garrettmills/commafeed
1
0
Fork 0
forked from Archives/Athou_commafeed
Code Pull Requests Activity

hide securitycheck user from swagger documentation

Browse Source
This commit is contained in:
Athou
2019-05-01 23:33:55 +02:00
parent 05f5d3b25c
commit 7f40a430fd
7 changed files with 64 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pom.xml
View File

@@ -326,7 +326,7 @@
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-annotations</artifactId>
<version>1.5.0</version>
<version>1.5.22</version>
</dependency>
<dependency>

15
src/main/java/com/commafeed/frontend/resource/AdminREST.java
View File

@@ -46,7 +46,7 @@ import lombok.RequiredArgsConstructor;
@Api(value = "/admin")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@RequiredArgsConstructor(onConstructor = @__({ @Inject }) )
@RequiredArgsConstructor(onConstructor = @__({ @Inject }))
@Singleton
public class AdminREST {
@@ -62,7 +62,7 @@ public class AdminREST {
@UnitOfWork
@ApiOperation(value = "Save or update a user", notes = "Save or update a user. If the id is not specified, a new user will be created")
@Timed
public Response save(@SecurityCheck(Role.ADMIN) User user, @ApiParam(required = true) UserModel userModel) {
public Response save(@ApiParam(hidden = true) @SecurityCheck(Role.ADMIN) User user, @ApiParam(required = true) UserModel userModel) {
Preconditions.checkNotNull(userModel);
Preconditions.checkNotNull(userModel.getName());
@@ -117,7 +117,8 @@ public class AdminREST {
@UnitOfWork
@ApiOperation(value = "Get user information", notes = "Get user information", response = UserModel.class)
@Timed
public Response getUser(@SecurityCheck(Role.ADMIN) User user, @ApiParam(value = "user id", required = true) @PathParam("id") Long id) {
public Response getUser(@ApiParam(hidden = true) @SecurityCheck(Role.ADMIN) User user,
@ApiParam(value = "user id", required = true) @PathParam("id") Long id) {
Preconditions.checkNotNull(id);
User u = userDAO.findById(id);
UserModel userModel = new UserModel();
@@ -134,7 +135,7 @@ public class AdminREST {
@UnitOfWork
@ApiOperation(value = "Get all users", notes = "Get all users", response = UserModel.class, responseContainer = "List")
@Timed
public Response getUsers(@SecurityCheck(Role.ADMIN) User user) {
public Response getUsers(@ApiParam(hidden = true) @SecurityCheck(Role.ADMIN) User user) {
Map<Long, UserModel> users = new HashMap<>();
for (UserRole role : userRoleDAO.findAll()) {
User u = role.getUser();
@@ -162,7 +163,7 @@ public class AdminREST {
@UnitOfWork
@ApiOperation(value = "Delete a user", notes = "Delete a user, and all his subscriptions")
@Timed
public Response delete(@SecurityCheck(Role.ADMIN) User user, @ApiParam(required = true) IDRequest req) {
public Response delete(@ApiParam(hidden = true) @SecurityCheck(Role.ADMIN) User user, @ApiParam(required = true) IDRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
@@ -182,7 +183,7 @@ public class AdminREST {
@UnitOfWork
@ApiOperation(value = "Retrieve application settings", notes = "Retrieve application settings", response = ApplicationSettings.class)
@Timed
public Response getSettings(@SecurityCheck(Role.ADMIN) User user) {
public Response getSettings(@ApiParam(hidden = true) @SecurityCheck(Role.ADMIN) User user) {
return Response.ok(config.getApplicationSettings()).build();
}
@@ -191,7 +192,7 @@ public class AdminREST {
@UnitOfWork
@ApiOperation(value = "Retrieve server metrics")
@Timed
public Response getMetrics(@SecurityCheck(Role.ADMIN) User user) {
public Response getMetrics(@ApiParam(hidden = true) @SecurityCheck(Role.ADMIN) User user) {
return Response.ok(metrics).build();
}

