# HG changeset patch # User Jaroslav Tulach # Date 1257615107 -3600 # Node ID cc04ede4cb5e119ca239945e6ac7a2b3e5ed81ab # Parent 4eb88f05c20718bc5426276ed2936b2670d51cf4 API for changing own properties diff -r 4eb88f05c207 -r cc04ede4cb5e webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Users.java --- a/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Users.java Sat Nov 07 15:23:14 2009 +0100 +++ b/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Users.java Sat Nov 07 18:31:47 2009 +0100 @@ -30,6 +30,7 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; +import java.io.FileOutputStream; import java.io.IOException; import java.util.ArrayList; import java.util.Collections; @@ -38,11 +39,13 @@ import java.util.logging.Logger; import javax.ws.rs.DefaultValue; import javax.ws.rs.GET; +import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; /** * @@ -82,7 +85,32 @@ return user; } - private Properties getProp(String id) throws FileNotFoundException, IOException { + @POST + @Path("{id}") + @Produces({ MediaType.APPLICATION_JSON, MediaType.TEXT_XML }) + public synchronized Response changeProperty( + @QueryParam("loginID") String loginId, + @PathParam("id") String id, + @QueryParam("name") String name, + @QueryParam("value") String value + ) throws IOException { + String myid = quoridor.isLoggedIn(loginId); + if (!id.equals(myid) || name.startsWith("permission.")) { + return Response.status(Response.Status.UNAUTHORIZED).build(); + } + + Properties p = getProp(myid); + p.setProperty(name, value); + + File f = new File(dir, id); + FileOutputStream os = new FileOutputStream(f); + p.store(os, ""); + os.close(); + + return Response.ok().entity(getUserInfo(loginId, id)).build(); + } + + private synchronized Properties getProp(String id) throws FileNotFoundException, IOException { Properties p = new Properties(); if (id != null && id.length() > 0) { File f = new File(dir, id); diff -r 4eb88f05c207 -r cc04ede4cb5e webidor/src/test/java/cz/xelfi/quoridor/webidor/UsersTest.java --- a/webidor/src/test/java/cz/xelfi/quoridor/webidor/UsersTest.java Sat Nov 07 15:23:14 2009 +0100 +++ b/webidor/src/test/java/cz/xelfi/quoridor/webidor/UsersTest.java Sat Nov 07 18:31:47 2009 +0100 @@ -27,6 +27,7 @@ package cz.xelfi.quoridor.webidor; import com.sun.jersey.api.client.GenericType; +import com.sun.jersey.api.client.UniformInterfaceException; import com.sun.jersey.test.framework.JerseyTest; import java.io.File; import java.io.FileOutputStream; @@ -111,6 +112,7 @@ assertEquals("Jirka", uJirka.getId()); assertNull("Cannot get email without login", uJirka.getProperty("email")); + uJirka = webResource.path("users/Jirka").queryParam("loginID", logJirka).accept(MediaType.TEXT_XML).get(User.class); assertEquals("Jirka", uJirka.getId()); assertEquals("Email for ownself is OK", "jir@ka.cz", uJirka.getProperty("email")); @@ -123,5 +125,28 @@ if (!txt.contains("jir@ka.cz")) { fail(txt); } + + try { + webResource.path("users/Jarda").queryParam("loginID", logJirka). + queryParam("name", "email").queryParam("value", "ka@jir.cz").accept(MediaType.TEXT_XML).post(); + fail("You cannot change email without priviledges"); + } catch (UniformInterfaceException e) { + // OK, not allowed + } + + webResource.path("users/Jirka").queryParam("loginID", logJirka). + queryParam("name", "email").queryParam("value", "ka@jir.cz").accept(MediaType.TEXT_XML).post(); + + uJirka = webResource.path("users/Jirka").queryParam("loginID", logJirka).accept(MediaType.TEXT_XML).get(User.class); + assertEquals("Jirka", uJirka.getId()); + assertEquals("Email for ownself is OK", "ka@jir.cz", uJirka.getProperty("email")); + + try { + webResource.path("users/Jirka").queryParam("loginID", logJirka). + queryParam("name", "permission.email").queryParam("value", "true").accept(MediaType.TEXT_XML).post(); + fail("Shall not be allowed to change own permissions"); + } catch (UniformInterfaceException ex) { + // OK, not allowed + } } }