FF-255 Added remaining logic.

Author: open-schnick

src/main/java/de/filefighter/rest/domain/user/business/UserBusinessService.java

@@ -162,10 +162,12 @@ public void updateUser(long userId, UserRegisterForm userToUpdate, User authenti
         if (null == userEntityToUpdate)
             throw new UserNotUpdatedException("User does not exist, use register endpoint.");
 
+        if(Arrays.stream(userEntityToUpdate.getGroupIds()).asDoubleStream().anyMatch(id -> id == Groups.SYSTEM.getGroupId()))
+            throw new UserNotUpdatedException("Runtime users cannot be modified.");
+
         Update newUpdate = new Update();
 
         boolean changesWereMade = updateUserName(newUpdate, userToUpdate.getUsername());
-
         boolean usernameIsValid = stringIsValid(userToUpdate.getUsername());
         String lowerCaseUsername = usernameIsValid ? userToUpdate.getUsername().toLowerCase() : userEntityToUpdate.getLowercaseUsername();
         boolean passwordWasUpdated = updatePassword(newUpdate, userToUpdate.getPassword(), userToUpdate.getConfirmationPassword(), lowerCaseUsername);
@@ -186,6 +188,8 @@ private boolean updateGroups(Update newUpdate, long[] groupIds, boolean authenti
         if (null != groupIds && groupIds.length != 0) {
             try {
                 for (Groups group : groupRepository.getGroupsByIds(groupIds)) {
+                    if( group == Groups.SYSTEM)
+                        throw new UserNotUpdatedException("Users cannot be added to the '"+ Groups.SYSTEM.getDisplayName()+"' Group");
                     if (group == Groups.ADMIN && !authenticatedUserIsAdmin)
                         throw new UserNotUpdatedException("Only admins can add users to group " + Groups.ADMIN.getDisplayName() + ".");
                 }