1.1 --- a/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Users.java Sat Nov 07 15:23:14 2009 +0100
1.2 +++ b/webidor/src/main/java/cz/xelfi/quoridor/webidor/resources/Users.java Sat Nov 07 18:31:47 2009 +0100
1.3 @@ -30,6 +30,7 @@
1.4 import java.io.File;
1.5 import java.io.FileInputStream;
1.6 import java.io.FileNotFoundException;
1.7 +import java.io.FileOutputStream;
1.8 import java.io.IOException;
1.9 import java.util.ArrayList;
1.10 import java.util.Collections;
1.11 @@ -38,11 +39,13 @@
1.12 import java.util.logging.Logger;
1.13 import javax.ws.rs.DefaultValue;
1.14 import javax.ws.rs.GET;
1.15 +import javax.ws.rs.POST;
1.16 import javax.ws.rs.Path;
1.17 import javax.ws.rs.PathParam;
1.18 import javax.ws.rs.Produces;
1.19 import javax.ws.rs.QueryParam;
1.20 import javax.ws.rs.core.MediaType;
1.21 +import javax.ws.rs.core.Response;
1.22
1.23 /**
1.24 *
1.25 @@ -82,7 +85,32 @@
1.26 return user;
1.27 }
1.28
1.29 - private Properties getProp(String id) throws FileNotFoundException, IOException {
1.30 + @POST
1.31 + @Path("{id}")
1.32 + @Produces({ MediaType.APPLICATION_JSON, MediaType.TEXT_XML })
1.33 + public synchronized Response changeProperty(
1.34 + @QueryParam("loginID") String loginId,
1.35 + @PathParam("id") String id,
1.36 + @QueryParam("name") String name,
1.37 + @QueryParam("value") String value
1.38 + ) throws IOException {
1.39 + String myid = quoridor.isLoggedIn(loginId);
1.40 + if (!id.equals(myid) || name.startsWith("permission.")) {
1.41 + return Response.status(Response.Status.UNAUTHORIZED).build();
1.42 + }
1.43 +
1.44 + Properties p = getProp(myid);
1.45 + p.setProperty(name, value);
1.46 +
1.47 + File f = new File(dir, id);
1.48 + FileOutputStream os = new FileOutputStream(f);
1.49 + p.store(os, "");
1.50 + os.close();
1.51 +
1.52 + return Response.ok().entity(getUserInfo(loginId, id)).build();
1.53 + }
1.54 +
1.55 + private synchronized Properties getProp(String id) throws FileNotFoundException, IOException {
1.56 Properties p = new Properties();
1.57 if (id != null && id.length() > 0) {
1.58 File f = new File(dir, id);
2.1 --- a/webidor/src/test/java/cz/xelfi/quoridor/webidor/UsersTest.java Sat Nov 07 15:23:14 2009 +0100
2.2 +++ b/webidor/src/test/java/cz/xelfi/quoridor/webidor/UsersTest.java Sat Nov 07 18:31:47 2009 +0100
2.3 @@ -27,6 +27,7 @@
2.4 package cz.xelfi.quoridor.webidor;
2.5
2.6 import com.sun.jersey.api.client.GenericType;
2.7 +import com.sun.jersey.api.client.UniformInterfaceException;
2.8 import com.sun.jersey.test.framework.JerseyTest;
2.9 import java.io.File;
2.10 import java.io.FileOutputStream;
2.11 @@ -111,6 +112,7 @@
2.12 assertEquals("Jirka", uJirka.getId());
2.13 assertNull("Cannot get email without login", uJirka.getProperty("email"));
2.14
2.15 +
2.16 uJirka = webResource.path("users/Jirka").queryParam("loginID", logJirka).accept(MediaType.TEXT_XML).get(User.class);
2.17 assertEquals("Jirka", uJirka.getId());
2.18 assertEquals("Email for ownself is OK", "jir@ka.cz", uJirka.getProperty("email"));
2.19 @@ -123,5 +125,28 @@
2.20 if (!txt.contains("<user id=\"Jirka\"><property name=\"email\">jir@ka.cz</property></user>")) {
2.21 fail(txt);
2.22 }
2.23 +
2.24 + try {
2.25 + webResource.path("users/Jarda").queryParam("loginID", logJirka).
2.26 + queryParam("name", "email").queryParam("value", "ka@jir.cz").accept(MediaType.TEXT_XML).post();
2.27 + fail("You cannot change email without priviledges");
2.28 + } catch (UniformInterfaceException e) {
2.29 + // OK, not allowed
2.30 + }
2.31 +
2.32 + webResource.path("users/Jirka").queryParam("loginID", logJirka).
2.33 + queryParam("name", "email").queryParam("value", "ka@jir.cz").accept(MediaType.TEXT_XML).post();
2.34 +
2.35 + uJirka = webResource.path("users/Jirka").queryParam("loginID", logJirka).accept(MediaType.TEXT_XML).get(User.class);
2.36 + assertEquals("Jirka", uJirka.getId());
2.37 + assertEquals("Email for ownself is OK", "ka@jir.cz", uJirka.getProperty("email"));
2.38 +
2.39 + try {
2.40 + webResource.path("users/Jirka").queryParam("loginID", logJirka).
2.41 + queryParam("name", "permission.email").queryParam("value", "true").accept(MediaType.TEXT_XML).post();
2.42 + fail("Shall not be allowed to change own permissions");
2.43 + } catch (UniformInterfaceException ex) {
2.44 + // OK, not allowed
2.45 + }
2.46 }
2.47 }