create a demo user on startup and prevent any profile modification

2026-03-21 21:37:29 +00:00 · 2013-04-21 13:50:10 +02:00
parent e8b1be8ccb
commit e161ff4167
3 changed files with 13 additions and 7 deletions
--- a/src/main/java/com/commafeed/frontend/rest/resources/AdminREST.java
+++ b/src/main/java/com/commafeed/frontend/rest/resources/AdminREST.java
@@ -58,7 +58,7 @@ public class AdminREST extends AbstractResourceREST {
 			}
 		} else {
 			User user = userDAO.findById(id);
-			if (StartupBean.ADMIN_NAME.equals(user.getName())
+			if (StartupBean.USERNAME_ADMIN.equals(user.getName())
 					&& !userModel.isEnabled()) {
 				return Response.status(Status.FORBIDDEN)
 						.entity("You cannot disable the admin user.").build();
@@ -75,7 +75,7 @@ public class AdminREST extends AbstractResourceREST {
 			if (userModel.isAdmin() && !roles.contains(Role.ADMIN)) {
 				userRoleDAO.save(new UserRole(user, Role.ADMIN));
 			} else if (!userModel.isAdmin() && roles.contains(Role.ADMIN)) {
-				if (StartupBean.ADMIN_NAME.equals(user.getName())) {
+				if (StartupBean.USERNAME_ADMIN.equals(user.getName())) {
 					return Response
 							.status(Status.FORBIDDEN)
 							.entity("You cannot remove the admin role from the admin user.")
@@ -146,7 +146,7 @@ public class AdminREST extends AbstractResourceREST {
 		if (user == null) {
 			return Response.status(Status.NOT_FOUND).build();
 		}
-		if (StartupBean.ADMIN_NAME.equals(user.getName())) {
+		if (StartupBean.USERNAME_ADMIN.equals(user.getName())) {
 			return Response.status(Status.FORBIDDEN)
 					.entity("You cannot delete the admin user.").build();
 		}
--- a/src/main/java/com/commafeed/frontend/rest/resources/UserREST.java
+++ b/src/main/java/com/commafeed/frontend/rest/resources/UserREST.java
@@ -8,10 +8,11 @@ import javax.ws.rs.core.Response.Status;

 import org.apache.commons.lang.StringUtils;

+import com.commafeed.backend.StartupBean;
 import com.commafeed.backend.model.User;
 import com.commafeed.backend.model.UserRole;
-import com.commafeed.backend.model.UserSettings;
 import com.commafeed.backend.model.UserRole.Role;
+import com.commafeed.backend.model.UserSettings;
 import com.commafeed.backend.model.UserSettings.ReadingMode;
 import com.commafeed.backend.model.UserSettings.ReadingOrder;
 import com.commafeed.frontend.model.Settings;
@@ -64,7 +65,7 @@ public class UserREST extends AbstractResourceREST {
 		return Response.ok(Status.OK).build();

 	}
-	
+
 	@Path("/profile")
 	@GET
 	@ApiOperation(value = "Retrieve user's profile", responseClass = "com.commafeed.frontend.model.UserModel")
@@ -89,6 +90,9 @@ public class UserREST extends AbstractResourceREST {
 	public Response save(
 			@ApiParam(required = true) ProfileModificationRequest request) {
 		User user = getUser();
+		if (StartupBean.USERNAME_DEMO.equals(user.getName())) {
+			return Response.status(Status.UNAUTHORIZED).build();
+		}
 		user.setEmail(request.getEmail());
 		if (StringUtils.isNotBlank(request.getPassword())) {
 			byte[] password = encryptionService.getEncryptedPassword(