From 06aa9c4a6f55d7c9833c10a62869470cae5ec8a1 Mon Sep 17 00:00:00 2001 From: Athou Date: Sat, 30 Mar 2013 18:18:47 +0100 Subject: [PATCH] protect the admin user --- .../rest/resources/AdminUsersREST.java | 8 +++++++- src/main/webapp/js/controllers.js | 19 ++++++++++++------- src/main/webapp/templates/admin.userlist.html | 1 + 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/commafeed/frontend/rest/resources/AdminUsersREST.java b/src/main/java/com/commafeed/frontend/rest/resources/AdminUsersREST.java index 1202bacf..991cd90a 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/AdminUsersREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/AdminUsersREST.java @@ -50,6 +50,11 @@ public class AdminUsersREST extends AbstractREST { } } else { User user = userService.findById(id); + if (StartupBean.ADMIN_NAME.equals(user.getName()) + && !userModel.isEnabled()) { + return Response.status(Status.FORBIDDEN) + .entity("You cannot disable the admin user.").build(); + } user.setName(userModel.getName()); if (StringUtils.isNotBlank(userModel.getPassword())) { user.setPassword(encryptionService.getEncryptedPassword( @@ -120,7 +125,8 @@ public class AdminUsersREST extends AbstractREST { return Response.status(Status.NOT_FOUND).build(); } if (StartupBean.ADMIN_NAME.equals(user.getName())) { - return Response.status(Status.FORBIDDEN).build(); + return Response.status(Status.FORBIDDEN) + .entity("You cannot delete the admin user.").build(); } feedEntryStatusService.delete(feedEntryStatusService.findAll(user)); feedSubscriptionService.delete(feedSubscriptionService.findAll(user)); diff --git a/src/main/webapp/js/controllers.js b/src/main/webapp/js/controllers.js index 4ed3748e..dd4aa088 100644 --- a/src/main/webapp/js/controllers.js +++ b/src/main/webapp/js/controllers.js @@ -251,7 +251,7 @@ module.controller('FeedListCtrl', function($scope, $stateParams, $http, $route, }); module.controller('ManageUsersCtrl', - function($scope, $state, AdminUsersService) { + function($scope, $state, $location, AdminUsersService) { $scope.users = AdminUsersService.getAll(); $scope.selection = []; $scope.gridOptions = { @@ -268,6 +268,9 @@ module.controller('ManageUsersCtrl', $scope.addUser = function() { $state.transitionTo('admin.useradd'); }; + $scope.back = function() { + $location.path('/'); + }; }); module.controller('ManageUserCtrl', function($scope, $state, $stateParams, @@ -279,6 +282,12 @@ module.controller('ManageUserCtrl', function($scope, $state, $stateParams, $scope.closeAlert = function(index) { $scope.alerts.splice(index, 1); }; + var alertFunction = function(data) { + $scope.alerts.push({ + msg : data.data, + type: 'error' + }); + }; $scope.cancel = function(){ $state.transitionTo('admin.userlist'); @@ -286,15 +295,11 @@ module.controller('ManageUserCtrl', function($scope, $state, $stateParams, $scope.save = function() { AdminUsersService.save($scope.user, function() { $state.transitionTo('admin.userlist'); - }, function(data) { - $scope.alerts.push({ - msg : data.data - }); - }); + }, alertFunction); }; $scope.delete = function() { AdminUsersService.delete({id: $scope.user.id}, function() { $state.transitionTo('admin.userlist'); - }); + },alertFunction); }; }); \ No newline at end of file diff --git a/src/main/webapp/templates/admin.userlist.html b/src/main/webapp/templates/admin.userlist.html index 1425e3ca..97440525 100644 --- a/src/main/webapp/templates/admin.userlist.html +++ b/src/main/webapp/templates/admin.userlist.html @@ -6,6 +6,7 @@
+