id
, then this account must have administrator privileges
+ * @param id unique (db) identifier for user whose password is to be changed.
+ * @param transfer wrapper around new password
* @return updated account object
+ * @throws PermissionException if the account associated with userId
and id
are not
+ * the same but the userId
does not have administrative privileges
*/
- public AccountTransfer updatePassword(final String userId, final AccountTransfer transfer) {
- final Account userAccount = getByEmail(transfer.getEmail());
- if (userAccount == null) {
- throw new IllegalArgumentException("Could not retrieve account by id "
- + transfer.getEmail());
+ public AccountTransfer updatePassword(String userId, long id, AccountTransfer transfer) throws PermissionException {
+ Account account = get(id);
+ if (account == null) {
+ throw new IllegalArgumentException("Could not retrieve account by id " + id);
}
- if (!isAdministrator(userId) && !userAccount.getEmail().equalsIgnoreCase(userId)) {
- return null;
+ if (!isAdministrator(userId) && !account.getEmail().equalsIgnoreCase(userId)) {
+ throw new PermissionException("User " + userId + " does not have permission to change "
+ + transfer.getEmail() + "'s password");
}
- userAccount.setPassword(AccountUtils.encryptNewUserPassword(transfer.getPassword(),
- userAccount.getSalt()));
- return dao.update(userAccount).toDataTransferObject();
+ account.setPassword(AccountUtils.encryptNewUserPassword(transfer.getPassword(), account.getSalt()));
+ return dao.update(account).toDataTransferObject();
}
/**
diff --git a/src/main/java/org/jbei/ice/services/rest/UserResource.java b/src/main/java/org/jbei/ice/services/rest/UserResource.java
index acb577671..bda119a3f 100644
--- a/src/main/java/org/jbei/ice/services/rest/UserResource.java
+++ b/src/main/java/org/jbei/ice/services/rest/UserResource.java
@@ -210,11 +210,6 @@ public AccountTransfer update(@Context final UriInfo info, @PathParam("id") fina
return controller.updateAccount(user, userId, transfer);
}
- /**
- * @param info
- * @param transfer
- * @return Response for success or failure
- */
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@@ -234,10 +229,12 @@ public Response resetPassword(@Context final UriInfo info, final AccountTransfer
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
- @Path("/password")
- public AccountTransfer updatePassword(final AccountTransfer transfer) {
+ @Path("/{id}/password")
+ public AccountTransfer updatePassword(@PathParam("id") final long userId,
+ final AccountTransfer transfer) {
final String user = getUserId();
- return controller.updatePassword(user, transfer);
+ log(user, "changing password for user " + userId);
+ return controller.updatePassword(user, userId, transfer);
}
/**
@@ -247,8 +244,10 @@ public AccountTransfer updatePassword(final AccountTransfer transfer) {
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
- public Response createNewUser(final AccountTransfer accountTransfer) {
- final AccountTransfer created = controller.createNewAccount(accountTransfer, true);
+ public Response createNewUser(
+ @DefaultValue("true") @QueryParam("sendEmail") boolean sendEmail,
+ final AccountTransfer accountTransfer) {
+ final AccountTransfer created = controller.createNewAccount(accountTransfer, sendEmail);
return super.respond(created);
}
diff --git a/src/main/webapp/index.jsp b/src/main/webapp/index.jsp
index 67a9377d4..0a311331f 100644
--- a/src/main/webapp/index.jsp
+++ b/src/main/webapp/index.jsp
@@ -90,7 +90,7 @@