25
src/main/java/com/commafeed/frontend/resource/CategoryREST.java
View File

@@ -74,7 +74,7 @@ import lombok.extern.slf4j.Slf4j;
@Slf4j
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@RequiredArgsConstructor(onConstructor = @__({ @Inject }) )
@RequiredArgsConstructor(onConstructor = @__({ @Inject }))
@Singleton
public class CategoryREST {
@@ -94,7 +94,7 @@ public class CategoryREST {
@UnitOfWork
@ApiOperation(value = "Get category entries", notes = "Get a list of category entries", response = Entries.class)
@Timed
public Response getCategoryEntries(@SecurityCheck User user,
public Response getCategoryEntries(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "id of the category, 'all' or 'starred'", required = true) @QueryParam("id") String id,
@ApiParam(
value = "all entries or only unread ones",
@@ -103,7 +103,9 @@ public class CategoryREST {
@ApiParam(value = "only entries newer than this") @QueryParam("newerThan") Long newerThan,
@ApiParam(value = "offset for paging") @DefaultValue("0") @QueryParam("offset") int offset,
@ApiParam(value = "limit for paging, default 20, maximum 1000") @DefaultValue("20") @QueryParam("limit") int limit,
@ApiParam(value = "ordering", allowableValues = "asc,desc,abc,zyx") @QueryParam("order") @DefaultValue("desc") ReadingOrder order,
@ApiParam(
value = "ordering",
allowableValues = "asc,desc,abc,zyx") @QueryParam("order") @DefaultValue("desc") ReadingOrder order,
@ApiParam(
value = "search for keywords in either the title or the content of the entries, separated by spaces, 3 characters minimum") @QueryParam("keywords") String keywords,
@ApiParam(value = "return only entry ids") @DefaultValue("false") @QueryParam("onlyIds") boolean onlyIds,
@@ -191,7 +193,7 @@ public class CategoryREST {
@ApiOperation(value = "Get category entries as feed", notes = "Get a feed of category entries")
@Produces(MediaType.APPLICATION_XML)
@Timed
public Response getCategoryEntriesAsFeed(@SecurityCheck(apiKeyAllowed = true) User user,
public Response getCategoryEntriesAsFeed(@ApiParam(hidden = true) @SecurityCheck(apiKeyAllowed = true) User user,
@ApiParam(value = "id of the category, 'all' or 'starred'", required = true) @QueryParam("id") String id,
@ApiParam(
value = "all entries or only unread ones",
@@ -238,7 +240,7 @@ public class CategoryREST {
@UnitOfWork
@ApiOperation(value = "Mark category entries", notes = "Mark feed entries of this category as read")
@Timed
public Response markCategoryEntries(@SecurityCheck User user,
public Response markCategoryEntries(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "category id, or 'all'", required = true) MarkRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
@@ -280,7 +282,7 @@ public class CategoryREST {
@UnitOfWork
@ApiOperation(value = "Add a category", notes = "Add a new feed category", response = Long.class)
@Timed
public Response addCategory(@SecurityCheck User user, @ApiParam(required = true) AddCategoryRequest req) {
public Response addCategory(@ApiParam(hidden = true) @SecurityCheck User user, @ApiParam(required = true) AddCategoryRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getName());
@@ -304,7 +306,7 @@ public class CategoryREST {
@UnitOfWork
@ApiOperation(value = "Delete a category", notes = "Delete an existing feed category")
@Timed
public Response deleteCategory(@SecurityCheck User user, @ApiParam(required = true) IDRequest req) {
public Response deleteCategory(@ApiParam(hidden = true) @SecurityCheck User user, @ApiParam(required = true) IDRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
@@ -337,7 +339,8 @@ public class CategoryREST {
@UnitOfWork
@ApiOperation(value = "Rename a category", notes = "Rename an existing feed category")
@Timed
public Response modifyCategory(@SecurityCheck User user, @ApiParam(required = true) CategoryModificationRequest req) {
public Response modifyCategory(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(required = true) CategoryModificationRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
@@ -392,7 +395,7 @@ public class CategoryREST {
@UnitOfWork
@ApiOperation(value = "Collapse a category", notes = "Save collapsed or expanded status for a category")
@Timed
public Response collapse(@SecurityCheck User user, @ApiParam(required = true) CollapseRequest req) {
public Response collapse(@ApiParam(hidden = true) @SecurityCheck User user, @ApiParam(required = true) CollapseRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
@@ -411,7 +414,7 @@ public class CategoryREST {
@UnitOfWork
@ApiOperation(value = "Get unread count for feed subscriptions", response = UnreadCount.class, responseContainer = "List")
@Timed
public Response getUnreadCount(@SecurityCheck User user) {
public Response getUnreadCount(@ApiParam(hidden = true) @SecurityCheck User user) {
Map<Long, UnreadCount> unreadCount = feedSubscriptionService.getUnreadCount(user);
return Response.ok(Lists.newArrayList(unreadCount.values())).build();
}
@@ -421,7 +424,7 @@ public class CategoryREST {
@UnitOfWork
@ApiOperation(value = "Get feed categories", notes = "Get all categories and subscriptions of the user", response = Category.class)
@Timed
public Response getSubscriptions(@SecurityCheck User user) {
public Response getSubscriptions(@ApiParam(hidden = true) @SecurityCheck User user) {
Category root = cache.getUserRootCategory(user);
if (root == null) {
log.debug("tree cache miss for {}", user.getId());

