mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-14 17:58:59 +00:00
Merged 5.2.N (5.2.2) to HEAD (5.2)
133997 mward: REPO-1660: REST API - update person should also accept "-me-" git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137331 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
@@ -158,6 +158,12 @@ public class PeopleImpl implements People
|
|||||||
this.thumbnailService = thumbnailService;
|
this.thumbnailService = thumbnailService;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Validate, perform -me- substitution and canonicalize the person ID.
|
||||||
|
*
|
||||||
|
* @param personId
|
||||||
|
* @return The validated and processed ID.
|
||||||
|
*/
|
||||||
public String validatePerson(String personId)
|
public String validatePerson(String personId)
|
||||||
{
|
{
|
||||||
return validatePerson(personId, false);
|
return validatePerson(personId, false);
|
||||||
@@ -555,10 +561,12 @@ public class PeopleImpl implements People
|
|||||||
|
|
||||||
public Person update(String personId, final Person person)
|
public Person update(String personId, final Person person)
|
||||||
{
|
{
|
||||||
boolean isAdmin = isAdminAuthority();
|
// Validate, perform -me- substitution and canonicalize the person ID.
|
||||||
|
personId = validatePerson(personId);
|
||||||
validateUpdatePersonData(person);
|
validateUpdatePersonData(person);
|
||||||
|
|
||||||
|
boolean isAdmin = isAdminAuthority();
|
||||||
|
|
||||||
String currentUserId = AuthenticationUtil.getFullyAuthenticatedUser();
|
String currentUserId = AuthenticationUtil.getFullyAuthenticatedUser();
|
||||||
if (!isAdmin && !currentUserId.equalsIgnoreCase(personId))
|
if (!isAdmin && !currentUserId.equalsIgnoreCase(personId))
|
||||||
{
|
{
|
||||||
@@ -572,6 +580,17 @@ public class PeopleImpl implements People
|
|||||||
// if requested, update password
|
// if requested, update password
|
||||||
updatePassword(isAdmin, personIdToUpdate, person);
|
updatePassword(isAdmin, personIdToUpdate, person);
|
||||||
|
|
||||||
|
if (person.isEnabled() != null)
|
||||||
|
{
|
||||||
|
if (isAdminAuthority(personIdToUpdate))
|
||||||
|
{
|
||||||
|
throw new PermissionDeniedException("Admin authority cannot be disabled.");
|
||||||
|
}
|
||||||
|
|
||||||
|
// note: if current user is not an admin then permission denied exception is thrown
|
||||||
|
MutableAuthenticationService mutableAuthenticationService = (MutableAuthenticationService) authenticationService;
|
||||||
|
mutableAuthenticationService.setAuthenticationEnabled(personIdToUpdate, person.isEnabled());
|
||||||
|
}
|
||||||
|
|
||||||
NodeRef personNodeRef = personService.getPerson(personIdToUpdate, false);
|
NodeRef personNodeRef = personService.getPerson(personIdToUpdate, false);
|
||||||
if (person.wasSet(Person.PROP_PERSON_DESCRIPTION))
|
if (person.wasSet(Person.PROP_PERSON_DESCRIPTION))
|
||||||
@@ -681,20 +700,8 @@ public class PeopleImpl implements People
|
|||||||
mutableAuthenticationService.setAuthentication(personIdToUpdate, newPassword);
|
mutableAuthenticationService.setAuthentication(personIdToUpdate, newPassword);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (person.isEnabled() != null)
|
|
||||||
{
|
|
||||||
if (isAdminAuthority(personIdToUpdate))
|
|
||||||
{
|
|
||||||
throw new PermissionDeniedException("Admin authority cannot be disabled.");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
mutableAuthenticationService.setAuthenticationEnabled(personIdToUpdate, person.isEnabled());
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
private boolean isAdminAuthority()
|
private boolean isAdminAuthority()
|
||||||
{
|
{
|
||||||
return authorityService.hasAdminAuthority();
|
return authorityService.hasAdminAuthority();
|
||||||
|
@@ -979,18 +979,29 @@ public class TestPeople extends EnterpriseTestApi
|
|||||||
final String personId = account1PersonIt.next();
|
final String personId = account1PersonIt.next();
|
||||||
publicApiClient.setRequestContext(new RequestContext(account1.getId(), personId));
|
publicApiClient.setRequestContext(new RequestContext(account1.getId(), personId));
|
||||||
|
|
||||||
Person updatedPerson = people.update(personId, qjson("{ `firstName`: `Updated firstName` }"), 200);
|
// Explicitly using the person's ID
|
||||||
assertEquals("Updated firstName", updatedPerson.getFirstName());
|
{
|
||||||
|
Person updatedPerson = people.update(personId, qjson("{ `firstName`: `Matt` }"), 200);
|
||||||
|
assertEquals("Matt", updatedPerson.getFirstName());
|
||||||
|
}
|
||||||
|
|
||||||
|
// "-me-" user
|
||||||
|
{
|
||||||
|
Person updatedPerson = people.update("-me-", qjson("{ `firstName`: `John` }"), 200);
|
||||||
|
assertEquals("John", updatedPerson.getFirstName());
|
||||||
|
}
|
||||||
|
|
||||||
// TODO: temp fix, set back to orig firstName
|
// TODO: temp fix, set back to orig firstName
|
||||||
publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin"));
|
publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin"));
|
||||||
people.update(personId, qjson("{ `firstName`:`Bill` }"), 200);
|
people.update(personId, qjson("{ `firstName`:`Bill` }"), 200);
|
||||||
|
|
||||||
// -ve test: check that required/mandatory/non-null fields cannot be unset (or empty string)
|
// -ve test: check that required/mandatory/non-null fields cannot be unset (or empty string)
|
||||||
|
{
|
||||||
people.update("people", personId, null, null, qjson("{ `firstName`:`` }"), null, "Expected 400 response when updating " + personId, 400);
|
people.update("people", personId, null, null, qjson("{ `firstName`:`` }"), null, "Expected 400 response when updating " + personId, 400);
|
||||||
people.update("people", personId, null, null, qjson("{ `email`:`` }"), null, "Expected 400 response when updating " + personId, 400);
|
people.update("people", personId, null, null, qjson("{ `email`:`` }"), null, "Expected 400 response when updating " + personId, 400);
|
||||||
people.update("people", personId, null, null, qjson("{ `emailNotificationsEnabled`:`` }"), null, "Expected 400 response when updating " + personId, 400);
|
people.update("people", personId, null, null, qjson("{ `emailNotificationsEnabled`:`` }"), null, "Expected 400 response when updating " + personId, 400);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testUpdatePersonNonexistentPerson() throws PublicApiException
|
public void testUpdatePersonNonexistentPerson() throws PublicApiException
|
||||||
|
Reference in New Issue
Block a user