currentUserId = AuthenticationUtil.getFullyAuthenticatedUser(); String currentUserId = AuthenticationUtil.getFullyAuthenticatedUser();
if (!isAdmin && !currentUserId.equalsIgnoreCase(personId)) if (!isAdmin && !currentUserId.equalsIgnoreCase(personId))
{ {
@@ -572,6 +580,17 @@ public class PeopleImpl implements People
// if requested, update password // if requested, update password
updatePassword(isAdmin, personIdToUpdate, person); updatePassword(isAdmin, personIdToUpdate, person);
if (person.isEnabled() != null)
{
if (isAdminAuthority(personIdToUpdate))
{
throw new PermissionDeniedException("Admin authority cannot be disabled.");
}
// note: if current user is not an admin then permission denied exception is thrown
MutableAuthenticationService mutableAuthenticationService = (MutableAuthenticationService) authenticationService;
mutableAuthenticationService.setAuthenticationEnabled(personIdToUpdate, person.isEnabled());
}
NodeRef personNodeRef = personService.getPerson(personIdToUpdate, false); NodeRef personNodeRef = personService.getPerson(personIdToUpdate, false);
if (person.wasSet(Person.PROP_PERSON_DESCRIPTION)) if (person.wasSet(Person.PROP_PERSON_DESCRIPTION))
@@ -681,20 +700,8 @@ public class PeopleImpl implements People
mutableAuthenticationService.setAuthentication(personIdToUpdate, newPassword); mutableAuthenticationService.setAuthentication(personIdToUpdate, newPassword);
} }
} }
if (person.isEnabled() != null)
{
if (isAdminAuthority(personIdToUpdate))
{
throw new PermissionDeniedException("Admin authority cannot be disabled.");
} }
mutableAuthenticationService.setAuthenticationEnabled(personIdToUpdate, person.isEnabled());
}
}
private boolean isAdminAuthority() private boolean isAdminAuthority()
{ {
return authorityService.hasAdminAuthority(); return authorityService.hasAdminAuthority();

View File

@@ -979,18 +979,29 @@ public class TestPeople extends EnterpriseTestApi
final String personId = account1PersonIt.next(); final String personId = account1PersonIt.next();
publicApiClient.setRequestContext(new RequestContext(account1.getId(), personId)); publicApiClient.setRequestContext(new RequestContext(account1.getId(), personId));
Person updatedPerson = people.update(personId, qjson("{ `firstName`: `Updated firstName` }"), 200); // Explicitly using the person's ID
assertEquals("Updated firstName", updatedPerson.getFirstName()); {
Person updatedPerson = people.update(personId, qjson("{ `firstName`: `Matt` }"), 200);
assertEquals("Matt", updatedPerson.getFirstName());
}
// "-me-" user
{
Person updatedPerson = people.update("-me-", qjson("{ `firstName`: `John` }"), 200);
assertEquals("John", updatedPerson.getFirstName());
}
// TODO: temp fix, set back to orig firstName // TODO: temp fix, set back to orig firstName
publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin")); publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin"));
people.update(personId, qjson("{ `firstName`:`Bill` }"), 200); people.update(personId, qjson("{ `firstName`:`Bill` }"), 200);
// -ve test: check that required/mandatory/non-null fields cannot be unset (or empty string) // -ve test: check that required/mandatory/non-null fields cannot be unset (or empty string)
{
people.update("people", personId, null, null, qjson("{ `firstName`:`` }"), null, "Expected 400 response when updating " + personId, 400); people.update("people", personId, null, null, qjson("{ `firstName`:`` }"), null, "Expected 400 response when updating " + personId, 400);
people.update("people", personId, null, null, qjson("{ `email`:`` }"), null, "Expected 400 response when updating " + personId, 400); people.update("people", personId, null, null, qjson("{ `email`:`` }"), null, "Expected 400 response when updating " + personId, 400);
people.update("people", personId, null, null, qjson("{ `emailNotificationsEnabled`:`` }"), null, "Expected 400 response when updating " + personId, 400); people.update("people", personId, null, null, qjson("{ `emailNotificationsEnabled`:`` }"), null, "Expected 400 response when updating " + personId, 400);
} }
}
@Test @Test
public void testUpdatePersonNonexistentPerson() throws PublicApiException public void testUpdatePersonNonexistentPerson() throws PublicApiException