15
src/main/java/com/commafeed/frontend/resource/EntryREST.java
View File

@@ -34,7 +34,7 @@ import lombok.RequiredArgsConstructor;
@Api(value = "/entry")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@RequiredArgsConstructor(onConstructor = @__({ @Inject }) )
@RequiredArgsConstructor(onConstructor = @__({ @Inject }))
@Singleton
public class EntryREST {
@@ -47,7 +47,8 @@ public class EntryREST {
@UnitOfWork
@ApiOperation(value = "Mark a feed entry", notes = "Mark a feed entry as read/unread")
@Timed
public Response markFeedEntry(@SecurityCheck User user, @ApiParam(value = "Mark Request", required = true) MarkRequest req) {
public Response markFeedEntry(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "Mark Request", required = true) MarkRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
@@ -60,7 +61,7 @@ public class EntryREST {
@UnitOfWork
@ApiOperation(value = "Mark multiple feed entries", notes = "Mark feed entries as read/unread")
@Timed
public Response markFeedEntries(@SecurityCheck User user,
public Response markFeedEntries(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "Multiple Mark Request", required = true) MultipleMarkRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getRequests());
@@ -77,7 +78,8 @@ public class EntryREST {
@UnitOfWork
@ApiOperation(value = "Mark a feed entry", notes = "Mark a feed entry as read/unread")
@Timed
public Response starFeedEntry(@SecurityCheck User user, @ApiParam(value = "Star Request", required = true) StarRequest req) {
public Response starFeedEntry(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "Star Request", required = true) StarRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
Preconditions.checkNotNull(req.getFeedId());
@@ -92,7 +94,7 @@ public class EntryREST {
@UnitOfWork
@ApiOperation(value = "Get list of tags for the user", notes = "Get list of tags for the user")
@Timed
public Response getTags(@SecurityCheck User user) {
public Response getTags(@ApiParam(hidden = true) @SecurityCheck User user) {
List<String> tags = feedEntryTagDAO.findByUser(user);
return Response.ok(tags).build();
}
@@ -102,7 +104,8 @@ public class EntryREST {
@UnitOfWork
@ApiOperation(value = "Mark a feed entry", notes = "Mark a feed entry as read/unread")
@Timed
public Response tagFeedEntry(@SecurityCheck User user, @ApiParam(value = "Tag Request", required = true) TagRequest req) {
public Response tagFeedEntry(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "Tag Request", required = true) TagRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getEntryId());

