1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.shiro.samples.sprhib.web;
20
21 import org.apache.shiro.authz.annotation.RequiresPermissions;
22 import org.apache.shiro.samples.sprhib.model.User;
23 import org.apache.shiro.samples.sprhib.service.UserService;
24 import org.springframework.beans.factory.annotation.Autowired;
25 import org.springframework.stereotype.Controller;
26 import org.springframework.ui.Model;
27 import org.springframework.util.Assert;
28 import org.springframework.validation.BindingResult;
29 import org.springframework.web.bind.annotation.ModelAttribute;
30 import org.springframework.web.bind.annotation.RequestMapping;
31 import org.springframework.web.bind.annotation.RequestMethod;
32 import org.springframework.web.bind.annotation.RequestParam;
33
34
35
36
37 @Controller
38 public class ManageUsersController {
39
40 private EditUserValidatorValidator.html#EditUserValidator">EditUserValidator editUserValidator = new EditUserValidator();
41
42 private UserService userService;
43
44 @Autowired
45 public void setUserService(UserService userService) {
46 this.userService = userService;
47 }
48
49 @RequestMapping("/manageUsers")
50 @RequiresPermissions("user:manage")
51 public void manageUsers(Model model) {
52 model.addAttribute("users", userService.getAllUsers());
53 }
54
55 @RequestMapping(value="/editUser",method= RequestMethod.GET)
56 @RequiresPermissions("user:edit")
57 public String showEditUserForm(Model model, @RequestParam Long userId, @ModelAttribute EditUserCommand command) {
58
59 User user = userService.getUser( userId );
60 command.setUserId(userId);
61 command.setUsername(user.getUsername());
62 command.setEmail(user.getEmail());
63 return "editUser";
64 }
65
66 @RequestMapping(value="/editUser",method= RequestMethod.POST)
67 @RequiresPermissions("user:edit")
68 public String editUser(Model model, @RequestParam Long userId, @ModelAttribute EditUserCommand command, BindingResult errors) {
69 editUserValidator.validate( command, errors );
70
71 if( errors.hasErrors() ) {
72 return "editUser";
73 }
74
75 User user = userService.getUser( userId );
76 command.updateUser( user );
77
78 userService.updateUser( user );
79
80 return "redirect:/s/manageUsers";
81 }
82
83 @RequestMapping("/deleteUser")
84 @RequiresPermissions("user:delete")
85 public String deleteUser(@RequestParam Long userId) {
86 Assert.isTrue( userId != 1, "Cannot delete admin user" );
87 userService.deleteUser( userId );
88 return "redirect:/s/manageUsers";
89 }
90
91 }