Me and my m8s are developing a manuscript handling system for our university using Spring MVC,angularJS etc. We have some issues with editing a User in the database. Our application is Role based. It's seems the ROLE_ADMIN's edit function is works fine, it's editing the selected user's details, but we always get 403 Forbidden response from the server (in db the record is updated after edit). On user profile we use the same edit method, but there the edit function is not working, there we get always 400 Bad request error. Somebody can tell me what is the problem? Here is our code and some pictures about the error(s).
Edit method of our controller:
@Secured({ "ROLE_ADMIN", "ROLE_AUTHOR", "ROLE_EDITOR",
"ROLE_EDITOR_IN_CHIEF", "ROLE_PROOFREADER",
"ROLE_TECHNICAL_EDITOR", "ROLE_REVIEWER" })
@RequestMapping(value = "/edit/{userName}", method = RequestMethod.PUT)
public User editUser(@PathVariable String userName, @RequestBody User user) {
LOGGER.info("Edited user: " + userName);
LOGGER.info("User details after edit: " + user.toString());
String salted = userManagerService.passwordEncrypt(user.getPassword());
user.setPassword(salted);
LOGGER.info("Password after salting: " + user.getPassword());
userManagerService.modifyUser(userName, user);
return user;
}
ManuScriptAdminService.js
function ManuscriptAdminService( $http,$q,$log){
var service = {
getUsers: getUsers,
getUserName:getUserName,
deleteUser:deleteUser,
getUserDetails: getUserDetails,
editUser:editUser,
getAcmAreas:getAcmAreas,
getAllRoles:getAllRoles
};
return service;
var users = '';
function getUsers(){
$log.info("Get all users details "+new Date());
var deferred=$q.defer();
deferred.resolve( $http.get('users').then(function(data){
users=data.data;
return users;
}));
return deferred.promise;
}
function getUserDetails(index){
$log.info("Get selected user details "+new Date());
return JSON.parse(JSON.stringify(users[index]));
}
function getUserName(index){
$log.info("Get selected user name "+new Date());
return users[index].userName;
}
function deleteUser(user){
$log.info("Delete selected user "+new Date());
var req= {
method: 'DELETE',
url: 'delete/'+user
}
$http(req).then(function(data){
console.log(data);
},function(error){
$log.error("Error occured while admin tried to delete user "+new Date());
});
}
function editUser(user){
$log.info("Edit selected user "+new Date());
var req= {
method: 'PUT',
url: 'edit/'+user.userName,
data: user
}
$http(req).then(function(data){
console.log(data);
},function(error){
$log.error("Error occured while admin tried to edit user "+new Date());
});
}
function getAcmAreas(){
$log.info("Get ACM areas "+new Date());
var deferred=$q.defer();
deferred.resolve( $http.get('getAcmAreas').then(function(data){
return data.data;
}));
return deferred.promise;
}
function getAllRoles(){
$log.info("Get roles "+new Date());
var deferred=$q.defer();
deferred.resolve( $http.get('getAllRole').then(function(data){
return data.data;
}));
return deferred.promise;
}
}
ManuScriptAdminController.js
function ManuscriptAdminController(ManuscriptAdminService, $modal, $log,
$timeout) {
var vm = this;
vm.users = '';
var acmAreas = '';
var roles = '';
var promise = ManuscriptAdminService.getAcmAreas();
promise.then(function(data) {
acmAreas = data;
});
var promise = ManuscriptAdminService.getAllRoles();
promise.then(function(data) {
roles = data;
});
var promise = ManuscriptAdminService.getUsers();
promise.then(function(data) {
$log.info("Users listed " + new Date());
vm.users = data;
});
vm.showModalUserDetails = function(index) {
$log.info("Show user details " + new Date());
var modelInstance = $modal
.open({
animation : true,
templateUrl : 'htmlcontent/content/admin/modal/userManageModal.html',
controller : 'ManuscriptAdminModalinstacneController',
controllerAs : 'ManuscriptAdminModalinstacneController',
size : 300,
resolve : {
items : function() {
return ManuscriptAdminService.getUserDetails(index);
}
}
});
};
vm.showModalUserDelete = function(index) {
$log.info("Show user delete modal " + new Date());
var modelInstance = $modal
.open({
animation : true,
templateUrl : 'htmlcontent/content/admin/modal/userDeleteManageModal.html',
controller : 'ManuscriptAdminModalinstacneController',
controllerAs : 'ManuscriptAdminModalinstacneController',
size : 300,
resolve : {
items : function() {
return ManuscriptAdminService.getUserName(index);
}
}
});
modelInstance.result.then(function(result) {
ManuscriptAdminService.deleteUser(result);