40
src/main/java/com/commafeed/frontend/resource/FeedREST.java
View File

@@ -95,7 +95,7 @@ import lombok.extern.slf4j.Slf4j;
@Slf4j
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@RequiredArgsConstructor(onConstructor = @__({ @Inject }) )
@RequiredArgsConstructor(onConstructor = @__({ @Inject }))
@Singleton
public class FeedREST {
@@ -132,7 +132,7 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "Get feed entries", notes = "Get a list of feed entries", response = Entries.class)
@Timed
public Response getFeedEntries(@SecurityCheck User user,
public Response getFeedEntries(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "id of the feed", required = true) @QueryParam("id") String id,
@ApiParam(
value = "all entries or only unread ones",
@@ -141,7 +141,9 @@ public class FeedREST {
@ApiParam(value = "only entries newer than this") @QueryParam("newerThan") Long newerThan,
@ApiParam(value = "offset for paging") @DefaultValue("0") @QueryParam("offset") int offset,
@ApiParam(value = "limit for paging, default 20, maximum 1000") @DefaultValue("20") @QueryParam("limit") int limit,
@ApiParam(value = "ordering", allowableValues = "asc,desc,abc,zyx") @QueryParam("order") @DefaultValue("desc") ReadingOrder order,
@ApiParam(
value = "ordering",
allowableValues = "asc,desc,abc,zyx") @QueryParam("order") @DefaultValue("desc") ReadingOrder order,
@ApiParam(
value = "search for keywords in either the title or the content of the entries, separated by spaces, 3 characters minimum") @QueryParam("keywords") String keywords,
@ApiParam(value = "return only entry ids") @DefaultValue("false") @QueryParam("onlyIds") boolean onlyIds) {
@@ -200,7 +202,7 @@ public class FeedREST {
@ApiOperation(value = "Get feed entries as a feed", notes = "Get a feed of feed entries")
@Produces(MediaType.APPLICATION_XML)
@Timed
public Response getFeedEntriesAsFeed(@SecurityCheck(apiKeyAllowed = true) User user,
public Response getFeedEntriesAsFeed(@ApiParam(hidden = true) @SecurityCheck(apiKeyAllowed = true) User user,
@ApiParam(value = "id of the feed", required = true) @QueryParam("id") String id,
@ApiParam(
value = "all entries or only unread ones",
@@ -260,7 +262,8 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "Fetch a feed", notes = "Fetch a feed by its url", response = FeedInfo.class)
@Timed
public Response fetchFeed(@SecurityCheck User user, @ApiParam(value = "feed url", required = true) FeedInfoRequest req) {
public Response fetchFeed(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "feed url", required = true) FeedInfoRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getUrl());
@@ -279,7 +282,7 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "Queue all feeds of the user for refresh", notes = "Manually add all feeds of the user to the refresh queue")
@Timed
public Response queueAllForRefresh(@SecurityCheck User user) {
public Response queueAllForRefresh(@ApiParam(hidden = true) @SecurityCheck User user) {
feedSubscriptionService.refreshAll(user);
return Response.ok().build();
}
@@ -289,7 +292,7 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "Queue a feed for refresh", notes = "Manually add a feed to the refresh queue")
@Timed
public Response queueForRefresh(@SecurityCheck User user, @ApiParam(value = "Feed id") IDRequest req) {
public Response queueForRefresh(@ApiParam(hidden = true) @SecurityCheck User user, @ApiParam(value = "Feed id") IDRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
@@ -308,7 +311,7 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "Mark feed entries", notes = "Mark feed entries as read (unread is not supported)")
@Timed
public Response markFeedEntries(@SecurityCheck User user, @ApiParam(value = "Mark request") MarkRequest req) {
public Response markFeedEntries(@ApiParam(hidden = true) @SecurityCheck User user, @ApiParam(value = "Mark request") MarkRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
@@ -328,7 +331,8 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "", notes = "")
@Timed
public Response get(@SecurityCheck User user, @ApiParam(value = "user id", required = true) @PathParam("id") Long id) {
public Response get(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "user id", required = true) @PathParam("id") Long id) {
Preconditions.checkNotNull(id);
FeedSubscription sub = feedSubscriptionDAO.findById(user, id);
@@ -344,7 +348,8 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "Fetch a feed's icon", notes = "Fetch a feed's icon")
@Timed
public Response getFavicon(@SecurityCheck User user, @ApiParam(value = "subscription id") @PathParam("id") Long id) {
public Response getFavicon(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "subscription id") @PathParam("id") Long id) {
Preconditions.checkNotNull(id);
FeedSubscription subscription = feedSubscriptionDAO.findById(user, id);
@@ -374,7 +379,8 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "Subscribe to a feed", notes = "Subscribe to a feed")
@Timed
public Response subscribe(@SecurityCheck User user, @ApiParam(value = "subscription request", required = true) SubscribeRequest req) {
public Response subscribe(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "subscription request", required = true) SubscribeRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getTitle());
Preconditions.checkNotNull(req.getUrl());
@@ -401,7 +407,8 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "Subscribe to a feed", notes = "Subscribe to a feed")
@Timed
public Response subscribe(@SecurityCheck User user, @ApiParam(value = "feed url", required = true) @QueryParam("url") String url) {
public Response subscribe(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "feed url", required = true) @QueryParam("url") String url) {
try {
Preconditions.checkNotNull(url);
@@ -429,7 +436,7 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "Unsubscribe from a feed", notes = "Unsubscribe from a feed")
@Timed
public Response unsubscribe(@SecurityCheck User user, @ApiParam(required = true) IDRequest req) {
public Response unsubscribe(@ApiParam(hidden = true) @SecurityCheck User user, @ApiParam(required = true) IDRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
@@ -446,7 +453,8 @@ public class FeedREST {
@UnitOfWork
@ApiOperation(value = "Modify a subscription", notes = "Modify a feed subscription")
@Timed
public Response modify(@SecurityCheck User user, @ApiParam(value = "subscription id", required = true) FeedModificationRequest req) {
public Response modify(@ApiParam(hidden = true) @SecurityCheck User user,
@ApiParam(value = "subscription id", required = true) FeedModificationRequest req) {
Preconditions.checkNotNull(req);
Preconditions.checkNotNull(req.getId());
@@ -506,7 +514,7 @@ public class FeedREST {
@Consumes(MediaType.MULTIPART_FORM_DATA)
@ApiOperation(value = "OPML import", notes = "Import an OPML file, posted as a FORM with the 'file' name")
@Timed
public Response importOpml(@SecurityCheck User user, @FormDataParam("file") InputStream input) {
public Response importOpml(@ApiParam(hidden = true) @SecurityCheck User user, @FormDataParam("file") InputStream input) {
String publicUrl = config.getApplicationSettings().getPublicUrl();
if (StringUtils.isBlank(publicUrl)) {
@@ -533,7 +541,7 @@ public class FeedREST {
@Produces(MediaType.APPLICATION_XML)
@ApiOperation(value = "OPML export", notes = "Export an OPML file of the user's subscriptions")
@Timed
public Response exportOpml(@SecurityCheck User user) {
public Response exportOpml(@ApiParam(hidden = true) @SecurityCheck User user) {
Opml opml = opmlExporter.export(user);
WireFeedOutput output = new WireFeedOutput();
String opmlString = null;

