add permission to modify the own password over the me and the user endpoints

2025-11-10 15:35:49 +01:00 · 2018-10-12 15:20:58 +02:00
parent 67b3630c16
commit 023b362f68
19 changed files with 191 additions and 91 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/IllegalArgumentExceptionMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/IllegalArgumentExceptionMapper.java
@@ -63,6 +63,6 @@ public class IllegalArgumentExceptionMapper
  public Response toResponse(IllegalArgumentException exception)
  {
    log.info("caught IllegalArgumentException -- mapping to bad request", exception);
-    return Response.status(Status.BAD_REQUEST).build();
+    return Response.status(Status.BAD_REQUEST).entity(exception.getMessage()).build();
  }
 }
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AbstractManagerResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AbstractManagerResource.java
@@ -35,6 +35,7 @@ package sonia.scm.api.rest.resources;

 //~--- non-JDK imports --------------------------------------------------------

+import com.github.sdorra.ssp.PermissionCheck;
 import org.apache.commons.beanutils.BeanComparator;
 import org.apache.shiro.authz.AuthorizationException;
 import org.slf4j.Logger;
@@ -63,6 +64,8 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.Comparator;
 import java.util.Date;
+import java.util.function.Consumer;
+import java.util.function.Function;

 //~--- JDK imports ------------------------------------------------------------

@@ -196,27 +199,24 @@ public abstract class AbstractManagerResource<T extends ModelObject> {
    return response;
  }

-  /**
-   *  Method description
-   *
-   *
-   *
-   *
-   *  @param name
-   *  @param item
-   *
-   *
-   * @return
-   */
-  public Response update(String name, T item)
-  {
+  public Response update(T item, Function<T, PermissionCheck> permissionChecker ){
+    Consumer<Manager> updateAction = mng -> mng.modify(item, permissionChecker);
+    return applyUpdate(item, updateAction);
+  }
+
+  public Response update(String name, T item) {
+    Consumer<Manager> updateAction = mng -> mng.modify(item);
+    return applyUpdate(item, updateAction);
+  }
+
+  public Response applyUpdate(T item, Consumer<Manager> updateAction) {
    Response response = null;

    preUpdate(item);

    try
    {
-      manager.modify(item);
+      updateAction.accept(manager);
      response = Response.noContent().build();
    }
    catch (AuthorizationException ex)