reloadPage();
}, function() {
$log.info('Modal dismissed at: ' + new Date());
});
};
vm.showModalEditUser = function(index) {
$log.info("Show user edit modal " + new Date());
var modelInstance = $modal.open({
animation : true,
templateUrl : 'htmlcontent/content/admin/modal/userEditModal.html',
controller : 'ManuscriptAdminEditModalInstanceController',
controllerAs : 'ManuscriptAdminEditModalInstanceController',
size : 300,
resolve : {
items : function() {
return {
'user' : ManuscriptAdminService.getUserDetails(index),
'acmAreas' : acmAreas,
'roles' : roles
}
}
}
});
modelInstance.result.then(function(result) {
ManuscriptAdminService.editUser(result);
reloadPage();
}, function() {
$log.info('Modal dismissed at: ' + new Date());
});
};
function reloadPage() {
$timeout(function() {
var promise = ManuscriptAdminService.getUsers();
promise.then(function(data) {
$log.info("Users listed " + new Date());
vm.users = data;
});
}, 1000);
}
ManuScriptProfileService.js
function ManuscriptProfileService($http, $q, $log) {
var service = {
getUser : getUser,
getAcmAreas : getAcmAreas,
getAllRoles : getAllRoles,
editUser : editUser
};
return service;
function getAcmAreas() {
$log.info("Get ACM areas " + new Date());
var deferred = $q.defer();
deferred.resolve($http.get('getAcmAreas').then(function(data) {
return data.data;
}));
return deferred.promise;
}
function editUser(user) {
$log.info("Edit selected user " + new Date());
var req = {
method : 'PUT',
url : 'edit/' + user.userName,
data : user
}
$http(req).then(
function(data) {
console.log(data);
},
function(error) {
$log.error("Error occured while admin tried to edit user "
+ new Date());
});
}
function getUser() {
$log.info("Get user details" + new Date());
var deferred = $q.defer();
deferred.resolve($http.get('user').then(
function(data) {
console.log(user);
var i;
var user = data.data;
for (i = 0; i < user.roles.length; i++) {
user.roles[i] = user.roles[i].substring(5,
user.roles[i].length);
}
return user;
}));
return deferred.promise;
}
function getAllRoles() {
$log.info("Get roles " + new Date());
var deferred = $q.defer();
deferred.resolve($http.get('getAllRole').then(function(data) {
return data.data;
}));
return deferred.promise;
}
}
ManuScriptProfileController.js
function ManuscriptProfileController(ManuscriptProfileService, $modal, $log,
$timeout) {
vm = this;
vm.allacmareas = '';
vm.allroles = '';
vm.user = '';
vm.editUser = '';
vm.userDataButton = false;
vm.personalDataButton = false;
vm.acmCategoriesButton = false;
vm.titles = [ "Mr", "Mrs", "Dr", "dr" ];
vm.edit = edit;
vm.cancel = cancel;
vm.send = send;
function edit(data) {
switch (data) {
case 'userData':
vm.userEdit = vm.user;
vm.userDataButton = true;
vm.personalDataButton = false;
vm.acmCategoriesButton = false;
break;
case 'personalData':
vm.userEdit = vm.user;
vm.personalDataButton = true;
vm.userDataButton = false;
vm.acmCategoriesButton = false;
break;
case 'acmCategories':
vm.userEdit = vm.user;
vm.acmCategoriesButton = true;
vm.userDataButton = false;
vm.personalDataButton = false;
break;
}
;
}
function cancel(data) {
switch (data) {
case 'userData':
vm.userDataButton = false;
break;
case 'personalData':
vm.personalDataButton = false;
break;
case 'acmCategories':
vm.acmCategoriesButton = false;
break;
}
}
function send(button) {
switch (button) {
case 'userData':
vm.userDataButton = false;
vm.personalDataButton = false;
vm.acmCategoriesButton = false;
ManuscriptProfileService.editUser(vm.userEdit);
break;
case 'personalData':
vm.userDataButton = false;
vm.personalDataButton = false;
vm.acmCategoriesButton = false;
ManuscriptProfileService.editUser(vm.userEdit);
break;
case 'acmCategories':
vm.userDataButton = false;
vm.personalDataButton = false;
vm.acmCategoriesButton = false;
ManuscriptProfileService.editUser(vm.userEdit);
break;
}
var promise = ManuscriptProfileService.getUser();
promise.then(function(data) {
vm.user = data;
});
vm.userEdit=vm.user;
}
var promise = ManuscriptProfileService.getAcmAreas();
promise.then(function(data) {
vm.allacmareas = data;
});
promise = ManuscriptProfileService.getAllRoles();
promise.then(function(data) {
vm.allroles = data;
});
promise = ManuscriptProfileService.getUser();
promise.then(function(data) {
console.log(data)
vm.user = data;
});
}
Picture of 400 Bad request error(After editing user infos of currently authenticated user)
Picture of 403 Forbidden error(after edit with ROLE_ADMIN)
Aucun commentaire:
Enregistrer un commentaire