5
src/main/java/com/commafeed/frontend/resource/ServerREST.java
View File

@@ -25,13 +25,14 @@ import com.commafeed.frontend.model.ServerInfo;
import io.dropwizard.hibernate.UnitOfWork;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import lombok.RequiredArgsConstructor;
@Path("/server")
@Api(value = "/server")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@RequiredArgsConstructor(onConstructor = @__({ @Inject }) )
@RequiredArgsConstructor(onConstructor = @__({ @Inject }))
@Singleton
public class ServerREST {
@@ -60,7 +61,7 @@ public class ServerREST {
@ApiOperation(value = "proxy image")
@Produces("image/png")
@Timed
public Response get(@SecurityCheck User user, @QueryParam("u") String url) {
public Response get(@ApiParam(hidden = true) @SecurityCheck User user, @QueryParam("u") String url) {
if (!config.getApplicationSettings().getImageProxyEnabled()) {
return Response.status(Status.FORBIDDEN).build();
}

10
src/main/java/com/commafeed/frontend/resource/UserREST.java
View File

@@ -83,7 +83,7 @@ public class UserREST {
@UnitOfWork
@ApiOperation(value = "Retrieve user settings", notes = "Retrieve user settings", response = Settings.class)
@Timed
public Response getSettings(@SecurityCheck User user) {
public Response getSettings(@ApiParam(hidden = true) @SecurityCheck User user) {
Settings s = new Settings();
UserSettings settings = userSettingsDAO.findByUser(user);
if (settings != null) {
@@ -138,7 +138,7 @@ public class UserREST {
@UnitOfWork
@ApiOperation(value = "Save user settings", notes = "Save user settings")
@Timed
public Response saveSettings(@SecurityCheck User user, @ApiParam(required = true) Settings settings) {
public Response saveSettings(@ApiParam(hidden = true) @SecurityCheck User user, @ApiParam(required = true) Settings settings) {
Preconditions.checkNotNull(settings);
UserSettings s = userSettingsDAO.findByUser(user);
@@ -177,7 +177,7 @@ public class UserREST {
@UnitOfWork
@ApiOperation(value = "Retrieve user's profile", response = UserModel.class)
@Timed
public Response get(@SecurityCheck User user) {
public Response get(@ApiParam(hidden = true) @SecurityCheck User user) {
UserModel userModel = new UserModel();
userModel.setId(user.getId());
userModel.setName(user.getName());
@@ -197,7 +197,7 @@ public class UserREST {
@UnitOfWork
@ApiOperation(value = "Save user's profile")
@Timed
public Response save(@SecurityCheck User user, @ApiParam(required = true) ProfileModificationRequest request) {
public Response save(@ApiParam(hidden = true) @SecurityCheck User user, @ApiParam(required = true) ProfileModificationRequest request) {
Preconditions.checkArgument(StringUtils.isBlank(request.getPassword()) || request.getPassword().length() >= 6);
if (StringUtils.isNotBlank(request.getEmail())) {
User u = userDAO.findByEmail(request.getEmail());
@@ -330,7 +330,7 @@ public class UserREST {
@UnitOfWork
@ApiOperation(value = "Delete the user account")
@Timed
public Response delete(@SecurityCheck User user) {
public Response delete(@ApiParam(hidden = true) @SecurityCheck User user) {
if (CommaFeedApplication.USERNAME_ADMIN.equals(user.getName()) || CommaFeedApplication.USERNAME_DEMO.equals(user.getName())) {
return Response.status(Status.FORBIDDEN).build();
}