diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java index 87ac1844c2..ebfbdda6f1 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java +++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java @@ -4,9 +4,7 @@ import com.google.inject.Inject; import com.webcohesion.enunciate.metadata.rs.ResponseCode; import com.webcohesion.enunciate.metadata.rs.StatusCodes; import com.webcohesion.enunciate.metadata.rs.TypeHint; -import org.apache.shiro.SecurityUtils; import sonia.scm.api.rest.resources.AbstractManagerResource; -import sonia.scm.security.Role; import sonia.scm.user.User; import sonia.scm.user.UserException; import sonia.scm.user.UserManager; @@ -47,18 +45,10 @@ public class UserResource extends AbstractManagerResource { @ResponseCode(code = 404, condition = "not found, no group with the specified id/name available"), @ResponseCode(code = 500, condition = "internal server error") }) - public Response get(@Context Request request, @Context UriInfo uriInfo, @PathParam("id") String id) - { - if (SecurityUtils.getSubject().hasRole(Role.ADMIN)) - { + public Response get(@Context Request request, @Context UriInfo uriInfo, @PathParam("id") String id) { User user = manager.get(id); UserDto userDto = userToDtoMapper.map(user); return Response.ok(userDto).build(); - } - else - { - return Response.status(Response.Status.FORBIDDEN).build(); - } } @PUT @@ -70,8 +60,7 @@ public class UserResource extends AbstractManagerResource { }) @TypeHint(TypeHint.NO_CONTENT.class) public Response update(@Context UriInfo uriInfo, - @PathParam("id") String name, UserDto userDto) - { + @PathParam("id") String name, UserDto userDto) { String originalPassword = manager.get(name).getPassword(); User user = dtoToUserMapper.map(userDto, originalPassword); return update(name, user); @@ -85,8 +74,7 @@ public class UserResource extends AbstractManagerResource { @ResponseCode(code = 500, condition = "internal server error") }) @TypeHint(TypeHint.NO_CONTENT.class) - public Response delete(@PathParam("id") String name) - { + public Response delete(@PathParam("id") String name) { return super.delete(name); } diff --git a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java index 4064432a72..93f0499f14 100644 --- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java +++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java @@ -93,7 +93,6 @@ public class UserRootResourceTest { dispatcher.invoke(request, response); assertEquals(HttpServletResponse.SC_OK, response.getStatus()); - System.out.println(response.getContentAsString()); assertTrue(response.getContentAsString().contains("\"name\":\"Neo\"")); assertTrue(response.getContentAsString().contains("\"password\":\"__dummypassword__\"")); assertTrue(response.getContentAsString().contains("\"self\":{\"href\":\"/v2/users/Neo\"}")); @@ -115,17 +114,6 @@ public class UserRootResourceTest { assertFalse(response.getContentAsString().contains("\"delete\":{\"href\":\"/v2/users/Neo\"}")); } - @Test - @SubjectAware(username = "unpriv") - public void shouldNotGetSingleUserForSimpleUser() throws URISyntaxException { - MockHttpRequest request = MockHttpRequest.get("/" + UserRootResource.USERS_PATH_V2 + "Neo"); - MockHttpResponse response = new MockHttpResponse(); - - dispatcher.invoke(request, response); - - assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); - } - @Test public void shouldCreateNewUserWithEncryptedPassword() throws URISyntaxException, IOException { URL url = Resources.getResource("sonia/scm/api/v2/user-test-create.json");