From e161ff41671224e63fe47c93e85d8a37ff8be4e4 Mon Sep 17 00:00:00 2001 From: Athou Date: Sun, 21 Apr 2013 13:50:10 +0200 Subject: [PATCH] create a demo user on startup and prevent any profile modification --- src/main/java/com/commafeed/backend/StartupBean.java | 6 ++++-- .../com/commafeed/frontend/rest/resources/AdminREST.java | 6 +++--- .../com/commafeed/frontend/rest/resources/UserREST.java | 8 ++++++-- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/commafeed/backend/StartupBean.java b/src/main/java/com/commafeed/backend/StartupBean.java index 98c58705..09c1f905 100644 --- a/src/main/java/com/commafeed/backend/StartupBean.java +++ b/src/main/java/com/commafeed/backend/StartupBean.java @@ -34,7 +34,8 @@ import com.google.api.client.util.Lists; public class StartupBean { private static Logger log = LoggerFactory.getLogger(StartupBean.class); - public static final String ADMIN_NAME = "admin"; + public static final String USERNAME_ADMIN = "admin"; + public static final String USERNAME_DEMO = "demo"; @Inject FeedDAO feedDAO; @@ -83,8 +84,9 @@ public class StartupBean { private void initialData() { log.info("Populating database with default values"); applicationSettingsService.save(new ApplicationSettings()); - userService.register(ADMIN_NAME, "admin", + userService.register(USERNAME_ADMIN, "admin", Arrays.asList(Role.ADMIN, Role.USER)); + userService.register(USERNAME_DEMO, "demo", Arrays.asList(Role.USER)); } public long getStartupTime() { diff --git a/src/main/java/com/commafeed/frontend/rest/resources/AdminREST.java b/src/main/java/com/commafeed/frontend/rest/resources/AdminREST.java index 8b871b3e..fe5fb79d 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/AdminREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/AdminREST.java @@ -58,7 +58,7 @@ public class AdminREST extends AbstractResourceREST { } } else { User user = userDAO.findById(id); - if (StartupBean.ADMIN_NAME.equals(user.getName()) + if (StartupBean.USERNAME_ADMIN.equals(user.getName()) && !userModel.isEnabled()) { return Response.status(Status.FORBIDDEN) .entity("You cannot disable the admin user.").build(); @@ -75,7 +75,7 @@ public class AdminREST extends AbstractResourceREST { if (userModel.isAdmin() && !roles.contains(Role.ADMIN)) { userRoleDAO.save(new UserRole(user, Role.ADMIN)); } else if (!userModel.isAdmin() && roles.contains(Role.ADMIN)) { - if (StartupBean.ADMIN_NAME.equals(user.getName())) { + if (StartupBean.USERNAME_ADMIN.equals(user.getName())) { return Response .status(Status.FORBIDDEN) .entity("You cannot remove the admin role from the admin user.") @@ -146,7 +146,7 @@ public class AdminREST extends AbstractResourceREST { if (user == null) { return Response.status(Status.NOT_FOUND).build(); } - if (StartupBean.ADMIN_NAME.equals(user.getName())) { + if (StartupBean.USERNAME_ADMIN.equals(user.getName())) { return Response.status(Status.FORBIDDEN) .entity("You cannot delete the admin user.").build(); } diff --git a/src/main/java/com/commafeed/frontend/rest/resources/UserREST.java b/src/main/java/com/commafeed/frontend/rest/resources/UserREST.java index 5ad9f9bb..f0edd694 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/UserREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/UserREST.java @@ -8,10 +8,11 @@ import javax.ws.rs.core.Response.Status; import org.apache.commons.lang.StringUtils; +import com.commafeed.backend.StartupBean; import com.commafeed.backend.model.User; import com.commafeed.backend.model.UserRole; -import com.commafeed.backend.model.UserSettings; import com.commafeed.backend.model.UserRole.Role; +import com.commafeed.backend.model.UserSettings; import com.commafeed.backend.model.UserSettings.ReadingMode; import com.commafeed.backend.model.UserSettings.ReadingOrder; import com.commafeed.frontend.model.Settings; @@ -64,7 +65,7 @@ public class UserREST extends AbstractResourceREST { return Response.ok(Status.OK).build(); } - + @Path("/profile") @GET @ApiOperation(value = "Retrieve user's profile", responseClass = "com.commafeed.frontend.model.UserModel") @@ -89,6 +90,9 @@ public class UserREST extends AbstractResourceREST { public Response save( @ApiParam(required = true) ProfileModificationRequest request) { User user = getUser(); + if (StartupBean.USERNAME_DEMO.equals(user.getName())) { + return Response.status(Status.UNAUTHORIZED).build(); + } user.setEmail(request.getEmail()); if (StringUtils.isNotBlank(request.getPassword())) { byte[] password = encryptionService.getEncryptedPassword(