Merge pull request #23 from evolvedbinary/hotfix/enable-disable-user

When updating a user you can now change their enabled/disabled status

Author: adamretter

src/main/xar-resources/modules/security.xqm

@@ -22,6 +22,7 @@ module namespace sec = "http://fusiondb.com/ns/studio/api/security";
 declare namespace array = "http://www.w3.org/2005/xpath-functions/array";
 
 import module namespace sm = "http://exist-db.org/xquery/securitymanager";
+import module namespace util = "http://exist-db.org/xquery/util";
 
 
 declare function sec:list-users() as array(xs:string) {
@@ -105,6 +106,12 @@ function sec:update-user($username, $user-data as map(xs:string, item())) as xs:
                     return ()
                 )
             else (),
+
+            (: change enabled/disabled? :)
+            if (not(empty($user-data?enabled)))
+            then
+                sm:set-account-enabled($username, $user-data?enabled)
+            else(),
 
             true() (: success :)
         )

src/test/java/com/fusiondb/studio/api/API.java

@@ -140,4 +140,16 @@ static <K, V> Map<K, V> mapOf(final Tuple2<K, V>... entries) {
         }
         return map;
     }
+
+    static <K, V>  Map<K, V>[] arrayOf(final Map<K, V>... entries) {
+        if (entries == null) {
+            return new Map[0];
+        }
+
+        final Map<K, V>[] arrayOfMaps = new Map[entries.length];
+        for (int i = 0; i < entries.length; i++) {
+            arrayOfMaps[i] = entries[i];
+        }
+        return arrayOfMaps;
+    }
 }

src/test/java/com/fusiondb/studio/api/UserIT.java

@@ -0,0 +1,105 @@
+/*
+ * Fusion Studio API - API for Fusion Studio
+ * Copyright © 2017 Evolved Binary ([email protected])
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.fusiondb.studio.api;
+
+import io.restassured.response.ExtractableResponse;
+import io.restassured.response.Response;
+import org.junit.jupiter.api.Test;
+
+import java.util.Map;
+
+import static com.evolvedbinary.j8fu.tuple.Tuple.Tuple;
+import static com.fusiondb.studio.api.API.*;
+import static io.restassured.RestAssured.given;
+import static io.restassured.http.ContentType.JSON;
+import static org.apache.http.HttpStatus.*;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+public class UserIT {
+
+    @Test
+    public void createUser() {
+        createUser("123");
+    }
+
+    @Test
+    public void disableUser() {
+        final String userId = "456";
+
+        // 1. create the user
+        createUser(userId);
+
+        // 2. update the user
+        final Map<String, Object> requestBody = mapOf(
+                Tuple("userName", "user" + userId),
+                Tuple("enabled", false)
+        );
+        given().
+                auth().preemptive().basic(DEFAULT_ADMIN_USERNAME, DEFAULT_ADMIN_PASSWORD).
+                contentType(JSON).
+                body(requestBody).
+        when().
+                put(getApiBaseUri() + "/user/user" + userId).
+        then().
+                statusCode(SC_NO_CONTENT);
+
+        // get user
+        final ExtractableResponse<Response> userResponse = getUser(userId);
+
+        // check they are now disabled
+        assertFalse(userResponse.jsonPath().getBoolean("enabled"));
+    }
+
+    private ExtractableResponse<Response> getUser(final String userId) {
+        return
+            given().
+                    auth().preemptive().basic(DEFAULT_ADMIN_USERNAME, DEFAULT_ADMIN_PASSWORD).
+                    contentType(JSON).
+            when().
+                    get(getApiBaseUri() + "/user/user" + userId).
+            then().
+                    statusCode(SC_OK)
+            .extract();
+    }
+
+    private void createUser(final String userId) {
+        final Map<String, Object> requestBody = mapOf(
+                Tuple("userName", "user" + userId),
+                Tuple("password", "user" + userId),
+                Tuple("metadata", arrayOf(
+                        mapOf(
+                                Tuple("key", "http://axschema.org/namePerson"),
+                                Tuple("value", "User " + userId)
+                        ),
+                        mapOf(
+                                Tuple("key", "http://axschema.org/pref/language"),
+                                Tuple("value", "en")
+                        )
+                ))
+        );
+
+        given().
+                auth().preemptive().basic(DEFAULT_ADMIN_USERNAME, DEFAULT_ADMIN_PASSWORD).
+                contentType(JSON).
+                body(requestBody).
+        when().
+                put(getApiBaseUri() + "/user/user" + userId).
+        then().
+                statusCode(SC_NO_CONTENT);
+    }
+}